Demoting a working domain controller (with SAMBA_INTERNAL DNS) fails to clean up some DNS records in AD. The following records are left behind and have to be removed manually (where deleted-dc is the recently demoted domain controller): SRV record 0 100 389 of deleted-dc.samdom.example.com remain in: _ldap._tcp.Default-First-Site-Name._sites.DomainDNSZones.samdom.example.com _ldap._tcp.DomainDNSZones.samdom.example.com _ldap._tcp.Default-First-Site-Name._sites.ForestDNSZones.samdom.example.com _ldap._tcp.ForestDNSZones.samdom.example.com Host (A) records for ip address of deleted-dc.samdom.example.com remain in: samdom.example.com DomainDNSZones.samdom.example.com ForestDNSZones.samdom.example.com gc._msdcs.samdom.example.com NS record for ip address of deleted-dc.samdom.example.com remain in: samdom.example.com Steps to reproduce: demote a working dc using: samba-tool domain demote Check records in AD DNS using RSAT in Windows or samba tools.
Thanks. I've got a work item to handle this so you can expect we will fix this up in the next few months (for Samba 4.9). The --remove-other-dead-server should clean it up, but that code isn't invoked on a normal demote, and we don't scavange 'dynamic' dns records. The new (for 4.9) samba-tool dns cleanup should also clean these up if you give the original DC's name.
Andrew is this still open?