Old server accounts persist after migration to Windows Server 2019

3

I went through the process of migrating Active Directory 2012 R2 to Active Directory 2019. Minus a few firewall ports needing to be opened up, I was able to get through the process of promoting the new Windows Server 2019 machine and demoting the old Windows Server 2012 r2.

After taking the old server offline, I noticed that several of the computers were on different "Networks". The old server and network configuration used to display the domain name as the "LJBS-DOMAIN". Now on workstation computers, it was showing "Network 2" or "Network 3". To make matters worse, some of the computers (depending on the network) had different logon credentials for the same user account.

I'm a little at a loss for what happened during this migration. The server is on its own static IP. I also went through each workstation (about 10) that changed them to a static IP (didnt change anything). They are all showing up as a "Private Network" instead of the expected "Domain Network".

When looking on the server in the Active Directory, all the computers were listed as expected. In a attempt to get something to change, I removed one of them from the list. That did not seem to have an effect on the workstation I removed (i.e it was still using old authentication credentials). Then I tried removing one of the workstations from the domain and moved it to a workgroup. When I tried to move it back to the domain, it said that it could not be reached.

Below is the dcdiag output. I noticed the Connectivity Test is failing with The host e431da7d-fae3-46a9-9abb-5410488794d0._msdcs.LJBS-DOMAIN.local could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc. Got error while checking LDAP and RPC connectivity. Please check your firewall settings.

I've completely turned off the firewall and this error is still there.

Any ideas would be helpful. Please let me know if I can provide any additional information to debug this. I'm trying to stop short of re-installing the Active Directory, DHCP and DNS features.

Network Display

Network Display

Server IP Configuration

Server IP Configuration

Workstation DNS Settings

Workstation Static IP

Workstation DNS Settings

Workstation DNS Settings

DCDIAG Results

Command Line: "dcdiag.exe 
/v /c /d /e /s:LJBS-SERVER2"

Directory Server Diagnosis


Performing initial setup:

   * Connecting to directory service on server LJBS-SERVER2.

   LJBS-SERVER2.currentTime = 20191007032614.0Z

   LJBS-SERVER2.highestCommittedUSN = 98340

   LJBS-SERVER2.isSynchronized = 1

   LJBS-SERVER2.isGlobalCatalogReady = 1

   * Identified AD Forest. 
   Collecting AD specific global data 
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LJBS-DOMAIN,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded 
   Iterating through the sites 
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=LJBS-DOMAIN,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LJBS-DOMAIN,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers 
   Getting information for the server CN=NTDS Settings,CN=LJBS-SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=LJBS-DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   LJBS-SERVER2.currentTime = 20191007032614.0Z

   LJBS-SERVER2.highestCommittedUSN = 98340

   LJBS-SERVER2.isSynchronized = 1

   LJBS-SERVER2.isGlobalCatalogReady = 1

   * Identifying all NC cross-refs.

   * Found 1 DC(s). Testing 1 of them.

   Done gathering initial info.



===============================================Printing out pDsInfo

GLOBAL:
    ulNumServers=1
    pszRootDomain=LJBS-DOMAIN.local
    pszNC=
    pszRootDomainFQDN=DC=LJBS-DOMAIN,DC=local
    pszConfigNc=CN=Configuration,DC=LJBS-DOMAIN,DC=local
    pszPartitionsDn=CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local
    fAdam=0
    iSiteOptions=0
    dwTombstoneLifeTimeDays=180

    dwForestBehaviorVersion=5

    HomeServer=0, LJBS-SERVER2

    SERVER: pServer[0].pszName=LJBS-SERVER2
        pServer[0].pszGuidDNSName (binding str)=e431da7d-fae3-46a9-9abb-5410488794d0._msdcs.LJBS-DOMAIN.local
        pServer[0].pszDNSName=LJBS-SERVER2.LJBS-DOMAIN.local
        pServer[0].pszLdapPort=(null)
        pServer[0].pszSslPort=(null)
        pServer[0].pszDn=CN=NTDS Settings,CN=LJBS-SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=LJBS-DOMAIN,DC=local
        pServer[0].pszComputerAccountDn=CN=LJBS-SERVER2,OU=Domain Controllers,DC=LJBS-DOMAIN,DC=local
        pServer[0].uuidObjectGuid=e431da7d-fae3-46a9-9abb-5410488794d0
        pServer[0].uuidInvocationId=1b2c7dd4-b6ae-4b4b-9690-fdd68ad690d7
        pServer[0].iSite=0 (Default-First-Site-Name)
        pServer[0].iOptions=1
        pServer[0].ftLocalAcquireTime=f8fa2070 01d57cbe 

