Several months ago, my company moved our DNS service from a UNIX server to a Windows 2000 member server in an existing Windows NT 4.0 domain. The standard primary Win2K DNS zone contained about 64,000 entries, and the entire subnet was preconfigured in DNS to support DHCP clients and a specific proxy/firewall configuration. After we upgraded the rest of the network to Win2K and implemented Win2K DHCP with dynamic DNS (DDNS), we needed to remove all the static DNS entries from the Active Directory (AD)—integrated DNS zone.

I quickly discovered that through the Microsoft Management Console (MMC) DNS snap-in, I would need to remove each entry individually because the DNS snap-in lets you select only one entry at a time. However, the idea of manually removing 64,000 entries one at a time was completely unacceptable, so I developed the following solution.

  1. Use the Active Directory Replication Monitor (replmon.exe) tool to ensure complete and proper synchronization of AD across the network.
  2. In the DNS snap-in, highlight the DNS zone that you need to change (e.g., myzone.com), right-click the selection and select Properties to open the zone's properties dialog box, then click Change on the General tab.
  3. In the resulting dialog box, change the DNS zone from Active Directory—Integrated to Standard Primary by selecting the associated radio button, then click OK. This action creates a text file in the C:\winnt\system32\dns directory. The name of the text file depends on the zone name (e.g.,myzone.com.dns).
  4. Use any text editor you want to edit this DNS text file. You can add, remove, or change entries individually or in groups. I selected the 64,000 entries that I needed to delete, then clicked Delete.
  5. At the top of the text file is the serial number entry. DNS uses this number to ensure proper AD synchronization. You need to increment the zone file serial number to ensure that your changes get pushed out to the other DNS servers. To make sure that my changes are applied to AD, I usually add 5 or 10 to a zone text file's serial number.
  6. Save the file.
  7. In the DNS snap-in, highlight the domain (e.g., myzone.com) and click Reload. (Make sure you select Reload rather than Refresh; you're reloading the DNS primary file into the DNS server, not refreshing the data that's already in the DNS server.)
  8. In the DNS snap-in, highlight the DNS zone that you need to change, open the zone's Properties dialog box, and click Change on the General tab.
  9. In the resulting dialog box, change the DNS zone from Standard Primary to Active Directory—Integrated by selecting the associated radio button, then click OK. This action deletes the DNS text file from the C:\winnt\system32\dns directory.
  10. After AD synchronizes,ensure that the changes to the DNS zone are correct.

Using this method, I was able to remove all 64,000 entries in less than 5 minutes. I shudder to think about how long manually deleting each entry would have taken.