If your company has run Active Directory (AD) for any length of time, there is a good chance you have some DNS terds on your Windows Domain Controller (DC)/DNS Servers. For our clients, these terds usually show up during migrations. The main symptom are old DNS servers showing up on workstations, even when a DHCP is configured to issue the correct DNS servers!
These terds are usually the result of running dcpromo /forceremoval when an old DC does not gracefully demote from a DC to a member server. In addition to removing the server from AD Users and Computer and AD Sites and Services, you must remove all references to the old DC on a Windows DNS server. Unlike "regular" DNS entries which have a Time To Live (TTL) and naturally expire after a period of time, references to Domain Controllers do not automatically expire and must be manually removed. Windows Vista and XP workstations seem to be better at finding these DNS terds.
It's not a bad idea to periodically review your DNS entries and remove any retired/outdated references to DC's on your Windows DNS Server. Using the Windows DNS Manager drill down on all of your Active Directory Integrated Forward Lookup Zones and look for outdated entries. It could save you some grief during your next migration.
Tags: Active directory