SRV(Service) records are custom DNS records. They are used to establish connections between a service and a hostname. When an application needs to find the location of a specific service, it will search for the related SRV records.
Active Directory creates SRV records in _msdcs.Domain_Name zone where <Domain_Name is the name of your domain. These srv records are created in the below folders
- Forward Lookup Zones/Domain_Name/_msdcs/dc/_sites/Default-First-Site-Name/_tcp
- Forward Lookup Zones/Domain_Name/_msdcs/dc/_tcp
The SRV or service records will appear for the _kerberos and _ldap services at the above locations. There will be 2 separate records for the above services in each of those folders at all the AD Sites in your domain.
When we force demote a domain controller by metadata cleanup, we need to remove the SRV records manually. Checking all the SRV records in a domain is a tedious and time-consuming task.
So to simplify the above complexity of checking the SRV records we came up with a PowerShell script that will find all the records for a domain controller in your domain and then deletes them to save you time and effort.
Below is the script where you need to provide the hostname of the DC that you have demoted forcefully and the IP address of that DC and the script will fetch and delete all the records associated with that DC.
0 comments:
Post a Comment