Deleting ForestDNSZones or Domain DNSzones partitions

Mishaua 741 Reputation points
2022-11-11T00:07:17.897+00:00

I have a test domain that use a different domain DNS server. i.e there is a zone for the test domain that allows unsecure dynamic updates. At some point dns was installed or enabled on the test domain and dns services were running on a couple of the dcs in that domain. All the network configurations on all the DC's (including the ones running dns) were set to the other dns servers. I have since removed the DNS role on all the test domain dcs. Prior to removing the roles on the last dc I changed redundant test domain zone to a non primary zone type and not an ad integrated one. DNS services are no longer running on the test domain but via the Ntdsutil I can still see the ForestDNSZones and DomainDNSzones and a replication summary still shows that they are still replicating on the test domain. Is it safe to delete those partitions via ntdsutil since they are not used? I am looking over these instructions for guidance.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. risolis 8,741 Reputation points
    2022-11-15T04:34:44.627+00:00

    Hello @Mishaua

    Thank you for sharing this question on this community space.

    I apologize for the delay by not seeing a quicker response for this, but I hope this still assist you further.

    I have read the URL given on your post which is the one down below (If I am not mistaken):

    https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/so-you-think-you-removed-dns-from-your-server/ba-p/255531

    Furthermore, I just wanted to provide this other article which can be relevant to address your concern:

    https://medium.com/nerd-for-tech/cleanup-active-directory-domain-partitions-and-metadata-using-ntdsutil-e1326ceccd02

    Please let me know if that was help and if not, do not hesitate to let us know about it.

    Looking forward to your feedback,

    Cheers,

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

  2. Mishaua 741 Reputation points
    2022-11-15T06:35:01.12+00:00

    Thanks for the article,

    I was going to delete the domaindnszones and forestdnszones in the manner listed in the second article. I do not have any of the error messages though and replication is occurring for those partitions but all my dcs point to a different set of dns servers. I just wanted to verify that it is ok to delete them if they are not used. I will snapshot the pdc and remove the partition with the clone offline to see what happens. I was just wondering if any one had any experience on removing those dns partitions of they are no longer used?


  3. Mishaua 741 Reputation points
    2022-11-16T21:53:38.63+00:00

    I don't have the dns service installed on any of the dcs in that domain any more. The zone was moved and they all point to a different set of dns servers which are not part of the existing domain. DNS entries are managed via insecure updates.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.