Solved

Script Removal of Name Server from All Reverse Lookup Zones

Posted on 2014-01-28
9
2,094 Views
Last Modified: 2014-12-16
Had to forcibly remove a crashed domain controller from the AD metadata using ntdsutil, but the NS record still appears in the reverse lookup zones.  We have ALOT of reverse lookup zones.  Anyone have a way to script this with powershell or even DNSCMD?  I am on a 2008 functional level domain with 2008 , R2 and 2012 DCs.

Here is some code I found but can't get i working:
Import-Module ActiveDirectory,DNSServer

#Inputs the DC/DNS Server that has been removed from the environment into the $UnknownDNSServer variable.

$UnknownDNSServer = Read-Host "Enter the old Name Server's FQDN"

#Finds the PDC Emulator and stores it in the $PDCE variable.

$PDCE = Get-ADDomainController -Discover -Service PrimaryDC

#Finds the DNS zones on the PDCE

$DNSZones = Get-DnsServerZone -ComputerName $PDCE

#For each of the zones in the DNSZones variable, it removes the old NS record from the zone that's defined in $UnknownDNSServer.

$DNSZones | ForEach-Object {

Try {$_ | Remove-DNSServerResourceRecord –Name “@” –RRType NS –RecordData $UnknownDNSServer -ComputerName $PDCE -Force}

Catch{[System.Exception] "UH oh..got an error"}

}

Open in new window

0
Comment
Question by:mcburn13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 8

Expert Comment

by:N-W
ID: 39816683
What error(s) are you getting when trying to run the script? It works fine for me.

Note: you may have to replace quotation marks on line 19 and line 21, they are encoded wrong (common when copy+pasting from websites).
0
 
LVL 1

Author Comment

by:mcburn13
ID: 39816784
you used the script with single quotes on those lines?  I just got the error from the system exception text on 21, one per line per zone it tried it on.
0
 
LVL 8

Expert Comment

by:N-W
ID: 39816796
No, just replace the quotation marks with quotations you've typed.

For example on line 19, replace “@” with "@" (note how the original quotation marks are slanted). To be safe, go through the script and replace all quotation marks with your own.

That's all I needed to do for the script to run properly.

If you're still having trouble, post the exact output you get from running the command.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 1

Author Comment

by:mcburn13
ID: 39817805
no dice- I actually typed it by hand to begin with.
0
 
LVL 1

Author Comment

by:mcburn13
ID: 39818598
So here is what I ended up running. I actually tried this in production and got the same error on every instance it tried to run on:
Import-Module ActiveDirectory,DNSServer
$UnknownDNSServer = Read-Host "server.domain.suffix"
$PDCE = Get-ADDomainController -Discover -Service PrimaryDC
$DNSZones = Get-DnsServerZone -ComputerName $PDCE
$DNSZones | ForEach-Object {
Try {$_ | Remove-DNSServerResourceRecord -Name "@" -RRType NS -RecordData $UnknownDNSServer -ComputerName $PDCE -Force}
Catch{[System.Exception] "uh oh error time"}
}

Open in new window

0
 
LVL 8

Expert Comment

by:N-W
ID: 39819593
What error are you getting? You will get an error for every zone where the record doesn't exist, but it should work fine on zones containing the record.

Are you running powershell as administrator?
0
 
LVL 1

Accepted Solution

by:
mcburn13 earned 0 total points
ID: 39820521
I get the whatever is in the system.exception text.  I get one per line for every zone it finds.  I ended up doing this by exporting the zones to a text file (dnscmd /enumzomes /reverse >reversezones.txt) massaging it so there was a zone name on each line then running for /f "delims" %a in (reversezones.text) do dnscmd /record delete %a dnsserver.suffix @ NS servertoremove.suffix /f
I'd like to get this going via Powershell as the above method is going the way of the do do bird
0
 
LVL 1

Author Closing Comment

by:mcburn13
ID: 39852802
my solution ended up being the only one provided that worked...
0
 
LVL 1

Expert Comment

by:Hal-itosis
ID: 40502599
Anyone figured out how to get the Powershell of this working?

I have 60 nameservers to remove from 500+ zones. This mess is gonna take an age to clean up manually :-)
0

Featured Post

Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question