?
Solved

Find NUmber of Records Scavenged in Windows 2000 DNS

Posted on 2009-05-20
20
Medium Priority
?
356 Views
Last Modified: 2012-05-07
RIght now I have a windows 2000 DC / DNS server that is set to automatically Scavenge records every 7 days and the AD - zone is set to the values as well. When the auto Scavenge runs, how can I tell how many records were purged?
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 9
20 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24434749

It logs an event in your Event Log giving a summary of the scavenging cycle. Look for event ID 2501.

HTH

Chris
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24434942
I'm not finding any 2501 event id's. Yet I know yesterday one was scheduled to run???????
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24434950

2502? That would be posted if there was nothing to scavenge.

Chris
0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 
LVL 20

Author Comment

by:compdigit44
ID: 24434972
which evet log should I be looking in???
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24434993

There should be a DNS Server log in Event Viewer?

Chris
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24446535
There is but nothing is listed for the removal of records????
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24448639

Did you find one of the events?

2502 will only log if the process ran and nothing was available for Scavenging. It has text like this:

  The DNS server has completed a scavenging cycle but no nodes were visited.

2501 should look like this where it shows a count of the records scavenged:

  Event Type:      Information
  Event Source:      DNS
  Event Category:      None
  Event ID:      2501
  Date:            05/05/2009
  Time:            20:56:15
  User:            N/A
  Computer:      YourServer
  Description:

  The DNS server has completed a scavenging cycle:
  Visited Zones     = 2,
  Visited Nodes     = 357,
  Scavenged Nodes   = 2,
  Scavenged Records = 1
 
  This cycle took 0 seconds.
 
  The next scavenging cycle is scheduled to run in 24 hours.
 
If it says "Scavenged Records = 0" then nothing was removed this time.

Chris
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24450195
I do have a DNS Log in Event viewer but things in these logs as been updated since a week ago. Is there any other place i can check to see if scavenging is really running on this server?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24450243

No, there are no other logs, but that's fine if you've only set it to run every 7 days.

If you want to run it manually (right click on the server in the DNS Console, select Start Scavenging). Then see if it logs Event ID 2502, it should if none of the zones are ready for another Scavenging run.

Chris
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24450598
I just tried to right click on my DNS server and kicked off a scavenge and the DNS log in Event View is still only showing the most current event is from last week???
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24450644

Hmmm it's entirely possible Windows 2000 isn't quite as verbose about reporting on it. I forgot that was involved and was basing my suggestions on Windows 2003.

All DCs are Windows 2000?

Chris
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24450706
Yes....

Please help I need to know if this is working or not... :-(
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24450901

Well... we can drop out the Time Stamps for everything in the zone. That would give a fair indication of how things are doing.

Not entirely sure if this will work on 2000, I have a few different ways to get this stuff,  all of them tested against 2003 / 2008 but not 2000.

Anyway, doesn't hurt to try :)

This is VbScript, it'll need saving as .vbs. It's set up to run from the DNS Server, but I can tell you how to change it to run remotely if you prefer.

It creates a CSV file called "DNSRecordReport.csv" (in the same place the script is run from). That should open up in Excel or similar quite neatly. It will show you all records on your server and any Time Stamps associated with them.

If all of the Time Stamps are less than your Aging Intervals (No-Refresh + Refresh) then everything is working.

It won't show manually created records, only dynamically created.

Chris
' Connect to the MicrosoftDNS Namespace
Dim objWMI : Set objWMI = GetObject("winmgmts:\\.\root\MicrosoftDNS")
 
' Query A records with MicrosoftDNS_AType class where the record is not static
Dim colItems : Set colItems = objWMI.ExecQuery("SELECT * FROM MicrosoftDNS_AType WHERE TimeStamp<>0")
 
Dim objFSO : Set objFSO = CreateObject("Scripting.FileSystemObject")
Dim objFile : Set objFile = objFSO.OpenTextFile("DNSRecordReport.csv", 2, True, 0)
 
objFile.WriteLine "RecordName,DomainName,IPAddress,TimeStamp"
 
Dim objItem
For Each objItem In colItems
 
  ' Convert the timestamp into a date and time
  Dim dtmTimeStamp : dtmTimeStamp = DateAdd("h", objItem.TimeStamp, "01/01/1601 00:00:00")
 
  ' Write the record details to the file
  objFile.WriteLine objItem.OwnerName & "," & objItem.ContainerName & _
    "," & objItem.IPAddress & "," & dtmTimeStamp
Next

Open in new window

0
 
LVL 20

Author Comment

by:compdigit44
ID: 24451225
FYI...in the DNS console on my DNS server even when I select View -> Advanced the TimeStamp is not shown unless I open the record directly...
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24451255

Yes, I know. The Time Stamp only appears if you happen to have the Windows 2008 Admin Tools. It's why I wrote the script and have articles on my blog about this topic for older versions of Windows :)

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24451274

> only appears

In the main GUI, they added it as a column, only took 8 years ;)

Chris
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24476103
In Windows 2000, 2003 or 2008 is there anyway to tell which DNS records were removed?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24476510

Afraid not, you would have to have something take a snapshot of the zone before and after then compare.

Chris
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24476595
Bumper you would "think" there would be an easy way to do this.....
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24476718

You may find that it'll be logged if you configure an Audit ACL on the DNS Zone. It would capture most information (record name and such), although actual details of the record (record type, what it points to, time stamp, etc) are rather difficult to extract.

Unfortunately, there are no public references for how MS store the DNS data in AD. That doesn't make it impossible, it can be reverse engineered. But it does make it a hell of a lot less accessible.

Chris
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question