        pServer[0].ftRemoteConnectTime=f8f90f00 01d57cbe 

        pServer[0].ppszMaster/FullReplicaNCs:
            ppszMaster/FullReplicaNCs[0]=DC=ForestDnsZones,DC=LJBS-DOMAIN,DC=local
            ppszMaster/FullReplicaNCs[1]=DC=DomainDnsZones,DC=LJBS-DOMAIN,DC=local
            ppszMaster/FullReplicaNCs[2]=CN=Schema,CN=Configuration,DC=LJBS-DOMAIN,DC=local
            ppszMaster/FullReplicaNCs[3]=CN=Configuration,DC=LJBS-DOMAIN,DC=local
            ppszMaster/FullReplicaNCs[4]=DC=LJBS-DOMAIN,DC=local

    SITES:  pSites[0].pszName=Default-First-Site-Name
        pSites[0].pszSiteSettings=CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=LJBS-DOMAIN,DC=local
        pSites[0].pszISTG=CN=NTDS Settings,CN=LJBS-SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=LJBS-DOMAIN,DC=local
        pSites[0].iSiteOption=0

        pSites[0].cServers=1

    NC:     pNCs[0].pszName=ForestDnsZones
        pNCs[0].pszDn=DC=ForestDnsZones,DC=LJBS-DOMAIN,DC=local

            pNCs[0].aCrInfo[0].dwFlags=0x00000201
            pNCs[0].aCrInfo[0].pszDn=CN=c9fee44c-111b-48bb-8699-e873baaef44f,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local
            pNCs[0].aCrInfo[0].pszDnsRoot=ForestDnsZones.LJBS-DOMAIN.local
            pNCs[0].aCrInfo[0].iSourceServer=0
            pNCs[0].aCrInfo[0].pszSourceServer=(null)
            pNCs[0].aCrInfo[0].ulSystemFlags=0x00000005
            pNCs[0].aCrInfo[0].bEnabled=TRUE
            pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null)
            pNCs[0].aCrInfo[0].pszNetBiosName=(null)
            pNCs[0].aCrInfo[0].cReplicas=-1
            pNCs[0].aCrInfo[0].aszReplicas=


    NC:     pNCs[1].pszName=DomainDnsZones
        pNCs[1].pszDn=DC=DomainDnsZones,DC=LJBS-DOMAIN,DC=local

            pNCs[1].aCrInfo[0].dwFlags=0x00000201
            pNCs[1].aCrInfo[0].pszDn=CN=da23dd28-0c5d-4a68-a73d-f07685c118be,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local
            pNCs[1].aCrInfo[0].pszDnsRoot=DomainDnsZones.LJBS-DOMAIN.local
            pNCs[1].aCrInfo[0].iSourceServer=0
            pNCs[1].aCrInfo[0].pszSourceServer=(null)
            pNCs[1].aCrInfo[0].ulSystemFlags=0x00000005
            pNCs[1].aCrInfo[0].bEnabled=TRUE
            pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null)
            pNCs[1].aCrInfo[0].pszNetBiosName=(null)
            pNCs[1].aCrInfo[0].cReplicas=-1
            pNCs[1].aCrInfo[0].aszReplicas=


    NC:     pNCs[2].pszName=Schema
        pNCs[2].pszDn=CN=Schema,CN=Configuration,DC=LJBS-DOMAIN,DC=local

            pNCs[2].aCrInfo[0].dwFlags=0x00000201
            pNCs[2].aCrInfo[0].pszDn=CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local
            pNCs[2].aCrInfo[0].pszDnsRoot=LJBS-DOMAIN.local
            pNCs[2].aCrInfo[0].iSourceServer=0
            pNCs[2].aCrInfo[0].pszSourceServer=(null)
            pNCs[2].aCrInfo[0].ulSystemFlags=0x00000001
            pNCs[2].aCrInfo[0].bEnabled=TRUE
            pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null)
            pNCs[2].aCrInfo[0].pszNetBiosName=(null)
            pNCs[2].aCrInfo[0].cReplicas=-1
            pNCs[2].aCrInfo[0].aszReplicas=


