Share via

DNS Sub Domain GUID does not mach Domain GUID

Technet999 1 Reputation point
2021-04-27T16:33:20.543+00:00

I am noticing an issue when running dcdiag from our domain controllers. In the DNS tests for each DC there is a warning about missing SRV records. When looking through DNS I am seeing the SRV records for each DC but in a different location then what Dcdiag seems to be expecting. Searching for the SRV records of the domain through nslookup is also returning the records found in DNS. The location in which these records are held seem to be in a different spot then what dcdiag is expecting. The guid that dcdiag mentions in the errors matches the guid for the domain but is not what is seen in DNS. Right now functionality seems to be fine as no issues regarding this has come up. Is this mismatch of guids between what is seen in DNS and the domain going to be an issue? Is there a solution for this that can be easily resolved?

The warning from the dcdiag dns test reads:
Error:
Missing SRV record at DNS server XX.XX.XX.XX:
_ldap._tcp.b152358d-93c6-44e2-80e1-d924e906394c.domains._msdcs.domain.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
91778-technetsupport.png

UPDATE: It seems that the GUID seen in DNS is the GUID of the Domain when queried from CIM or WMI. Why would this be a different GUID from ADSI?

Windows for business Windows Client for IT Pros Directory services Active Directory
Windows for business Windows Client for IT Pros Networking Network connectivity and file sharing
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-04-28T03:25:27.78+00:00

    Hello @Technet999 ,

    Thank you for posting here.

    To better understand our question, please confirm the following information below:
    1.How many domains are there in this forest? We can check as below. Open AD domains and trusts.
    For example:
    91886-d1.png

    2.How many DC in each domain? We can check as below. Run command: nltest /dclist:domain.com
    For example:
    91933-d2.png

    3.Check root domain and child domains and domain trees by command Get-ADForest domain.com |select *
    For example:

    91908-domain.png

    91952-d3.png

    I guess maybe there is such a domain correspond the GUID in your AD forest before, but now it is deleted, but it can not be removed successfully.

    We can try to check.

    Hope the information above is helpful.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

  2. Anonymous
    2021-05-05T05:48:01.737+00:00

    Hello @Technet999 ,

    Thank you so much for your confirmation.

    As I know, you only have one forest with single domain without any child domain and without any domain tree.

    Please check information below first:

    1. Check whether all the DCs in this domain have the same domain GUID in DNS manager.
    2. Check whether AD replication works fine by running the following commands on PDC.

    repadmin /syncall /AdeP >c:\rep1.txt

    repadmin /showrepl >c:\rep2.txt

    repadmin /replsum >c:\rep3.txt

    repadmin /showrepl * /csv >c:\repsum.csv

    If all the results look OK without any error message, it seems AD replication works fine in your forest.

    Hope the information above is helpful.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.