It starts as a programming problem:
Domain.GetCurrentDomain().DomainControllers
triggers an exception:
Unable to obtain DNS hostname of Active Directory domain controller with ntdsa object name "CN=NTDS Settings,CN=SERVER002,CN=Servers,CN=Site01,CN=Sites,CN=Configuration,DC=TLD,DC=org".
Because ONE domain controller has a problem, no domain controllers are returned.
This then becomes a DNS problem, I believe.
What entry, anywhere can I modify (manually if needed) to be able to get the value into DNS, correctly?
Thanks.
Probably not the most convenient exception. Try using the PDC emulator role owner. That should always be available.
PdcRoleOwner
Gets the DomainController object that holds the primary domain controller (PDC) for this domain.
https://learn.microsoft.com/en-us/dotnet/api/system.directoryservices.activedirectory.domain?view=dotnet-plat-ext-8.0
The problem turned out to be twofold.
I ran nltest /DSREGDNS as suggested by: Force a domain controller to re-register AD DNS records without restarting netlogon?
And then my call worked only on the problem DC.
Replication from that DC had chosen to replicate to a DC that only can take in data, not write it out (but not an RODC - something that's an issue with one of our regions staff.... working on it
After creating forced replication links from the problem DC to other DCs in the org, it was then happy.
Hoping this helps someone else with a solution, since there is not much out there for information on this error.