Force a domain controller to re-register AD DNS records without restarting netlogon?

Question

In the past, I've been in a situation troubleshooting the dynamic registration of AD specific DNS records from domain controllers against a 3rd party DNS server. As far as I'm aware, the netlogon service is responsible for these registrations and does a full pass each time it is started and on some regular interval (once an hour?).

So if I don't want to wait for the regular interval and I'd rather not restart the netlogon service (or reboot the DC), is there any other way to coerce netlogon into re-registering these records?

ipconfig /registerdns works for the DC's own A/PTR records. But I need a similar method for the rest of the AD SRV/A/CNAME records.

The closest thing I found in my web searching was this blog post which talks about netdiag /fix. But apparently the netdiag utility no longer exists and the post implies that it would only re-register things that are missing. I've also tried various combinations of dcdiag /fix with no luck.

Answer 1

You are correct, ipconfig /registerdns only registers the main A and PTR records for a server; netdiag is obsolete and dcdiag only tests whether the proper DNS records are correctly registered, it doesn't actually fix them if they are not.

You can use nltest /DSREGDNS for this purpose; it should be available on any computer, even client ones; if running it from a non-DC computer, you can specify the DC you want to run it against using the /SERVER:<servername> parameter.

The quickest and simplest way is anyway to just restart the netlogon service on the DC that needs re-registering its DNS records.