| Event Id | 5786 |
| Source | Netlogon |
| Description | This Domain Controller no longer automatically covers site TestSite |
| Event Information | "According To Microsoft:" CAUSE: This behavior occurs because Netlogon did not clean up the old records. After Event ID 5785 is logged, Netlogon should remove the records so that only the domain controllers that are created in the new site reflect that their location is in that site, and any domain controllers that were temporarily covering this site are removed so that clients are not validated by a domain controller that is at another site. RESOLUTION To resolve this issue, manually delete the DNS SRV records. This Information From group May Help Maybe you could delete the system32\config\netlogon.dns and netlogon.dnb records, then do an ipconfig /registerdns, then restart the netlogon service. That should update everything fresh. Then refresh the DNS console to see if the SRVs associated with those DCs taht were in the old site aregone, if not, I would suggest to manually delete them. If not sure what records to delete, I would say if you deleted the wrong ones, restarting netlogon would put them back anyway. In a last ditch effort, you can delete the _sites folder and restart the netlogon service and it would put them back fresh. |
| Reference Links | DNS Site Records Are Not Properly Removed After Dcpromo |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.