Active Directory DNS Records have disappeared

Omid Shojaee 116 Reputation points


We installed and configured our Active Directory about 3 months ago.

AD DS and DNS roles installed on a server and then other computers joined. Everything was OK.

However today after 3 months we tried to join a few more machines but because the DNS lookup for SVR record failed, I logged into the AD server to find out that all DNS records are gone. Nothing is left except the zone ( itself plus one SOA and one NS record. Everything else is wiped out.

I'm the only one who has access to this server.

I tried to solve this by removing DNS role and adding it again, to no avail.

This is a crisis for us. Please assist.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,055 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,027 questions
0 comments No comments
{count} votes

Accepted answer
  1. Dave Patrick 426.3K Reputation points MVP

    That sounds very risky. Have you addressed the issues I raised? A much simpler / safer method is to stand up a new one for a test.

    I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new one, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    1 person found this answer helpful.

14 additional answers

Sort by: Most helpful
  1. Dave Patrick 426.3K Reputation points MVP

    What's the result of
    nslookup <domain name>

    0 comments No comments

  2. Dave Patrick 426.3K Reputation points MVP

    By default, the primary DNS suffix is the same as the name of the Active Directory domain to which the computer belongs

    Host Name . . . . . . . . . . . . : dc
    Primary Dns Suffix . . . . . . . : e
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . :

    So I'd fix that

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  3. Omid Shojaee 116 Reputation points

    @Dave Patrick

    Thanks. I don't have access to the server for a few days. I'll update you as soon as I got somewhere.

    But I can tell you that nslookup works fine which means the DNS service is OK. It's just the GUI that doesn't work :(

    0 comments No comments

  4. Omid Shojaee 116 Reputation points

    @Dave Patrick

    Would you please comment on this scenario:

    • Backup AD data (users and computers). I think Windows built-in tool is enough.
    • Rebuild AD machine.
    • Restore backup.


    0 comments No comments