I have a Windows 2003 R2 DC running DNS. After a recent demotion of an old DC and promotion of newer server to secondary DC and DNS (2003 Standard) I found old and erroneous information in the DNS (AD integrated). The old server was still listed in the Forward Lookup Zone as a Name Server, as was its IP address (Same as Parent Folder). Logins for clients were very slow. I deleted the old server listings and some other IP addresses listed with Same as Parent Folder and logins became much faster for clients., though still too slow on an initial login. Then, looking further into the DNS Forward Zone directory in folders such as _msdcs I find either the server name or the IP of the old DC, and other IP addresses which are not DC addresses or forwarding addresses (they are APIPA). Kerberos and LDAP listings have the old server name and other APIPA IPs. My questions are, is it OK to go through the DNS directory structure and delete these names and address? Should there be only the two present DCs listed in each of the directory folders? One of them has only the IP of the secondary DC and not the primary. I know we should not have servers with more than one NIC but had to use an available machine. Is it sufficient just to disable the extra NICs via Device Manager and then also on the properties make sure to uncheck the Regisiter in DNS? Anything I have to do in Registry for the extra NICs to be ignored? In the Netlogon.dns file the erroneous addresses also show. Should I stop Netlogon service, rename the Netlogon.dns file as OldNetlong.dns and then start the service to recreate the Netlogon.dns? What is the best method of backing up and restoring the DNS in case something goes wrong? Should I try DCDIAG /FIX first and NETDIAG /FIX first? The demotion went according to the book. No errors and the DCs were replicating fine prio to the demotion. Not sure why the old DC address information remained. These were not hardware failures or orphaned DCs. In Sites and Services MMC and other Active Directory MMCs I made sure the old DC name was removed. Still the old names and IPs are in the DNS Zone directories. FYI, not running Reverse Lookup Zone, just Forward Lookup Zone. Thanks in advance StreetHockeyFan

Thanks for the answers Mr X and Meinolf, your help on this forum is always so great. One more thing if I could, I had to restart my PDC/Primary DNS server after updates. The zone in DNS disappeared. I only have one. I made the secondary server for DNS the primary briefly and got the temporarily secondary (the PDC) to pull the DNS records from the now primary. Then, I switched the two servers back to their Primary and Secondary DNS roles. However, now my DNS is not AD integrated and the button for changing is greyed-out. Do I have to take the secondary off and uninstall DNS on the secondary server for the ADI to be an available option again? Thanks, SHF

Hello, you can remove all old A, Nameserver and SRV records from machines that do not exist anymore. I suggest that you start with metadata cleanup then go on with DNS and AD sites and services. Seems for me that the demoting has failed. http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx Unused NICs on servers should be disabled and a DC should NOT be multi-homed, more then one NIC/ip address is used, as multi-homing result in lot's of problems. It is always recommended to use at least 2 DC/DNS/GC per domain and also work with AD integrated DNS zones, that way DNS is replicated with AD and also in a system state backup, which is the minimum you need to restore a DC or parts from AD. See here about AD backup: http://technet.microsoft.com/en-us/library/cc771290(WS.10).aspx Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hello, I have a Windows 2003 R2 DC running DNS. After a recent demotion of an old DC and promotion of newer server to secondary DC and DNS (2003 Standard) I found old and erroneous information in the DNS (AD integrated). The old server was still listed in the Forward Lookup Zone as a Name Server, as was its IP address (Same as Parent Folder). Logins for clients were very slow. I deleted the old server listings and some other IP addresses listed with Same as Parent Folder and logins became much faster for clients., though still too slow on an initial login. Please delete the old DC from being a name server. Also, delete all its DNS records (A, SRV ..). Then, looking further into the DNS Forward Zone directory in folders such as _msdcs I find either the server name or the IP of the old DC, and other IP addresses which are not DC addresses or forwarding addresses (they are APIPA). Kerberos and LDAP listings have the old server name and other APIPA IPs. It seems here that the server was running with a NIC card that had not an IP address. This NIC card had an APIPA address and registered itself in the DNS system. Please note that multihoming a DC is not recommended. More here: http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx My questions are, is it OK to go through the DNS directory structure and delete these names and address? Should there be only the two present DCs listed in each of the directory folders? One of them has only the IP of the secondary DC and not the primary. Yes. Also, enable aging and scavenging so that obsolete DNS records will be automatically deleted. I know we should not have servers with more than one NIC but had to use an available machine. Is it sufficient just to disable the extra NICs via Device Manager and then also on the properties make sure to uncheck the Regisiter in DNS? Anything I have to do in Registry for the extra NICs to be ignored? Yes. You should have only an only one IP address in use and a single NIC card enabled. Please use at least two DC / DNS / GC servers to ensure high availability of AD / DNS services and so that you reduce risks of losing your AD domain. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer