Is the a way to query all DHCP servers in ADS (authorized) for both root and child, and from those results, make a configuration change to the IPV4 DNS settings.
I have about 200-300 DCHP servers across the whole domain at various sites. etc.
including child domains too.
We had an issue where some random (BYOD) computer with the same name as one of our critical business servers (updated the A record in DNS. )
This some computer was neither a domain added PC, nor a priveldged user . etc.
It was assumed that the non-domain computer (random) BYOD, got an IP address from DHCP, and DHCP updated the A and PTR record in its behalf.
So looking at all the DHCP IPv4 setting / properties
We see that
Enable DNS dynamic updates according to the settings below
Always Dynamically update DNS A and PTR records
Discard A and PTR records when lease is deleted
Dynamically update DNS A and PTR records for DHCP clients that do not request updates.
It has been said that the final option
Dynamically update DNS A and PTR rcords for DHCP clients that do not request updates.
needs unchecked to prevent this from happening...
So part (1)
is there a powershell, vbscript, or etc that will query all authorized DHCP servers in Active directory for both root and child domain.
Then ping or check if the server is available
then check to see if it is running DHCP server service. (status)
then from the list of all running DHCP servers.
configure the IPV4 setting to uncheck the Dynamically update DNS A and PTR records for DHCP clients that do not request updates.
On completion of the script, I need it to write both success and failures to a log file.
Failures should include unreachable if no longer on the network, ( line item)
Failure should include "does not have DHCP server service running or status, if its reachable, but cant get to dhcp server service." separate line item.
and write its overall success and failure of updating the appropriate setting on the IPv4 DNS tab.
(2) second part.
Not sure if this can be in combination or coininisde with the first part.
But for failures, unreachable or etc. need a way to query ADS to see when its last time stamp was registered, and/or on the network, and etc. Need to verify if the list of Authorized DHCPs in ADS is inacurate and there are disabled, decommissioned, stale, or orphaned records. with last timestamp
(3) final part (cleanup)
for all the bad\orphaned\disabled\stale lingering objects,
Need script to remove from ADS computer accounts, and also from the Authorized Managed DHCP list, so it no longer shows up in the list anymore.
Not sure if this has been done, if there are Experts than can help.
Going through so many is very tedious, and allows for potential humnan error.
Thanks for your thoughts, suggestions, and help