    NC:     pNCs[3].pszName=Configuration
        pNCs[3].pszDn=CN=Configuration,DC=LJBS-DOMAIN,DC=local

            pNCs[3].aCrInfo[0].dwFlags=0x00000201
            pNCs[3].aCrInfo[0].pszDn=CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local
            pNCs[3].aCrInfo[0].pszDnsRoot=LJBS-DOMAIN.local
            pNCs[3].aCrInfo[0].iSourceServer=0
            pNCs[3].aCrInfo[0].pszSourceServer=(null)
            pNCs[3].aCrInfo[0].ulSystemFlags=0x00000001
            pNCs[3].aCrInfo[0].bEnabled=TRUE
            pNCs[3].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[3].aCrInfo[0].pszSDReferenceDomain=(null)
            pNCs[3].aCrInfo[0].pszNetBiosName=(null)
            pNCs[3].aCrInfo[0].cReplicas=-1
            pNCs[3].aCrInfo[0].aszReplicas=


    NC:     pNCs[4].pszName=LJBS-DOMAIN
        pNCs[4].pszDn=DC=LJBS-DOMAIN,DC=local

            pNCs[4].aCrInfo[0].dwFlags=0x00000201
            pNCs[4].aCrInfo[0].pszDn=CN=LJBS-DOMAIN,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local
            pNCs[4].aCrInfo[0].pszDnsRoot=LJBS-DOMAIN.local
            pNCs[4].aCrInfo[0].iSourceServer=0
            pNCs[4].aCrInfo[0].pszSourceServer=(null)
            pNCs[4].aCrInfo[0].ulSystemFlags=0x00000003
            pNCs[4].aCrInfo[0].bEnabled=TRUE
            pNCs[4].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[4].aCrInfo[0].pszSDReferenceDomain=(null)
            pNCs[4].aCrInfo[0].pszNetBiosName=(null)
            pNCs[4].aCrInfo[0].cReplicas=-1
            pNCs[4].aCrInfo[0].aszReplicas=


    5 NC TARGETS: ForestDnsZones, DomainDnsZones, Schema, Configuration, LJBS-DOMAIN, 
    1 TARGETS: LJBS-SERVER2, 

=============================================Done Printing pDsInfo

Doing initial required tests


   Testing server: Default-First-Site-Name\LJBS-SERVER2

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         The host e431da7d-fae3-46a9-9abb-5410488794d0._msdcs.LJBS-DOMAIN.local

         could not be resolved to an IP address. Check the DNS server, DHCP,

         server name, etc.

         Got error while checking LDAP and RPC connectivity. Please check your

         firewall settings.

         ......................... LJBS-SERVER2 failed test Connectivity



Doing primary tests


   Testing server: Default-First-Site-Name\LJBS-SERVER2

      Skipping all tests, because server LJBS-SERVER2 is not responding to

      directory service requests.

      Test omitted by user request: Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Test omitted by user request: FrsEvent

      Test omitted by user request: DFSREvent

      Test omitted by user request: SysVolCheck

      Test omitted by user request: KccEvent

      Test omitted by user request: KnowsOfRoleHolders

      Test omitted by user request: MachineAccount

      Test omitted by user request: NCSecDesc

      Test omitted by user request: NetLogons

      Test omitted by user request: ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Test omitted by user request: Replications

      Test omitted by user request: RidManager

      Test omitted by user request: Services

      Test omitted by user request: SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Test omitted by user request: VerifyReferences

      Test omitted by user request: VerifyReplicas


      Starting test: DNS



         DNS Tests are running and not hung. Please wait a few minutes...

         See DNS test in enterprise tests section for results
         ......................... LJBS-SERVER2 failed test DNS


   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

            For the partition (DC=ForestDnsZones,DC=LJBS-DOMAIN,DC=local) we

            encountered the following error retrieving the cross-ref's

            (CN=c9fee44c-111b-48bb-8699-e873baaef44f,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local)

             information: 
               LDAP Error 0x3a (58). 
         ......................... ForestDnsZones failed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (DC=ForestDnsZones,DC=LJBS-DOMAIN,DC=local) we

            encountered the following error retrieving the cross-ref's

            (CN=c9fee44c-111b-48bb-8699-e873baaef44f,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local)

             information: 
               LDAP Error 0x3a (58). 
         ......................... ForestDnsZones failed test

