Two Different hostnames but same IP Address In DC DNS

Question

question

DDDDDDDDDDDDDDDD-9310 asked Mar 25, '22 cthivierge commented Mar 29, '22

Two Different hostnames but same IP Address In DC DNS

Hi,

In my domain controller DNS, there is always two entries with different hostnames (DC-02 and DC-04) with the exact same IP addresses.

I do not have a DC-02 computer. The only thing I can think of is that I may have made one before but dismantled it. I should only see DC-01 and DC-04.

If I delete the DC-02 entry, it will eventually regenerate back.

Can anyone help direct me on how to get rid of DC-02 from always appearing in DNS?

Windows server 2022 environment

Thank you kindly.

windows-server windows-dhcp-dns

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 1 · 2022-03-26T02:04:02.947Z

cthivierge answered Mar 26, '22 DDDDDDDDDDDDDDDD-9310 edited Mar 28, '22

One thing that could cause this issue is if someone has added another name to a server using the netdom command. You can check on your server DC-04

run this command in a command prompt (admin) or a powershell (admin):

netdom computername %computername% /enum

· 3

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DDDDDDDDDDDDDDDD-9310 · Mar 28 at 11:25 PM

Hi, I ran the command: netdom computername dc-04 /enum

I received the following:

All of the names for the computer are:

DC-04.domain.com
DC-02.domain.com

The command completed successfully.

Do you know how I can fix this without removing my domain controller from the domain? Would I run this command? The "remove" command stated it DC-02 cannot be removed due to this reason.

netdom renamecomputer DC-02 /newname:DC-04.domain.com /userd:administrator

Thanks!

0 ·

cthivierge DDDDDDDDDDDDDDDD-9310 · Mar 28 at 11:34 PM

In that case, someone has added the name dc-02.domain.com to the server dc-04.domain.com...

Probably for a migration.

If you don't need the name dc-02.domain.com, you can remove it using the following command.

On dc-04 server, open a command prompt as admin and type: netdom computername %computername% /remove:dc-02.domain.com

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc835082(v=ws.11)

1 ·

DDDDDDDDDDDDDDDD-9310 cthivierge · Mar 28 at 11:41 PM

thank you, im getting the following errors back when I run these commands.

netdom computername %computername% /remove:dc-02.domain.com

Unable to remove dc-02.domain.com
as an alternamte name for the computer.
The error is:

The network path was not found.

The command failed to complete successfully.

netdom computername dc-04 /remove:dc-02.domain.com

Unable to remove dc-02.domain.com
as an alternamte name for the computer.
The error is:

The system cannot find the file specified.

The command failed to complete successfully.

Any ideas?

0 ·

Answer 2 · 2022-03-25T18:36:09.43Z

DSPatrick answered Mar 25, '22

You can follow along here to cleanup / remove the remnants of old domain controllers.
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

--please don't forget to upvote and Accept as answer if the reply is helpful--

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 3 · 2022-03-25T19:04:27.863Z

DDDDDDDDDDDDDDDD-9310 answered Mar 25, '22

Thanks for the reply!

So far in first link i've gotten this in powershell:

PS C:\WINDOWS\system32> ntdsutil
C:\WINDOWS\system32\ntdsutil.exe: metadata cleanup
metadata cleanup:
metadata cleanup: remove selected server DC-02
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-03100231, problem 2006 (BAD_NAME), data 8350, best match of:
'CN=Ntds Settings,DC-02'

Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the Active Directory Domain Controller (5). Please use the connection menu to specify it.

you know where I can find that match of 'CN=Ntds Settings,DC-02' ?

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 4 · 2022-03-25T19:06:14Z

DSPatrick answered Mar 25, '22 DSPatrick edited Mar 25, '22

So it may be much simpler to use the GUI method of clean up, either one of these will do
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup#clean-up-server-metadata-using-active-directory-users-and-computers
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup#clean-up-server-metadata-using-active-directory-sites-and-services

--please don't forget to upvote and Accept as answer if the reply is helpful--

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 5 · 2022-03-25T19:25:20.163Z

DDDDDDDDDDDDDDDD-9310 answered Mar 25, '22 DDDDDDDDDDDDDDDD-9310 commented Mar 28, '22

Is it safe to do on my DC04, if my DC04 is a replication partner of DC01?

I wasnt 100% sure what it meant by this:
f you have identified replication partners in preparation for this procedure and if you are not connected to a replication partner of the removed domain controller whose metadata you are cleaning up,

DC04 and DC01 does DFS replication, DFS namespace, and other things like DHCP, DNS and SYSVOL.

Thanks!

· 9

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick · Mar 25 at 07:27 PM

You can do this while connected to any healthy domain controller.

0 ·

DSPatrick DSPatrick · Mar 25 at 08:05 PM

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--

0 ·

DDDDDDDDDDDDDDDD-9310 DSPatrick · Mar 25 at 08:13 PM

gonna try the steps right now!

0 ·

Show more comments

Answer 6 · 2022-03-28T23:49:48.473Z

cthivierge answered Mar 28, '22 cthivierge commented Mar 29, '22

Do you have a different domain suffix in your ipv4 settings of the network card (in the advanced settings)

· 3

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DDDDDDDDDDDDDDDD-9310 · Mar 28 at 11:55 PM

Looks good to me.

in the ipv4 network card settings, on the DNS tab, where it says: "DNS suffix for this connection:" it is just blank

Same goes for both domain controllers.

0 ·

DDDDDDDDDDDDDDDD-9310 DDDDDDDDDDDDDDDD-9310 · Mar 29 at 01:13 AM

Hi again,

I just demoted the secondary DC-04 and promoted it again.

It looks like it fixed the issue as only dc-04 appears in the netdom computername command now.

Ill keep an eye out in my DNS to see if DC-02 re-appears or not

0 ·

cthivierge DDDDDDDDDDDDDDDD-9310 · Mar 29 at 01:26 AM

Good!

Well, it should not... if you don't see the DC-02.domain.com when you run the command netdom computername %computername% /enum then the DC-02 server name will not appear again.

This command is good to rename a DC. You add the new name, then you make the new name as primary and then you remove the old one.

The only thing is that you must be sure that you don't have anything that is hardcoded to access DC-02.

0 ·

question