Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Script Removal of Name Server from All Reverse Lookup Zones

Posted on 2014-01-28
9
Medium Priority
?
2,153 Views
Last Modified: 2014-12-16
Had to forcibly remove a crashed domain controller from the AD metadata using ntdsutil, but the NS record still appears in the reverse lookup zones.  We have ALOT of reverse lookup zones.  Anyone have a way to script this with powershell or even DNSCMD?  I am on a 2008 functional level domain with 2008 , R2 and 2012 DCs.

Here is some code I found but can't get i working:
Import-Module ActiveDirectory,DNSServer

#Inputs the DC/DNS Server that has been removed from the environment into the $UnknownDNSServer variable.

$UnknownDNSServer = Read-Host "Enter the old Name Server's FQDN"

#Finds the PDC Emulator and stores it in the $PDCE variable.

$PDCE = Get-ADDomainController -Discover -Service PrimaryDC

#Finds the DNS zones on the PDCE

$DNSZones = Get-DnsServerZone -ComputerName $PDCE

#For each of the zones in the DNSZones variable, it removes the old NS record from the zone that's defined in $UnknownDNSServer.

$DNSZones | ForEach-Object {

Try {$_ | Remove-DNSServerResourceRecord –Name “@” –RRType NS –RecordData $UnknownDNSServer -ComputerName $PDCE -Force}

Catch{[System.Exception] "UH oh..got an error"}

}

Open in new window

0
Comment
Question by:mcburn13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 8

Expert Comment

by:N-W
ID: 39816683
What error(s) are you getting when trying to run the script? It works fine for me.

Note: you may have to replace quotation marks on line 19 and line 21, they are encoded wrong (common when copy+pasting from websites).
0
 
LVL 1

Author Comment

by:mcburn13
ID: 39816784
you used the script with single quotes on those lines?  I just got the error from the system exception text on 21, one per line per zone it tried it on.
0
 
LVL 8

Expert Comment

by:N-W
ID: 39816796
No, just replace the quotation marks with quotations you've typed.

For example on line 19, replace “@” with "@" (note how the original quotation marks are slanted). To be safe, go through the script and replace all quotation marks with your own.

That's all I needed to do for the script to run properly.

If you're still having trouble, post the exact output you get from running the command.
0
How To Reduce Deployment Times With Pre-Baked AMIs

Even if we can't include all the files in the base image, we can sometimes include some of the larger files that we would otherwise have to download, and we can also sometimes remove the most time-consuming steps. This can help a lot with reducing deployment times.

 
LVL 1

Author Comment

by:mcburn13
ID: 39817805
no dice- I actually typed it by hand to begin with.
0
 
LVL 1

Author Comment

by:mcburn13
ID: 39818598
So here is what I ended up running. I actually tried this in production and got the same error on every instance it tried to run on:
Import-Module ActiveDirectory,DNSServer
$UnknownDNSServer = Read-Host "server.domain.suffix"
$PDCE = Get-ADDomainController -Discover -Service PrimaryDC
$DNSZones = Get-DnsServerZone -ComputerName $PDCE
$DNSZones | ForEach-Object {
Try {$_ | Remove-DNSServerResourceRecord -Name "@" -RRType NS -RecordData $UnknownDNSServer -ComputerName $PDCE -Force}
Catch{[System.Exception] "uh oh error time"}
}

Open in new window

0
 
LVL 8

Expert Comment

by:N-W
ID: 39819593
What error are you getting? You will get an error for every zone where the record doesn't exist, but it should work fine on zones containing the record.

Are you running powershell as administrator?
0
 
LVL 1

Accepted Solution

by:
mcburn13 earned 0 total points
ID: 39820521
I get the whatever is in the system.exception text.  I get one per line for every zone it finds.  I ended up doing this by exporting the zones to a text file (dnscmd /enumzomes /reverse >reversezones.txt) massaging it so there was a zone name on each line then running for /f "delims" %a in (reversezones.text) do dnscmd /record delete %a dnsserver.suffix @ NS servertoremove.suffix /f
I'd like to get this going via Powershell as the above method is going the way of the do do bird
0
 
LVL 1

Author Closing Comment

by:mcburn13
ID: 39852802
my solution ended up being the only one provided that worked...
0
 
LVL 1

Expert Comment

by:Hal-itosis
ID: 40502599
Anyone figured out how to get the Powershell of this working?

I have 60 nameservers to remove from 500+ zones. This mess is gonna take an age to clean up manually :-)
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question