I hope everybody had a good July 4th!
Looking through my DNS entries, I see the following:
My questions are:
- How do I identify which of these belongs to the current domain?
- Is it safe to delete the rest of them or should I just leave them all alone? Is there any harm done in keeping them?
- How are these ids generated?
The reason I'm asking these is because I have had to rebuild Active Directory on a domain controller a few times and have had to use the same name. What I've been left with is a single _ldap record of that domain controller inside the _tcp record for every one of those entries. I suspect that some of these are remnants of that process and I'm trying to cleanup stale records. I've tried scavenging but they persist.
Thank you.
Those entries are for programmatic lookup of your domain controllers by processes which have and use the GUID. This provides a consistent DNS location to point to, which is useful when, for instance, the name of the domain changes.
The entries there will match the
objectGUIDproperty on each of your domains, which you can check and compare via ADSI Edit (the domain root object contains this property, the topDCobject when you connect to the default context).Keep in mind that this container is for the entire forest; every domain in the tree has an entry in there. If an entry matches none of your current domains, it's safe to delete.