Enable DNS Scavenging for Active Directory integrated zones on Windows 2003

After a domain has been running for a while, you may notice that hostnames for client machines no longer seem to match their real IP addresses or that machines that no longer exist are still resolving.  Often, this is because old DNS entries for those machines are not being deleted when they expire.  To fix this, you need to enable DNS Scavenging.


This is configured via the DNS MMC.

  1. Get a desktop on one of your DNS servers (you do have at least 2, right?) and run the DNS MMC.
  2. Expand the server, then right-click and select properties. Switch to the Advanced tab and make sure the “Enable automatic scavenging of stale records” is checked.  The default period of 7 days is usually sufficient. Click OK.
  3. Back in the DNS Management MMC, expand Server Name > Forward Lookup Zones > your-domain.local. Right click on the zone and select properties.

  4. Click the “Aging…’ button. Make sure “Scavenge stale recourse records” is checked; again, the default 7 days for both the Refressh and No-Refresh intervals is usually sufficient. Click OK on both dialogs.

At this point, DNS Scavenging is configured but you won’t necessarily see any records deleted right away. Depending on the timestamp on the record, it may be several days before the record is considered “stale” and available for scavenging.  If there’s some particularly troublesome entries, you’ll want to manually update/delete those; otherwise, just be patient.  Trying to rush scavenging usually just makes for more headaches.


