r4kieta
asked on
PowerShell Get-ADObject returns values not present in AD, DNS Froward, Reverse lookup and DHCP.
Hey Everyone,
We re doing cleaning of AD, DNS and DHCP.
I run into situation where I am querying AD with Get-ADObject -Filter {Name -Like "S03*"} -Property * | Select-Object Name, OperatingSystem | Export-CSV S03-ADObjects.csv
This S03* site name was decommissioned, I get a result of
#TYPE Selected.Microsoft.ActiveD
Name OperatingSystem
S03-PC-03
s03-PC-01
S03-PC-02
S03-PC-04 Windows XP Professional
S03-PC-04
S03-PC-05
S03-PC-05 Windows XP Professional
S03-SRVDC Windows 2003 Server
Then to get a complete list of AD with all its properties
Get-ADObject -Filter * -Property * | Export-CSV AD_check.csv
I narrowed it down that objects without property Operating System have property name DN and they are ObjectClass of dnsNode listed with Distinguished name of: DC=S03-PC-03,DC=domain.net
Now when I go into a root of domain.net I cant find any of these objects with Property Operating System from above, although they are list in the AD_check.csv. I also run nslookup using our main DNS server.
Why is that and how to remove them.
I am pretty sure that if I keep looking for other object from different AD remote sites I will fjnd same.
Thanks
We re doing cleaning of AD, DNS and DHCP.
I run into situation where I am querying AD with Get-ADObject -Filter {Name -Like "S03*"} -Property * | Select-Object Name, OperatingSystem | Export-CSV S03-ADObjects.csv
This S03* site name was decommissioned, I get a result of
#TYPE Selected.Microsoft.ActiveD
Name OperatingSystem
S03-PC-03
s03-PC-01
S03-PC-02
S03-PC-04 Windows XP Professional
S03-PC-04
S03-PC-05
S03-PC-05 Windows XP Professional
S03-SRVDC Windows 2003 Server
Then to get a complete list of AD with all its properties
Get-ADObject -Filter * -Property * | Export-CSV AD_check.csv
I narrowed it down that objects without property Operating System have property name DN and they are ObjectClass of dnsNode listed with Distinguished name of: DC=S03-PC-03,DC=domain.net
Now when I go into a root of domain.net I cant find any of these objects with Property Operating System from above, although they are list in the AD_check.csv. I also run nslookup using our main DNS server.
Why is that and how to remove them.
I am pretty sure that if I keep looking for other object from different AD remote sites I will fjnd same.
Thanks
ASKER
Its not a replication problem we ruled that out.
My previous question is stated incorrectly, sorry for the confusion.
Correction:
"I cant find any objects with dnsNode Property (these are the ones that do not have Operating System Property listed in above list) from above list, although they are listed and showing in the AD_check.csv I pulled out using Get-ADObject -Filter * -Property * | Export-CSV AD_check.csv. I also run nslookup and searched thru DNS mmc on any DNS server."
Same goes if I generate the AD_check.csv file on any domain controller, all files contain these objects.
These dnsNode records date 2007 or around that time, I am thinking AD put them in a container that is not accessible for viewing, but we want to clear them from the AD DB.
KP
My previous question is stated incorrectly, sorry for the confusion.
Correction:
"I cant find any objects with dnsNode Property (these are the ones that do not have Operating System Property listed in above list) from above list, although they are listed and showing in the AD_check.csv I pulled out using Get-ADObject -Filter * -Property * | Export-CSV AD_check.csv. I also run nslookup and searched thru DNS mmc on any DNS server."
Same goes if I generate the AD_check.csv file on any domain controller, all files contain these objects.
These dnsNode records date 2007 or around that time, I am thinking AD put them in a container that is not accessible for viewing, but we want to clear them from the AD DB.
KP
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will check that out and get back to you. Thanks
If this is the case then you likely have an AD replication issue.
Use the below commands to check the replication...
repadmin /replsum
repadmin /showrepl
repadmin /bridgeheads
DCDiag /v
Will.