Active Directory - DNS Zone - Issue

Question

Good evening everyone,

In my Active Directory, following the standard procedure without forcing or similar, I removed 2 Secondary Domain Controllers.

These Domain Controllers are called: DC2-CORE & DC3.

So now the primary domain controller (SERVER-AD) is alone.

The problem is that: in the DNS server, in particular in the _msdcs.mycompany.local zone and in the mycompany.local zone, in the various subfolders such as _sites _tcp _DomainDnsZone _ldap and _kerberos records still extist and they still contain both of the old Secondary Domain Controllers such as:

• _ldap server-ad.mycompany.local

• _ldap dc2-core.mycompany.local

• _ldap dc3.mycompany.local

• _kerberos server-ad.mycompany.local

• _kerberos dc2-core.mycompany.local

• _kerberos dc3.mycompany.local

The problem is that when I delete records that contain the old servers and then attempt to clean the zone, they immediately reappear. So the cancellation is in vain.

I checked the NON-presence of the two Secondary Domain Controllers in Active Directory Site and Services and everything is OK.

DCDIAG does not give me any malfunctions.

On the AD structure, the old servers no longer appear as Domain Controller

Since I want to dispose of the primary domain controller (it is a Windows Server 2012 R2), before adding a new Domain Controller with OS Windows Server 2022 and transferring fsmo roles to it, I wanted to have clean active directory and dns.

Unfortunately I can't. I searched online for half a day and couldn't find a solution.

I hope the explanation is clear :)

Can you help me?