         CrossRefValidation


   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

            For the partition (DC=DomainDnsZones,DC=LJBS-DOMAIN,DC=local) we

            encountered the following error retrieving the cross-ref's

            (CN=da23dd28-0c5d-4a68-a73d-f07685c118be,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local)

             information: 
               LDAP Error 0x3a (58). 
         ......................... DomainDnsZones failed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (DC=DomainDnsZones,DC=LJBS-DOMAIN,DC=local) we

            encountered the following error retrieving the cross-ref's

            (CN=da23dd28-0c5d-4a68-a73d-f07685c118be,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local)

             information: 
               LDAP Error 0x3a (58). 
         ......................... DomainDnsZones failed test

         CrossRefValidation


   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition

            (CN=Schema,CN=Configuration,DC=LJBS-DOMAIN,DC=local) we encountered

            the following error retrieving the cross-ref's

            (CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local)

             information: 
               LDAP Error 0x3a (58). 
         ......................... Schema failed test CrossRefValidation


   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (CN=Configuration,DC=LJBS-DOMAIN,DC=local) we

            encountered the following error retrieving the cross-ref's

            (CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local)

             information: 
               LDAP Error 0x3a (58). 
         ......................... Configuration failed test CrossRefValidation


   Running partition tests on : LJBS-DOMAIN

      Starting test: CheckSDRefDom

         ......................... LJBS-DOMAIN passed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (DC=LJBS-DOMAIN,DC=local) we encountered the

            following error retrieving the cross-ref's

            (CN=LJBS-DOMAIN,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local)

             information: 
               LDAP Error 0x3a (58). 
         ......................... LJBS-DOMAIN failed test CrossRefValidation


   Running enterprise tests on : LJBS-DOMAIN.local

      Starting test: DNS

         Test results for domain controllers:


            DC: LJBS-SERVER2.LJBS-DOMAIN.local

            Domain: LJBS-DOMAIN.local




               TEST: Authentication (Auth)
                  Authentication test: Successfully completed

               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  The OS

                  Microsoft Windows Server 2019 Standard (Service Pack level: 0.0)

                  is supported.

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter [00000002] Broadcom NetXtreme Gigabit Ethernet:

                     MAC address is 4C:D9:8F:8F:77:FB
                     IP Address is static 
                     IP address: 192.168.0.7
                     DNS servers:

                        Warning:
                        192.168.0.7 (LJBS-SERVER2) [Invalid]
                        Warning: adapter

                        [00000002] Broadcom NetXtreme Gigabit Ethernet has

                        invalid DNS server: 192.168.0.7 (LJBS-SERVER2)

                        Warning:
                        127.0.0.1 (LJBS-SERVER2) [Invalid]
                        Warning: adapter

                        [00000002] Broadcom NetXtreme Gigabit Ethernet has

                        invalid DNS server: 127.0.0.1 (LJBS-SERVER2)

                  Error: all DNS servers are invalid

                  No host records (A or AAAA) were found for this DC

                  The SOA record for the Active Directory zone was not found
                  Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running)
                  [Error details: 5 (Type: Win32 - Description: Access is denied.)]
               Total query time:0 min. 0 sec.. Total RPC connection

               time:0 min. 0 sec.

               Total WMI connection time:0 min. 0 sec. Total Netuse connection

               time:0 min. 0 sec.


         Summary of test results for DNS servers used by the above domain

         controllers:



            DNS server: 192.168.0.7 (LJBS-SERVER2)

               2 test failure on this DNS server

               Name resolution is not functional. _ldap._tcp.LJBS-DOMAIN.local. failed on the DNS server 192.168.0.7
               [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
               Total query time:0 min. 0 sec., Total WMI connection

               time:0 min. 0 sec.


         Summary of DNS test results:


                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: LJBS-DOMAIN.local

               LJBS-SERVER2                 PASS FAIL n/a  n/a  n/a  n/a  n/a  

         Total Time taken to test all the DCs:0 min. 0 sec.

