many times folks justchange the IP adress of a workstation ... I am noticing lots of bogus eneries in my DNS zones .. computers with many different IP addresses how you stop this? you cant always unjoin the domain just to change the Ip and then re join...

Use DHCP to assign the IP addresses, then it will have to communicate with the server to change IPs (unless they are administrators then they can set static IPs)

If you decide to use DHCP as Allen suggested, follow the steps in this link to set it up with credentials: DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more... Published by Ace Fekay, MCT, MVP DS on Aug 20, 2009 at 10:36 AM 3758 2 http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx . One way to currently deal with it, is to manually delete the bogus entries. I assume that you don't have scavenging enabled. That would delete them at a point in time after their TTL has expired, based on the scavenging process. The link above explains that, too. . To fully stop it, I would re-think allowing "folks" to have local admin rights on their computers, or are they also domain admins? .Ace Fekay MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php This post is provided AS-IS with no warranties or guarantees and confers no rights.

If you decide to use DHCP as Allen suggested, follow the steps in this link to set it up with credentials: DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more... Published by Ace Fekay, MCT, MVP DS on Aug 20, 2009 at 10:36 AM 3758 2 http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx . One way to currently deal with it, is to manually delete the bogus entries. I assume that you don't have scavenging enabled. That would delete them at a point in time after their TTL has expired, based on the scavenging process. The link above explains that, too. . To fully stop it, I would re-think allowing "folks" to have local admin rights on their computers, or are they also domain admins? .Ace Fekay MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php This post is provided AS-IS with no warranties or guarantees and confers no rights.

Hi Daniel, Thanks for posting here. I agree the solution about dynamically assign address by using DHCP and make it to update with DNS server. If these bogus entries on server are dynamic records instead static then by setting enabling scavenging with achieve the goal: Optimizing your network to keep your DNS squeaky clean http://blogs.technet.com/b/networking/archive/2009/02/09/optimizing-your-network-to-keep-your-dns-squeaky-clean.aspx Regards, Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tnmff@microsoft.com.Tiger Li TechNet Community Support

HEllo , I am not and will not be employing DHCP Thanks

The users should not be able to change the IP address unless they are an administrator of their workstations. Is this the case?

HEllo , I am not and will not be employing DHCP Thanks Understood. Then you're only course of action is, and to gain control of your environment: Enable ScavengingRemove local admin rights off your users. -Ace Fekay MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/ This post is provided AS-IS with no warranties or guarantees and confers no rights.

HEllo , I am not and will not be employing DHCP Thanks Understood. Then you're only course of action is, and to gain control of your environment: Enable ScavengingRemove local admin rights off your users. -Ace Fekay MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/ This post is provided AS-IS with no warranties or guarantees and confers no rights.

I did find that sacavanging at the server level.. the check boxwas not checked ...so I thinkI have it enabled at all 3 levels ... Guess thats the best I can do ..thanks

You can also make sure that the users are just that, USERS. in an enterprise environment, users should not be able to change settings on a computer. That is the purpose of them being users and not administrators.

Again...the users arent doing this ....this is being doen by untrained "administrators" so I have scavanging enabled and I guess aboive that I will just have to monitor the zones for for anyhting visual that sticks out thanks

Thanks for clearing up that they are not your regular users, rather untrained "administrators." I'm not trying to suggest how to run anyone's environment, but I agree with Allen's implied response that you need more control over your junior admins. They need training to understand the implications of their actions, and to put in a service request to get approval to change IP addresses. After all, if they understood what they are doing, you wouldn't be having this problem. On another note, I hope they are not domain admins. I've seen all the help desk and junior domain admins in one environment with 2000 users with Exchange 2003, SMS 2003, MOM, etc. Their AD structure pretty much went downhill to the point they were having DSAccess problems with Exchange where they got Microsoft Support involved, but the problem was so far deep that Support pretty much said that it would be better off to just create a new forest and migrate everything out. I offered to fix the problem, but it would have taken me numerous hours due to the complexity and multiple child domains invovled, forest trusts, etc, I would hate to see something like that happen to your own environment. .Ace Fekay MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/ This post is provided AS-IS with no warranties or guarantees and confers no rights.

Hi Daniel, Thanks for posting here. Just FYI, these feature only effects dynamic record which has record time stamp in its properties but static one. For the proper way about setting it up, please refer to the blog post below : Don't be afraid of DNS Scavenging. Just be patient. http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx Regards, Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tnmff@microsoft.com.Tiger Li TechNet Community Support