Windows IT Pro Archived Blogs

(Re)registering AD-related DNS records, and Techstravaganza

Hi all,

Last time I went over how DCs locate each other for replication purposes using the DSA object GUID, and how sometimes AD-related DNS records – A, CNAME, SRV – get screwed up or aren’t all where they’re supposed to be. There are several simple techniques for re-registering these records.

  • If just the A record is missing, you can re-register it with ipconfig /registerdns.This will not register the other needed records.
  • If you’re running Windows 2003, you can perform a netdiag /fix. This will attempt to verify and re-register all DNS records. This method evaporated with Windows 2008, which didn’t carry forward the command.
  • Nltest /dsregdns will refresh all DNS records, and it works with both Windows 2003 and 2008.
  • Finally, you can always hit it with an axe: Bounce the netlogon service. This will force a re-registration, but it will also affect the DC’s functionality while the service is stopping and restarting.
    A common way people go wrong in the registration process is they re-register the DNS records with a DNS server that isn’t communicating with the others – usually the local DC, because the DC is probably pointing to itself. If your local DNS isn’t replicating records, because replication isn’t working, because the DNS records are wrong…you must point to a functional, replicating DC for the records to propagate across the domain or forest. I call this the Catch-22 problem!
    At the gracious invite of fellow DS MVP Gary Olsen, this Friday I’ll be giving a session via Live Meeting on the do’s and don’t of virtualizing your AD at the . It’s being held at the Microsoft office in Alpharetta, Georgia, and it’s free!
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.