Missing AD SRV records

image.png

In an Active Directory domain the domain controllers register their service records (SRV records) with DNS when they are promoted to become domain controllers. These SRV records are how other machines on the network figure out who the domain controllers for a domain are. They are used, for instance, when a new machine is to be joined to the domain, or when existing domain machines are starting up and need to get a list of the domain controllers.

These SRV records are published at standard locations and have standard names. In the screenshot, for example, the domain in question is contoso.local and you can see there exists a sub-domain called dc._msdcs.contoso.local which contains records showing that the machine dc1-2008.contoso.local provides the TCP based LDAP service for this domain (as in: it is the domain controller for this domain).

image.png

Turns out that when you promote a server to be domain controller, if in the server’s network adapter settings you have set it to not register it’s address in DNS (the default is to register the address in DNS so chances are you changed it while fiddling around!) then the server’s SRV records are not created while being promoted to domain controller status. And if this server is the only domain controller in your domain, it pretty much means no one else can join the domain until this situation is fixed.

So what do you do to get the records back? First off, you go and unclear the box which tells the server not to register it’s records in DNS. And then you restart the NetLogon service. The NetLogon service is an important one for domain controllers, and amongst other things it ensures that the SRV records for a domain controller are registered in DNS. By default it registers the records every 24 hours, but obviously you are in a hurry in this case and so restarting the service ensures that the records are registered when the service starts up.

Hope this helps!