Solved

Using Powershell to list / export which DNS (A) records do not have the associated PTR record ?

Posted on 2015-01-26
11
586 Views
Last Modified: 2015-02-12
People,

Can anyone here please assist me with the powershell script to list which (A) records in my DNS server does not have its (PTR) record ?

and also how do I automatically re-creates the PTR records if the reverse lookup zones has been created in the AD integrated DNS servers?

Thanks.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 334 total points
ID: 40572527
I have half answer:
Once you create reverse lookup zone on DNS server, with next dns refresh \ reboot clients will automatically get added into appropriate reverse lookup zones

If you are using DHCP on domain controller, enable always update host and ptr records setting in DHCP scope advanced \ dns properties, also set credentials in DHCP scope properties \ general tab
http://blogs.technet.com/b/stdqry/archive/2012/04/03/dhcp-server-in-dcs-and-dns-registrations.aspx
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40572724
ok Mahesh, so yes I have created the reverse lookup zones.

But how do I configure all of the production Windows Server to register their DNS entries automatically without going to each and every server network settings and selecting the checkbox to register the reverse lookup zone ?
0
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 334 total points
ID: 40572951
U can use Psexec tool from Microsoft

List all of your servers in .txt file

Ex:
Server1
Server2
Server3

Logon to DC with domain admins
Then use Psexec command from elevated command prompt

Psexec @C:\Servers.txt ipconfig /registerdns

OR

Psexec @C:\Servers.txt ipconfig /registerdns > C:\output.txt

Open in new window


The tool will traverse through all servers in the list one by one and then execute the command on all servers one by one
Al servers will register their records within respective reverse lookup zones
The same thing can be applied to list of client computers as well

Note that to execute tool file print sharing exception must be enabled in windows firewall on all machines

The Psexec tool can be downloaded from below location
https://technet.microsoft.com/en-in/sysinternals/bb897553.aspx
Extract it from zip file
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 40

Assisted Solution

by:footech
footech earned 166 total points
ID: 40573185
If machines are set with a static IP, then that machine will register it's own PTR record.  If a machine is set to get its IP through DHCP, then the DHCP server will register the record.  There's no specific setting in regard to PTR records (excepting Group Policy).
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40574024
Ah I see,
because I'm in a new environment and I have noticed that several hundreds of DNS entries of the servers are set as "static", no TimeStamp on the DNS console, so I guess someone manually register the entry here on the DNS without letting it register by itself.

Does executing the command ipconfig /registerdns can potentially causing some outage to the server network communication ?
0
 
LVL 40

Assisted Solution

by:footech
footech earned 166 total points
ID: 40574333
Yes, I would say someone created the records manually.

No, running ipconfig /registerdns will not cause an outage of any kind.  It may not update a record though.  Depends on what kind of security is already on the record.  Deleting the record and then running the ipconfig command would allow the machine to register its record (assuming dynamic updates are allowed).
0
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 334 total points
ID: 40574522
I hope your forward and reverse lookup zones are set for dynamic updates only
running ipconfig /registerdns will force dns to refresh dns entries and add that record in forward and reverse lookup zones for corresponding IP address and hostname unless their is issue
If you have created any record manually, it will not get updated with this command
The command will update associated Host(A) record and PTR record
After completion of command via Psexec, force AD replication and do not forget to run below two commands on DNS servers from elevated command prompt
ipconfig /flushdns
dnscmd /clearcache
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40575204
Ok, may I know what is the command for forcing AD replication ?

Should I do it from the primary DNS or it doesn't really matter the role.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 334 total points
ID: 40575473
Run repadmin /syncall on all domain controllers

other way to do that:
Psexec @C:\dclist.txt repadmin /syncall

Replace dclist.txt with txt file containing domain controllers list
0
 
LVL 8

Author Closing Comment

by:Senior IT System Engineer
ID: 40607323
Thanks guys !
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40607324
ok, if i run the command:

Psexec @C:\dclist.txt repadmin /syncall

Open in new window


what are the effects on the user or Exchange email flow ? would there be any issue to the users when i execute that command during the working hours ?
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question