Re: I need a better utility than ADSIedit to deep-search my Active Directory
From: Spin (spin_at_spin.com)
Date: 09/12/04
- Next message: Pablo Waldmann: "Problem opening "Domain Security Policy" and "Domain Controller Security Policy""
- Previous message: Spin: "Re: I need a better utility than ADSIedit to deep-search my Active Directory"
- In reply to: Dean Wells [MVP]: "Re: I need a better utility than ADSIedit to deep-search my Active Directory"
- Next in thread: Dean Wells [MVP]: "Re: I need a better utility than ADSIedit to deep-search my Active Directory"
- Reply: Dean Wells [MVP]: "Re: I need a better utility than ADSIedit to deep-search my Active Directory"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 12 Sep 2004 17:30:13 -0400
"Dean Wells [MVP]" <dwells@mask.msetechnology.com> wrote in message
news:OOpch5QmEHA.2372@TK2MSFTNGP10.phx.gbl...
> Spin wrote:
> > Gurus,
> >
> > I need a better utility than ADSIedit to deep-search my Active
> > Directory. I'm trying to remove an old domain name reference from
> > Active Directory. I renamed my Active Directory two weeks ago
> > successfully, but references to the old domain name are still
> > appearing in my netlogon.dns file. This is the only remaining
> > problem I am facing on this server which used to be a dual-homed DC
> > running RRAS but now is only a single-homed DC and is no longer
> > running RRAS.
> >
> > I have torn-down and rebuilt my AD DNS zones several times in
> > conjunction with stopping NETLOGON service and even going so far as
> > deleting the netlogon.dns and netlogon.dnb file several times. With
> > every re-build of the AD-integrated DNS, I can successfully see the
> > _SRV records for the proper domain name. I even built a
> > standard-primary only DNS, then later converted it to AD-integrated,
> > but to no avail. This annoying old domain name stubbornly refuses
> > to remove itself from the netlogon.dns file.
> >
> > I have deeply search my DNS, Active Directory Users and Computers,
> > Active Directory Sites and Services, used NTDSUTIL, going through
> > Active Directory metadata cleanup procedure, and used ADSIedit to
> > find references to this old domain name but could not see it
> > anywhere, I only see the new domain name, as expected. Even deleted
> > all references to the old domain name in the registry. Rebooted
> > several times. When I run netdiag /fix and dcdiag /fix, and examine
> > the entries in netlogon.dns, I still see references to this old
> > domain name. And, it appears in the system event log in the form of
> > a 5781 error.
> >
> > This single-homed DC/DNS server points only to itself for it's DNS
> > server. Only in the Forwarders tab is there a reference to a DNS
> > server outside my network. The domain name suffix is correct
> > everywhere you look on the computer, such as the computer name tab of
> > the System applet in Control Panel and under the TCP/IP properties of
> > the NIC. There is no GPO setting defined anywhere specifying the old
> > domain name. I am banging my head against the wall. So I ask, is
> > there a better utility than ADSIedit to deep-search my Active
> > Directory? When I use ADSIedit I cannot find any reference to the
> > old domain name. It's built-in search tool isn't very intuitive. I
> > need a good utility to find this annoying reference and remove it
> > once and for all.
>
> Have you completed the rename with:
> - rendom /clean
> - rendom /end
>
> Have you manually adjusted each DC's primary DNS suffix?
>
> If yes to the above; which particular DNS entries reference the old
> name?
>
> --
> Dean Wells [MVP / Directory Services]
> MSEtechnology
> [[ Please respond to the Newsgroup only regarding posts ]]
> R e m o v e t h e m a s k t o s e n d e m a i l
Hmmmm. I don't remeber having used the rendom /clean. I know I did rendom
/just about everything else. Doesn't mean that I didn't do it, just means
I'm not sure about whether I did in fact use it or not. In any event,
assuming that I did forget to use the /clean switch, and the fact that
everything in this domain is working except for that annoying 5781 error in
my event log due to the old domain name in my netlogon.dns, how do I go
about finding it in AD, and removing it once and for all? That's why I need
a deep-search AD utility, something a little easier to navigate and use than
ADSI-edit.
-- Regards, Spin
- Next message: Pablo Waldmann: "Problem opening "Domain Security Policy" and "Domain Controller Security Policy""
- Previous message: Spin: "Re: I need a better utility than ADSIedit to deep-search my Active Directory"
- In reply to: Dean Wells [MVP]: "Re: I need a better utility than ADSIedit to deep-search my Active Directory"
- Next in thread: Dean Wells [MVP]: "Re: I need a better utility than ADSIedit to deep-search my Active Directory"
- Reply: Dean Wells [MVP]: "Re: I need a better utility than ADSIedit to deep-search my Active Directory"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
