Re: [ActiveDir] nslookup. AD beginer question

[Paul Williams]

If you don't have a host record (A) for the hostname "sami", then you should delete the SRV record [1].  If that isn't a DC, look at the KB mentioned by Steve and I.  I've seen a bunch of XP workstations registering in DNS in the past.     --Paul   [1] Assuming of course that you don't have a DDNS issue, i.e. you don't have a record in DNS but you do have a server with that name. ----- Original Message ----- From: Ramon Linan To: ActiveDir@mail.activedir.org Sent: Tuesday, August 29, 2006 4:06 PM Subject: RE: [ActiveDir] nslookup. AD beginer question I did the nslookup -type=srv _ldap._tcp.dc._msdcs.domain.com and I got   _ldap._tcp.dc._msdcs.domain.com    SRV service location:           priority       = 0           weight         = 100           port           = 389           svr hostname   = sami.domain.com     I can’t find that machine anywhere, not in the AD or dns server!!!   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Brunson Sent: Tuesday, August 29, 2006 10:15 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] nslookup. AD beginer question   I think the key to this question is a very simple troubleshooting step.  Go into DNS and look at the (same as parent folder) records.  Delete the ones that aren’t currently DNS servers.  If you are using AD integrated DNS, then this should be any domain controllers that you want clients to get DNS from.  Give it a day or two and see if the bad ones come back.  If they don’t then you can assume this was an obsolete entry.  If they do then you can start looking for why.    From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Williams Sent: Tuesday, August 29, 2006 4:43 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] nslookup. AD beginer question   If you do NSLOOKUP DOMAIN-NAME.COM then you will get a list of all the DNS servers for that domain.  For example, if you are using AD-Integrated DNS, you will get a list of any DCs that are also DNS servers.  Basically, that command returns the (Same as parent) records for the domain.   If you want to pull all DCs in the domain, you need to run something like this:   nslookup -type=srv _ldap._tcp.dc._msdcs.domain-name.com     If you run the above command and get computer accounts back, see kb825675 as referenced by Steve.  I wasn't aware that that bug also registered A records for the domain name, but it might...   If you're new to NSLOOKUP, consider what information you want.  There's a bunch of different types of DNS record that might be of interest (A, CNAME, PTR, SRV, MX).  When troubleshooting AD, the main ones to look for are A and SRV (there's also an instance where you need to check the CNAME record too).  Remember that simply pinging a DC doesn't mean that the necessary SRV records are in place.  I personally always advise people to use a combination of NSLOOKUP and NLTEST to troubleshoot DNS and the locator process.  Use NSLOOKUP to see if the records that you expect are there, and NLTEST to make the DsGetDC and DsGetSite calls.     --Paul ----- Original Message ----- From: Ramon Linan To: ActiveDir@mail.activedir.org Sent: Monday, August 28, 2006 7:14 PM Subject: [ActiveDir] nslookup. AD beginer question   Hi Everyone,   When I do a nslookup domain.com, being domain.com my AD domain, what should I see? A list of the dns server in my domain? A list of the DC?   The fact is that I am doing nslookup and I am getting, domain controllers but also a user’s computer!!!!   Thanks