Solved

Script Removal of Name Server from All Reverse Lookup Zones

Posted on 2014-01-28
9
2,042 Views
Last Modified: 2014-12-16
Had to forcibly remove a crashed domain controller from the AD metadata using ntdsutil, but the NS record still appears in the reverse lookup zones.  We have ALOT of reverse lookup zones.  Anyone have a way to script this with powershell or even DNSCMD?  I am on a 2008 functional level domain with 2008 , R2 and 2012 DCs.

Here is some code I found but can't get i working:
Import-Module ActiveDirectory,DNSServer

#Inputs the DC/DNS Server that has been removed from the environment into the $UnknownDNSServer variable.

$UnknownDNSServer = Read-Host "Enter the old Name Server's FQDN"

#Finds the PDC Emulator and stores it in the $PDCE variable.

$PDCE = Get-ADDomainController -Discover -Service PrimaryDC

#Finds the DNS zones on the PDCE

$DNSZones = Get-DnsServerZone -ComputerName $PDCE

#For each of the zones in the DNSZones variable, it removes the old NS record from the zone that's defined in $UnknownDNSServer.

$DNSZones | ForEach-Object {

Try {$_ | Remove-DNSServerResourceRecord –Name “@” –RRType NS –RecordData $UnknownDNSServer -ComputerName $PDCE -Force}

Catch{[System.Exception] "UH oh..got an error"}

}

Open in new window

0
Comment
Question by:mcburn13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 8

Expert Comment

by:N-W
ID: 39816683
What error(s) are you getting when trying to run the script? It works fine for me.

Note: you may have to replace quotation marks on line 19 and line 21, they are encoded wrong (common when copy+pasting from websites).
0
 
LVL 1

Author Comment

by:mcburn13
ID: 39816784
you used the script with single quotes on those lines?  I just got the error from the system exception text on 21, one per line per zone it tried it on.
0
 
LVL 8

Expert Comment

by:N-W
ID: 39816796
No, just replace the quotation marks with quotations you've typed.

For example on line 19, replace “@” with "@" (note how the original quotation marks are slanted). To be safe, go through the script and replace all quotation marks with your own.

That's all I needed to do for the script to run properly.

If you're still having trouble, post the exact output you get from running the command.
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 1

Author Comment

by:mcburn13
ID: 39817805
no dice- I actually typed it by hand to begin with.
0
 
LVL 1

Author Comment

by:mcburn13
ID: 39818598
So here is what I ended up running. I actually tried this in production and got the same error on every instance it tried to run on:
Import-Module ActiveDirectory,DNSServer
$UnknownDNSServer = Read-Host "server.domain.suffix"
$PDCE = Get-ADDomainController -Discover -Service PrimaryDC
$DNSZones = Get-DnsServerZone -ComputerName $PDCE
$DNSZones | ForEach-Object {
Try {$_ | Remove-DNSServerResourceRecord -Name "@" -RRType NS -RecordData $UnknownDNSServer -ComputerName $PDCE -Force}
Catch{[System.Exception] "uh oh error time"}
}

Open in new window

0
 
LVL 8

Expert Comment

by:N-W
ID: 39819593
What error are you getting? You will get an error for every zone where the record doesn't exist, but it should work fine on zones containing the record.

Are you running powershell as administrator?
0
 
LVL 1

Accepted Solution

by:
mcburn13 earned 0 total points
ID: 39820521
I get the whatever is in the system.exception text.  I get one per line for every zone it finds.  I ended up doing this by exporting the zones to a text file (dnscmd /enumzomes /reverse >reversezones.txt) massaging it so there was a zone name on each line then running for /f "delims" %a in (reversezones.text) do dnscmd /record delete %a dnsserver.suffix @ NS servertoremove.suffix /f
I'd like to get this going via Powershell as the above method is going the way of the do do bird
0
 
LVL 1

Author Closing Comment

by:mcburn13
ID: 39852802
my solution ended up being the only one provided that worked...
0
 
LVL 1

Expert Comment

by:Hal-itosis
ID: 40502599
Anyone figured out how to get the Powershell of this working?

I have 60 nameservers to remove from 500+ zones. This mess is gonna take an age to clean up manually :-)
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question