Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Find NUmber of Records Scavenged in Windows 2000 DNS

Posted on 2009-05-20
20
353 Views
Last Modified: 2012-05-07
RIght now I have a windows 2000 DC / DNS server that is set to automatically Scavenge records every 7 days and the AD - zone is set to the values as well. When the auto Scavenge runs, how can I tell how many records were purged?
0
Comment
Question by:compdigit44
  • 11
  • 9
20 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24434749

It logs an event in your Event Log giving a summary of the scavenging cycle. Look for event ID 2501.

HTH

Chris
0
 
LVL 19

Author Comment

by:compdigit44
ID: 24434942
I'm not finding any 2501 event id's. Yet I know yesterday one was scheduled to run???????
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24434950

2502? That would be posted if there was nothing to scavenge.

Chris
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 19

Author Comment

by:compdigit44
ID: 24434972
which evet log should I be looking in???
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24434993

There should be a DNS Server log in Event Viewer?

Chris
0
 
LVL 19

Author Comment

by:compdigit44
ID: 24446535
There is but nothing is listed for the removal of records????
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24448639

Did you find one of the events?

2502 will only log if the process ran and nothing was available for Scavenging. It has text like this:

  The DNS server has completed a scavenging cycle but no nodes were visited.

2501 should look like this where it shows a count of the records scavenged:

  Event Type:      Information
  Event Source:      DNS
  Event Category:      None
  Event ID:      2501
  Date:            05/05/2009
  Time:            20:56:15
  User:            N/A
  Computer:      YourServer
  Description:

  The DNS server has completed a scavenging cycle:
  Visited Zones     = 2,
  Visited Nodes     = 357,
  Scavenged Nodes   = 2,
  Scavenged Records = 1
 
  This cycle took 0 seconds.
 
  The next scavenging cycle is scheduled to run in 24 hours.
 
If it says "Scavenged Records = 0" then nothing was removed this time.

Chris
0
 
LVL 19

Author Comment

by:compdigit44
ID: 24450195
I do have a DNS Log in Event viewer but things in these logs as been updated since a week ago. Is there any other place i can check to see if scavenging is really running on this server?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24450243

No, there are no other logs, but that's fine if you've only set it to run every 7 days.

If you want to run it manually (right click on the server in the DNS Console, select Start Scavenging). Then see if it logs Event ID 2502, it should if none of the zones are ready for another Scavenging run.

Chris
0
 
LVL 19

Author Comment

by:compdigit44
ID: 24450598
I just tried to right click on my DNS server and kicked off a scavenge and the DNS log in Event View is still only showing the most current event is from last week???
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24450644

Hmmm it's entirely possible Windows 2000 isn't quite as verbose about reporting on it. I forgot that was involved and was basing my suggestions on Windows 2003.

All DCs are Windows 2000?

Chris
0
 
LVL 19

Author Comment

by:compdigit44
ID: 24450706
Yes....

Please help I need to know if this is working or not... :-(
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24450901

Well... we can drop out the Time Stamps for everything in the zone. That would give a fair indication of how things are doing.

Not entirely sure if this will work on 2000, I have a few different ways to get this stuff,  all of them tested against 2003 / 2008 but not 2000.

Anyway, doesn't hurt to try :)

This is VbScript, it'll need saving as .vbs. It's set up to run from the DNS Server, but I can tell you how to change it to run remotely if you prefer.

It creates a CSV file called "DNSRecordReport.csv" (in the same place the script is run from). That should open up in Excel or similar quite neatly. It will show you all records on your server and any Time Stamps associated with them.

If all of the Time Stamps are less than your Aging Intervals (No-Refresh + Refresh) then everything is working.

It won't show manually created records, only dynamically created.

Chris
' Connect to the MicrosoftDNS Namespace
Dim objWMI : Set objWMI = GetObject("winmgmts:\\.\root\MicrosoftDNS")
 
' Query A records with MicrosoftDNS_AType class where the record is not static
Dim colItems : Set colItems = objWMI.ExecQuery("SELECT * FROM MicrosoftDNS_AType WHERE TimeStamp<>0")
 
Dim objFSO : Set objFSO = CreateObject("Scripting.FileSystemObject")
Dim objFile : Set objFile = objFSO.OpenTextFile("DNSRecordReport.csv", 2, True, 0)
 
objFile.WriteLine "RecordName,DomainName,IPAddress,TimeStamp"
 
Dim objItem
For Each objItem In colItems
 
  ' Convert the timestamp into a date and time
  Dim dtmTimeStamp : dtmTimeStamp = DateAdd("h", objItem.TimeStamp, "01/01/1601 00:00:00")
 
  ' Write the record details to the file
  objFile.WriteLine objItem.OwnerName & "," & objItem.ContainerName & _
    "," & objItem.IPAddress & "," & dtmTimeStamp
Next

Open in new window

0
 
LVL 19

Author Comment

by:compdigit44
ID: 24451225
FYI...in the DNS console on my DNS server even when I select View -> Advanced the TimeStamp is not shown unless I open the record directly...
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24451255

Yes, I know. The Time Stamp only appears if you happen to have the Windows 2008 Admin Tools. It's why I wrote the script and have articles on my blog about this topic for older versions of Windows :)

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24451274

> only appears

In the main GUI, they added it as a column, only took 8 years ;)

Chris
0
 
LVL 19

Author Comment

by:compdigit44
ID: 24476103
In Windows 2000, 2003 or 2008 is there anyway to tell which DNS records were removed?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24476510

Afraid not, you would have to have something take a snapshot of the zone before and after then compare.

Chris
0
 
LVL 19

Author Comment

by:compdigit44
ID: 24476595
Bumper you would "think" there would be an easy way to do this.....
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24476718

You may find that it'll be logged if you configure an Audit ACL on the DNS Zone. It would capture most information (record name and such), although actual details of the record (record type, what it points to, time stamp, etc) are rather difficult to extract.

Unfortunately, there are no public references for how MS store the DNS data in AD. That doesn't make it impossible, it can be reverse engineered. But it does make it a hell of a lot less accessible.

Chris
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Computers Wont Join Domain 5 59
Creating a reverse DNS record 3 68
How to get windows DNS resolve to internal address? 3 76
Active Directory/sub domain vs root domain 3 28
I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question