Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 786
  • Last Modified:

Using Powershell to list / export which DNS (A) records do not have the associated PTR record ?

People,

Can anyone here please assist me with the powershell script to list which (A) records in my DNS server does not have its (PTR) record ?

and also how do I automatically re-creates the PTR records if the reverse lookup zones has been created in the AD integrated DNS servers?

Thanks.
0
Senior IT System Engineer
Asked:
Senior IT System Engineer
  • 5
  • 4
  • 2
6 Solutions
 
MaheshArchitectCommented:
I have half answer:
Once you create reverse lookup zone on DNS server, with next dns refresh \ reboot clients will automatically get added into appropriate reverse lookup zones

If you are using DHCP on domain controller, enable always update host and ptr records setting in DHCP scope advanced \ dns properties, also set credentials in DHCP scope properties \ general tab
http://blogs.technet.com/b/stdqry/archive/2012/04/03/dhcp-server-in-dcs-and-dns-registrations.aspx
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
ok Mahesh, so yes I have created the reverse lookup zones.

But how do I configure all of the production Windows Server to register their DNS entries automatically without going to each and every server network settings and selecting the checkbox to register the reverse lookup zone ?
0
 
MaheshArchitectCommented:
U can use Psexec tool from Microsoft

List all of your servers in .txt file

Ex:
Server1
Server2
Server3

Logon to DC with domain admins
Then use Psexec command from elevated command prompt

Psexec @C:\Servers.txt ipconfig /registerdns

OR

Psexec @C:\Servers.txt ipconfig /registerdns > C:\output.txt

Open in new window


The tool will traverse through all servers in the list one by one and then execute the command on all servers one by one
Al servers will register their records within respective reverse lookup zones
The same thing can be applied to list of client computers as well

Note that to execute tool file print sharing exception must be enabled in windows firewall on all machines

The Psexec tool can be downloaded from below location
https://technet.microsoft.com/en-in/sysinternals/bb897553.aspx
Extract it from zip file
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
footechCommented:
If machines are set with a static IP, then that machine will register it's own PTR record.  If a machine is set to get its IP through DHCP, then the DHCP server will register the record.  There's no specific setting in regard to PTR records (excepting Group Policy).
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Ah I see,
because I'm in a new environment and I have noticed that several hundreds of DNS entries of the servers are set as "static", no TimeStamp on the DNS console, so I guess someone manually register the entry here on the DNS without letting it register by itself.

Does executing the command ipconfig /registerdns can potentially causing some outage to the server network communication ?
0
 
footechCommented:
Yes, I would say someone created the records manually.

No, running ipconfig /registerdns will not cause an outage of any kind.  It may not update a record though.  Depends on what kind of security is already on the record.  Deleting the record and then running the ipconfig command would allow the machine to register its record (assuming dynamic updates are allowed).
0
 
MaheshArchitectCommented:
I hope your forward and reverse lookup zones are set for dynamic updates only
running ipconfig /registerdns will force dns to refresh dns entries and add that record in forward and reverse lookup zones for corresponding IP address and hostname unless their is issue
If you have created any record manually, it will not get updated with this command
The command will update associated Host(A) record and PTR record
After completion of command via Psexec, force AD replication and do not forget to run below two commands on DNS servers from elevated command prompt
ipconfig /flushdns
dnscmd /clearcache
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Ok, may I know what is the command for forcing AD replication ?

Should I do it from the primary DNS or it doesn't really matter the role.
0
 
MaheshArchitectCommented:
Run repadmin /syncall on all domain controllers

other way to do that:
Psexec @C:\dclist.txt repadmin /syncall

Replace dclist.txt with txt file containing domain controllers list
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks guys !
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
ok, if i run the command:

Psexec @C:\dclist.txt repadmin /syncall

Open in new window


what are the effects on the user or Exchange email flow ? would there be any issue to the users when i execute that command during the working hours ?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now