This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 73%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
I have a client that has an issue with SRV records being not removed after a Domain Controller is demoted. I have to manually search through all sites, _tcp, _udp, etc and manually delete the SRV records. Additionally after I removed some unused sites in AD Sites and Services, they were partially removed from DNS. There are no errors during demotion, no related errors in DCDIAG and no replication errors. The client's DNS is setup different than I normally set them up but should be fine.
They have 2 zones (both Active Directory Replicated Zones)
contoso.com (all host records, srv records, sites etc) - SRV records are left after DC demotion. Removing sites using AD Sites and Services works here.
_msdcs.contoso.com (Only SRV records and sites, DC, GC, etc - No host records) - SRV records are left after DC demotion. Removing sites using AD Sites and Services does not work here.
Has anyone seen this before? Feels like permissions issue.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi,
If the DNS zone is active directory integrated zone, the SRV DNS record should be removed automatically or created automatically during the demotion or promotion.
Do you have the same behavior when you promote new DC or create new site ?
Please don't forget to mark helpful reply as answer
Nope, it adds it perfectly fine.
Something new I just observed, there are 2 SRV records for each type of SRV record doe each DC (LDAP, Kerberos, Etc) .
DC1.contoso.com
DC1.CONTOSO.COM
One record is removed when demoted but the other remains.
Yes it's known issue since windows 2016. You should be sure that the domain controller are up to date to be able to use one of the solution below:
dns-registers-duplicate-srv-records-for-dc
Please don't forget to mark helpful reply as answer
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
You can follow along here to do metadata cleanup.
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564
--please don't forget to upvote and Accept as answer if the reply is helpful--
No residual metadata after demotion.
A possible work-around for the upper / lower case.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/dns-registers-duplicate-srv-records-for-dc#workaround-1-prevent-duplicate-srv-records
--please don't forget to upvote and Accept as answer if the reply is helpful--
Great information guys! I appreciate your help!
Any thoughts on why when I delete a Site in AD Sites and Services it deletes out of the contoso.com zone but not _msdcs.contoso.com?
My assumption is that it has something to do with the way the previous engineer setup the separate zones.
I think it can be due to duplicate SRV record. when a SRV record generated for a AD site , the site name will be created automatically in DNS:
SiteName._site.ldap._msdcs.Domain_Name
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 2%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
I have a similar issue. I have a Windows Server 2012 R2 server as domain controller(named DC2), then I setup a QNAP TS-831X NAS(named NAS1) to be "additional domain controller" and joined to Active Directory. The NAS suddenly stopped to be domain controller after I changed the domain controller setting of NAS1.
Since I don't want to give another try, I seized all FSMO roles to DC2, and manully deleted NAS1 from:
Active Directory Sites & Services > Sites > Servers
Active Directory Users & Computers > [Domain Name] > Domain Controllers
But when I remove NAS1 from:
DNS Manager > Forward Lookup Zones > [Domain Name] > Named Servers tab
DNS Manager > Forward Lookup Zones > _msdcs.[Domain Name] > Named Servers tab
, it added back automatically after I click refresh.
How to fix it?
Hi,
Please open new thread for your issue.
