This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 94%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hello. I finally replaced my 2012 DCs with 2019. One of the 2012 DCs was a VM. I'm seeing this VM's account listed in the ACL of many SRV records. These are the records in DNS-Forward Lookup Zones-[our doman name]... in the _tcp and _udp folders. How do I clean up the ACL on all these records?
Ok, I don't have any machine accounts listed here so they may have been manually added. I'd probably look for and delete from the parent level.
--please don't forget to upvote and Accept as answer if the reply is helpful--
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
Do you mean just highlight the machine account in the ACL and click on the remove button?
Do you mean just highlight the machine account in the ACL and click on the remove button?
Yes, exactly.
--please don't forget to upvote and Accept as answer if the reply is helpful--
I'll do these little-by-little... in case something breaks.
Sounds good, you can end up this thread by Accepting as answer if the reply is helpful
Hello,
Additionally,
Do you have old server computer account still exists in AD? If you can delete this account from AD then it should also delete ACL entries,
I believe this ACL entries should not harm if the old server doesn't exists anymore.
If the reply was helpful, please don’t forget to upvote or accept as answer.