DNS & OU issues



  • In preparation for some privilege management software, I went looking through my OUs and DNS to find out some issues were present. Under my main OU, I have one called Computers (as usual) then I also have an OU called Insight and under Insight I have another folder called Computers. I just assumed that since everything was done within the Insight OU, all the computers would go into that subfolder but that's not the case. I have computers listed in both Computer folders and there seems to be no rhyme or reason. In addition, I have bunches of old computers that I know are no longer in service listed in both. Removing them isn't an issue but I have 10 computers that are no longer in service however I can still ping them. Does anyone know how this could be possible? Is it somehow tied to a MAC address on a computer that has been re-imaged and named differently? What happens if I just delete them? What could be the ramifications of doing so? I'm kind of at a standstill until I can get the OUs straightened out.



  • @tracy_burton said in DNS & OU issues:

    In preparation for some privilege management software, I went looking through my OUs and DNS to find out some issues were present. Under my main OU, I have one called Computers (as usual) then I also have an OU called Insight and under Insight I have another folder called Computers. I just assumed that since everything was done within the Insight OU, all the computers would go into that subfolder but that's not the case. I have computers listed in both Computer folders and there seems to be no rhyme or reason. In addition, I have bunches of old computers that I know are no longer in service listed in both. Removing them isn't an issue but I have 10 computers that are no longer in service however I can still ping them. Does anyone know how this could be possible? Is it somehow tied to a MAC address on a computer that has been re-imaged and named differently? What happens if I just delete them? What could be the ramifications of doing so? I'm kind of at a standstill until I can get the OUs straightened out.

    Are you using static mapping? I would also check your DNS and if the same name is being used in your AD too.



  • @tracy_burton The being able to ping nonexistent computers means you have static dns entries of the old computers whose names point to ip addresses of computers that are being used.
    You are probably able to ping these computers by nonexistent name and actual name, and they resolve to same ip.



  • @momurda said in DNS & OU issues:

    @tracy_burton The being able to ping nonexistent computers means you have static dns entries of the old computers whose names point to ip addresses of computers that are being used.
    You are probably able to ping these computers by nonexistent name and actual name, and they resolve to same ip.

    Or DNS scavenging isn't on (I don't think it is by default). So the old DNS name could be there, just pointing to an IP that also belongs to another computer. Find the entry in DNS, look at the IP, then sort by IP and see if another host has that same IP.


Log in to reply