[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2294
  • Last Modified:

Script Removal of Name Server from All Reverse Lookup Zones

Had to forcibly remove a crashed domain controller from the AD metadata using ntdsutil, but the NS record still appears in the reverse lookup zones.  We have ALOT of reverse lookup zones.  Anyone have a way to script this with powershell or even DNSCMD?  I am on a 2008 functional level domain with 2008 , R2 and 2012 DCs.

Here is some code I found but can't get i working:
Import-Module ActiveDirectory,DNSServer

#Inputs the DC/DNS Server that has been removed from the environment into the $UnknownDNSServer variable.

$UnknownDNSServer = Read-Host "Enter the old Name Server's FQDN"

#Finds the PDC Emulator and stores it in the $PDCE variable.

$PDCE = Get-ADDomainController -Discover -Service PrimaryDC

#Finds the DNS zones on the PDCE

$DNSZones = Get-DnsServerZone -ComputerName $PDCE

#For each of the zones in the DNSZones variable, it removes the old NS record from the zone that's defined in $UnknownDNSServer.

$DNSZones | ForEach-Object {

Try {$_ | Remove-DNSServerResourceRecord –Name “@” –RRType NS –RecordData $UnknownDNSServer -ComputerName $PDCE -Force}

Catch{[System.Exception] "UH oh..got an error"}

}

Open in new window

0
mcburn13
Asked:
mcburn13
  • 5
  • 3
1 Solution
 
N-WCommented:
What error(s) are you getting when trying to run the script? It works fine for me.

Note: you may have to replace quotation marks on line 19 and line 21, they are encoded wrong (common when copy+pasting from websites).
0
 
mcburn13Author Commented:
you used the script with single quotes on those lines?  I just got the error from the system exception text on 21, one per line per zone it tried it on.
0
 
N-WCommented:
No, just replace the quotation marks with quotations you've typed.

For example on line 19, replace “@” with "@" (note how the original quotation marks are slanted). To be safe, go through the script and replace all quotation marks with your own.

That's all I needed to do for the script to run properly.

If you're still having trouble, post the exact output you get from running the command.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
mcburn13Author Commented:
no dice- I actually typed it by hand to begin with.
0
 
mcburn13Author Commented:
So here is what I ended up running. I actually tried this in production and got the same error on every instance it tried to run on:
Import-Module ActiveDirectory,DNSServer
$UnknownDNSServer = Read-Host "server.domain.suffix"
$PDCE = Get-ADDomainController -Discover -Service PrimaryDC
$DNSZones = Get-DnsServerZone -ComputerName $PDCE
$DNSZones | ForEach-Object {
Try {$_ | Remove-DNSServerResourceRecord -Name "@" -RRType NS -RecordData $UnknownDNSServer -ComputerName $PDCE -Force}
Catch{[System.Exception] "uh oh error time"}
}

Open in new window

0
 
N-WCommented:
What error are you getting? You will get an error for every zone where the record doesn't exist, but it should work fine on zones containing the record.

Are you running powershell as administrator?
0
 
mcburn13Author Commented:
I get the whatever is in the system.exception text.  I get one per line for every zone it finds.  I ended up doing this by exporting the zones to a text file (dnscmd /enumzomes /reverse >reversezones.txt) massaging it so there was a zone name on each line then running for /f "delims" %a in (reversezones.text) do dnscmd /record delete %a dnsserver.suffix @ NS servertoremove.suffix /f
I'd like to get this going via Powershell as the above method is going the way of the do do bird
0
 
mcburn13Author Commented:
my solution ended up being the only one provided that worked...
0
 
Hal-itosisCommented:
Anyone figured out how to get the Powershell of this working?

I have 60 nameservers to remove from 500+ zones. This mess is gonna take an age to clean up manually :-)
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now