         ......................... LJBS-DOMAIN.local failed test DNS

      Starting test: LocatorCheck

         GC Name: \\LJBS-SERVER2.LJBS-DOMAIN.local

         Locator Flags: 0xe001f3fd
         PDC Name: \\LJBS-SERVER2.LJBS-DOMAIN.local
         Locator Flags: 0xe001f3fd
         Time Server Name: \\LJBS-SERVER2.LJBS-DOMAIN.local
         Locator Flags: 0xe001f3fd
         Preferred Time Server Name: \\LJBS-SERVER2.LJBS-DOMAIN.local
         Locator Flags: 0xe001f3fd
         KDC Name: \\LJBS-SERVER2.LJBS-DOMAIN.local
         Locator Flags: 0xe001f3fd
         ......................... LJBS-DOMAIN.local passed test LocatorCheck

      Starting test: FsmoCheck

         GC Name: \\LJBS-SERVER2.LJBS-DOMAIN.local

         Locator Flags: 0xe001f3fd
         PDC Name: \\LJBS-SERVER2.LJBS-DOMAIN.local
         Locator Flags: 0xe001f3fd
         Time Server Name: \\LJBS-SERVER2.LJBS-DOMAIN.local
         Locator Flags: 0xe001f3fd
         Preferred Time Server Name: \\LJBS-SERVER2.LJBS-DOMAIN.local
         Locator Flags: 0xe001f3fd
         KDC Name: \\LJBS-SERVER2.LJBS-DOMAIN.local
         Locator Flags: 0xe001f3fd
         ......................... LJBS-DOMAIN.local passed test FsmoCheck

      Starting test: Intersite

         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided. 
         ......................... LJBS-DOMAIN.local passed test Intersite

Update 1

After running nltest /dsregdns, it appears there is a LDAP connectivity issue still, but the error message is different.

PS C:\Windows\system32> Dcdiag /test:DNS

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = LJBS-SERVER2
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\LJBS-SERVER2
      Starting test: Connectivity
         An error that is usually temporary occurred during DNS host lookup. Please try again later.
         Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
         ......................... LJBS-SERVER2 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\LJBS-SERVER2

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... LJBS-SERVER2 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : LJBS-DOMAIN

   Running enterprise tests on : LJBS-DOMAIN.local
      Starting test: DNS
         Test results for domain controllers:

            DC: LJBS-SERVER2.LJBS-DOMAIN.local
            Domain: LJBS-DOMAIN.local


               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  Warning: adapter [00000002] Broadcom NetXtreme Gigabit Ethernet has invalid DNS server: 192.168.0.7
                  (LJBS-SERVER2)
                  Warning: adapter [00000002] Broadcom NetXtreme Gigabit Ethernet has invalid DNS server: 127.0.0.1
                  (LJBS-SERVER2)
                  Error: all DNS servers are invalid
                  No host records (A or AAAA) were found for this DC
                  Warning: The Active Directory zone on this DC/DNS server was not found (probably a misconfiguration)

               TEST: Dynamic update (Dyn)
                  Warning: Failed to add the test record dcdiag-test-record in zone LJBS-DOMAIN.local

            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network adapters

         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 192.168.0.7 (LJBS-SERVER2)
               2 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.LJBS-DOMAIN.local. failed on the DNS server 192.168.0.7

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: LJBS-DOMAIN.local
               LJBS-SERVER2                 PASS FAIL PASS n/a  WARN FAIL n/a

         ......................... LJBS-DOMAIN.local failed test DNS

Update 2

Netdom query fsmo

PS C:\Windows\system32> netdom query fsmo
Schema master               LJBS-SERVER2.LJBS-DOMAIN.local
Domain naming master        LJBS-SERVER2.LJBS-DOMAIN.local
PDC                         LJBS-SERVER2.LJBS-DOMAIN.local
RID pool manager            LJBS-SERVER2.LJBS-DOMAIN.local
Infrastructure master       LJBS-SERVER2.LJBS-DOMAIN.local
The command completed successfully.

I did notice when poking around %SystemRoot%\System32\DNS\ and %SystemRoot%\system32\config that it said I did not have 'read' permissions to view this file. I'm wondering if there is some permissions issue that is preventing the DNS from being updated? I'm logged in as the old Domains Admin account.

I've also run the following commands:

ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlogon

This did not update anything in the DNS manager. dcdiag /fix also does not fix anything.

I did notice it looks like none of the DNS records are populated like in this image (specifically, there are no _msdcs, _tcp, _udp, etc folders in the Forward Lookup Zones):

DNS Entry Example

I tried removing the entire DNS feature using the "Remove Feature" option, but when it was added back, the records were still not there. Are there files I can delete/remove that might refresh those records?

networking
active-directory
domain
windows-server-2019
asked on Server Fault Oct 7, 2019 by SwDevMan81 • edited Oct 9, 2019 by SwDevMan81

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0