• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 358
  • Last Modified:

Find NUmber of Records Scavenged in Windows 2000 DNS

RIght now I have a windows 2000 DC / DNS server that is set to automatically Scavenge records every 7 days and the AD - zone is set to the values as well. When the auto Scavenge runs, how can I tell how many records were purged?
0
compdigit44
Asked:
compdigit44
  • 11
  • 9
1 Solution
 
Chris DentPowerShell DeveloperCommented:

It logs an event in your Event Log giving a summary of the scavenging cycle. Look for event ID 2501.

HTH

Chris
0
 
compdigit44Author Commented:
I'm not finding any 2501 event id's. Yet I know yesterday one was scheduled to run???????
0
 
Chris DentPowerShell DeveloperCommented:

2502? That would be posted if there was nothing to scavenge.

Chris
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
compdigit44Author Commented:
which evet log should I be looking in???
0
 
Chris DentPowerShell DeveloperCommented:

There should be a DNS Server log in Event Viewer?

Chris
0
 
compdigit44Author Commented:
There is but nothing is listed for the removal of records????
0
 
Chris DentPowerShell DeveloperCommented:

Did you find one of the events?

2502 will only log if the process ran and nothing was available for Scavenging. It has text like this:

  The DNS server has completed a scavenging cycle but no nodes were visited.

2501 should look like this where it shows a count of the records scavenged:

  Event Type:      Information
  Event Source:      DNS
  Event Category:      None
  Event ID:      2501
  Date:            05/05/2009
  Time:            20:56:15
  User:            N/A
  Computer:      YourServer
  Description:

  The DNS server has completed a scavenging cycle:
  Visited Zones     = 2,
  Visited Nodes     = 357,
  Scavenged Nodes   = 2,
  Scavenged Records = 1
 
  This cycle took 0 seconds.
 
  The next scavenging cycle is scheduled to run in 24 hours.
 
If it says "Scavenged Records = 0" then nothing was removed this time.

Chris
0
 
compdigit44Author Commented:
I do have a DNS Log in Event viewer but things in these logs as been updated since a week ago. Is there any other place i can check to see if scavenging is really running on this server?
0
 
Chris DentPowerShell DeveloperCommented:

No, there are no other logs, but that's fine if you've only set it to run every 7 days.

If you want to run it manually (right click on the server in the DNS Console, select Start Scavenging). Then see if it logs Event ID 2502, it should if none of the zones are ready for another Scavenging run.

Chris
0
 
compdigit44Author Commented:
I just tried to right click on my DNS server and kicked off a scavenge and the DNS log in Event View is still only showing the most current event is from last week???
0
 
Chris DentPowerShell DeveloperCommented:

Hmmm it's entirely possible Windows 2000 isn't quite as verbose about reporting on it. I forgot that was involved and was basing my suggestions on Windows 2003.

All DCs are Windows 2000?

Chris
0
 
compdigit44Author Commented:
Yes....

Please help I need to know if this is working or not... :-(
0
 
Chris DentPowerShell DeveloperCommented:

Well... we can drop out the Time Stamps for everything in the zone. That would give a fair indication of how things are doing.

Not entirely sure if this will work on 2000, I have a few different ways to get this stuff,  all of them tested against 2003 / 2008 but not 2000.

Anyway, doesn't hurt to try :)

This is VbScript, it'll need saving as .vbs. It's set up to run from the DNS Server, but I can tell you how to change it to run remotely if you prefer.

It creates a CSV file called "DNSRecordReport.csv" (in the same place the script is run from). That should open up in Excel or similar quite neatly. It will show you all records on your server and any Time Stamps associated with them.

If all of the Time Stamps are less than your Aging Intervals (No-Refresh + Refresh) then everything is working.

It won't show manually created records, only dynamically created.

Chris
' Connect to the MicrosoftDNS Namespace
Dim objWMI : Set objWMI = GetObject("winmgmts:\\.\root\MicrosoftDNS")
 
' Query A records with MicrosoftDNS_AType class where the record is not static
Dim colItems : Set colItems = objWMI.ExecQuery("SELECT * FROM MicrosoftDNS_AType WHERE TimeStamp<>0")
 
Dim objFSO : Set objFSO = CreateObject("Scripting.FileSystemObject")
Dim objFile : Set objFile = objFSO.OpenTextFile("DNSRecordReport.csv", 2, True, 0)
 
objFile.WriteLine "RecordName,DomainName,IPAddress,TimeStamp"
 
Dim objItem
For Each objItem In colItems
 
  ' Convert the timestamp into a date and time
  Dim dtmTimeStamp : dtmTimeStamp = DateAdd("h", objItem.TimeStamp, "01/01/1601 00:00:00")
 
  ' Write the record details to the file
  objFile.WriteLine objItem.OwnerName & "," & objItem.ContainerName & _
    "," & objItem.IPAddress & "," & dtmTimeStamp
Next

Open in new window

0
 
compdigit44Author Commented:
FYI...in the DNS console on my DNS server even when I select View -> Advanced the TimeStamp is not shown unless I open the record directly...
0
 
Chris DentPowerShell DeveloperCommented:

Yes, I know. The Time Stamp only appears if you happen to have the Windows 2008 Admin Tools. It's why I wrote the script and have articles on my blog about this topic for older versions of Windows :)

Chris
0
 
Chris DentPowerShell DeveloperCommented:

> only appears

In the main GUI, they added it as a column, only took 8 years ;)

Chris
0
 
compdigit44Author Commented:
In Windows 2000, 2003 or 2008 is there anyway to tell which DNS records were removed?
0
 
Chris DentPowerShell DeveloperCommented:

Afraid not, you would have to have something take a snapshot of the zone before and after then compare.

Chris
0
 
compdigit44Author Commented:
Bumper you would "think" there would be an easy way to do this.....
0
 
Chris DentPowerShell DeveloperCommented:

You may find that it'll be logged if you configure an Audit ACL on the DNS Zone. It would capture most information (record name and such), although actual details of the record (record type, what it points to, time stamp, etc) are rather difficult to extract.

Unfortunately, there are no public references for how MS store the DNS data in AD. That doesn't make it impossible, it can be reverse engineered. But it does make it a hell of a lot less accessible.

Chris
0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

  • 11
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now