When working towards decommissioning a single or multiple Domain Controllers/DNS servers it is important before the DNS role is removed that every device referencing the server for DNS queries is identified and updated with the new values. DNS is an integral part of healthy functioning systems and failure to do so could result in serious system failures and problems.
A simple example of this in the real world would be if you only had email alerting setup for hardware monitoring with the mail server value set with a fully qualified domain name. When the disks eventually start to fail one by one, notifications would not resolve to the mail server so would not get through to the correct personnel, eventually if this was not picked up the RAID would exhaust any spares/resiliency and the system would crash, you would then be looking at rebuilding the server/storage array then restoring from backups.
Setup DNS Logging
Install Logparser 2.2
View DNS Queries
Open up Command Prompt then change your directory to the recently installed Log Parser;
cd "C:\Program Files (x86)\Log Parser 2.2"
LogParser -i:TSV -nskiplines:30 -headerRow:off -iSeparator:space -nSep:1 -fixedSep:off -rtp:-1 "SELECT field8 AS IP, REVERSEDNS(IP) AS Name, count(IP) as QueryCount FROM "C:\Temp\dns_log.log" WHERE field10 = 'Q' GROUP BY IP ORDER BY QueryCount DESC"
The results returned will look similar to the following;
IP | Name | QueryCount |
10.0.0.98 | server98.domain.local | 2851 |
10.0.1.3 | server3.domain.local | 2331 |
10.0.0.39 | pc11.domain.local | 165 |