Have you ever decommissioned an old Active Directory (AD) domain controller (DC)? When you do, that old DC leaves a bunch of SRV records in your domain's DNS zone. SRV records are what your workstations use to find DCs. Deleting old SRV records is therefore a good idea: You don't want your domain members wasting a lot of time trying to contact a DC that no longer exists. Fortunately, Microsoft offers a command-line tool—Nltest—that's perfect for the job.

Way back in February 1998, in This Old Resource Kit, "NLTEST," http://www.winnetmag.com, InstantDoc ID 2947, I wrote about this useful domain-testing and -maintenance tool. Since then, Microsoft has rereleased Nltest several times, revising it in the Microsoft Windows NT Server 4.0 Resource Kit and including it in the Windows 2000, Windows XP and Windows Server 2003 Support Tools folders. Each new version of Nltest can do things that the earlier versions can't, but the majority of what I show you this month works on the versions of Nltest included in Win2K and later.

To clean a decommissioned DC's SRV records out of a DNS zone, you use the command

nltest /server:<dnsservername>
/dsderegdns:<fulldnsdcname>

The command's syntax isn't immediately intuitive. Typically, you use the Nltest /server: option to identify the computer on which you want to perform a certain task, but in this case /server: identifies the name of the dynamic DNS server that contains the decommissioned DC's SRV records. With the /dsderegdns: option, you tell Nltest the name of the decommissioned DC. Suppose you're decommissioning a DC named dc4.bigfirm.biz for the bigfirm.biz domain, and bigfirm.biz's primary DNS server is called names.bigfirm.biz. You would use the following command to tell the DNS server to remove all of dc4's SRV records:

nltest /server:names.bigfirm.biz
 /dsderegdns:dc4.bigfirm.biz

But what if you need to do the opposite? Can you tell Nltest to replace those records? You can, but only for Windows 2003­ based DCs and only if you're sitting at the DC. The Windows 2003 and XP versions of Nltest include the /dsregdns option:

nltest /server:<dnsservername> /dsregdns
   Prev. page   [1] 2     next page



You must log on before posting a comment.

If you don't have a username & password, please register now.

Reader Comments

You can get NLTEST to display a list of DC's that cover a specific site by using the following command to pipe NLTEST's output through a FIND filter :-

NLTEST /server:<servername> /dclist:<domainname> | find /i "Site: <sitename>"

Example: NLTEST /server:DC1 /dclist:DOMAIN1 | find /i "Site: LONDON" Would list all DC's that cover site LONDON.

Phil Mewse- November 26, 2003