Networking basics: Check if your domain controller host records are registered

When you implement an Active Directory domain controller, the installation process creates several DNS records in the DNS server. The installation process creates service records, sometimes referred to as SRV, NTDS object in the Active Directory, and host record in the DNS Server. Not many Active Directory administrators know that missing domain controller host records in the DNS server can lead to replication and other issues in the Active Directory environment. For example, Windows client computers will fail to query and apply Group Policy settings if the host record of domain controller is missing in the DNS Server.

Possible reason for missing domain controller host records

As you might know, Windows client computers including domain controllers register their host record in the locally configured DNS server every day. It is important for domain controllers to keep refreshing their host record in the DNS Server. Domain controller host records might be missing if the domain controller fails to refresh the host record in the DNS Server and if DNS Scavenging is enabled on the DNS server. The DNS Scavenging checks the DNS records that have not been updated for some time and then removes them. The process for registering the Host record in the DNS Server is controlled by Register this connection’s addresses in DNS setting on the property page of network adapter as shown in the screenshot below:

If the Register this connection’s addresses in DNS option is not enabled, Windows clients including domain controllers will not be able to register or update its host record in the DNS Server. To ensure all Active Directory domain controllers have a host record registered in the DNS server, you can use the PowerShell script below. The PowerShell script helps you identify the missing domain controller host records for each domain controller and provided a report in the CSV format.


Make sure to run the PowerShell script from a Windows Server 2012 R2 member server or domain controller, and ensure to create a Temp folder on the C:\ drive as script generates a report by name “OrpDCs.TXT” under the C:\Temp folder. Once you have met these requirements, copy the script in a PS1 file and execute it from an elevated PowerShell window.

$TestCSVFile = "C:\Temp\DCHostRecordStatus.CSV"
Remove-Item $TestCSVFile -ErrorAction SilentlyContinue
$ThisString="Domain Name, Domain Controller, A Host Record Name, Registered with IP Address, Final Status"
Add-Content "$TestCSVFile" $ThisString
$TestText = ""
$ReachOrNot = "Yes"
$AnyGap = "No"
$TotNo = 0
ForEach ($ThisDomain in Get-Content "$GDomList")
$CNAMEFile = "C:\Temp\"+$CurProfNowForAll+"_CNAMETempCRC.DPC"
Remove-item $CNAMEFile -ErrorAction SilentlyContinue
$PDCServerToConnect = "$ThisDomain"
$ThisZoneNow = $ThisDomain
$RSNow = Get-DnsServerResourceRecord -ComputerName $PDCServerToConnect -ZoneName $ThisZoneNow | ? {($_.recordtype -eq 'A')}
IF ($Error.Count -eq 0)
$AllDCS = Get-ADDomainController -Filter * -Server $ThisDomain
ForEach ($AllDCsNow in $AllDCS)
$ThisDCIPAddress = $AllDCsNow.IPv4Address
$FoundOrNotNow = "No"
ForEach ($InFileNow in $RSNow)
$ThisNameNow = $InFileNow.HostName
$ThisIPInFile = $InFileNow.recordData.IPv4Address.IPAddressToString
$CUT1, $CUT2 = $ThisDCToCheck.Split(".")
IF ($ThisNameNow.ToLower() -eq $CUT1.ToLower() -and $ThisIPInFile -eq $ThisDCIPAddress)
$FoundOrNotNow = "Yes"
IF ($FoundOrNotNow -eq "No")
$FinalSTR = $ThisDomain+","+$ThisDCToCheck+", Not Registered, "+$ThisDCIPAddress+", Warning: Host record Not found in DNS Server for this domain controller."
Add-Content "$TestCSVFile" $FinalSTR
$AnyGap = "Yes"
IF ($FoundOrNotNow -eq "Yes")
$FinalSTR = $ThisDomain+","+$ThisDCToCheck+","+$ThisNameNow+","+$ThisIPInFile+", Ok"
Add-Content "$TestCSVFile" $FinalSTR
$ThisSTR = $ThisDomain+",Error Connecting to PDC in this domain."
$ErrorOrNot = "Yes"
Add-Content "$TestCSVFile" $ThisStr
IF ($AnyGap -eq "Yes")
$TestText = "There are a few domain controllers for which A Host Record in DNS Server is not registered. Please ensure A Host records are registered for all Domain Controllers in the DNS Server."
$SumVal = $TotNo
IF ($AnyGap -eq "No")
$TestText = "A Host Records for all domain controllers are registered in the DNS Server."
$SumVal = ""
$STR = $ADTestName +","+$TestStartTime+","+$TestStatus+","+$SumVal +","+$TestText
Remove-item $CNAMEFile -ErrorAction SilentlyContinue

Once the script has finished executing, a report will be generated under C:\Temp\DCHostRecordStatus.CSV as shown in the screenshot below.

As you can see in the report above, the script checked host records for all the domain controllers in the DNS server and reported the status for each domain controller. As it is indicated in the report above, the script couldn’t find a host record registered in the DNS server for domain controller. Once you have the report and if you find any missing domain controller host records, you can take necessary corrective actions.

We explained how you can use a simple PowerShell script to check whether a host record for all the domain controllers is registered or not. The script generates a report in CSV file and provides the status for each domain controller. You can include above script in your Active Directory health procedure and have it run every month to ensure host records for all the domain controllers are healthy.

Nirmal Sharma

Nirmal Sharma is a MCSEx3, MCITP and was awarded the Microsoft MVP award in Directory Services and Windows Networking. He specializes in Microsoft Azure, Office 365, Directory Services, Failover Clusters, Hyper-V, PowerShell Scripting and System Center products. Nirmal has been involved with Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites.

Published by
Nirmal Sharma
Tags Powershell

Recent Posts

Simplifying cloud complexity: 4 roads to the same destination

As cloud computing grows, the sheer number of options can be a problem. But there…

1 min ago

Building Exchange 2019 from scratch: Setting up a domain controller

If you are building a new Exchange 2019 environment from scratch, you will have to…

3 hours ago

RAID 1 vs. RAID 5: When to use each level and why

Redundant array of independent disks (RAID) is the logical grouping of two or more disks…

22 hours ago

Microsoft 365 adds online scheduling to Microsoft Bookings app

Microsoft 365 users have access to an app called Microsoft Bookings. Before you dismiss it…

1 day ago

Biometrics authentication: Where the technology is now — and where it’s going

As cyberthreats rise in number and complexity, biometrics authentication technology has seen rapid adoption and…

4 days ago

Remote work vulnerabilities: Tips on avoiding a nightmare scenario

Remote work is likely to remain permanent — and so will the vulnerabilities it brings…

4 days ago