19 October, 2012

List DC SRV records with PowerShell - Active Directory

To start off this blog, one of my friend suggested me posting a simple problem/solution and then continuing with deep dive stuff later. I'll take his advice.

Because this blog is supposed to show how real life problems make you think and how you can perform tasks in a large IT environment - which are easy to do on 10 servers but a bit more difficult on a large scale with 1000+ servers - let me start with the following use case which unfortunately happened with me too many times:

A domain controller dies, dies hard and you have to perform a metadata cleanup - this means you have to delete all references of the dead DC in the AD database and DNS. The last time this happened to me is because someone replaced the wrong disk in the only RAID 1 array of the server (one disk was broken and the other one wasn't until it was pulled out). The OS came back up but unfortunately the NTDS database was corrupt.
You can read more about metadata cleanup here. I'd like to focus on a specific step in this process, namely: DNS SRV record cleanup.

So when you do a metadata cleanup on a production AD at 2 AM, it's bad enough already. When you have 100+ domain controllers and you need to go through all DNS SRV records on dnsmgmt.msc to find out if the DC was truly removed and delete the lingering records that doesn't make it more fun.
I decided to decrease my stress level, so have a command that lists all srv records for a particular DC, here it is:

PS C:\> gwmi -Namespace root/microsoftdns -q "select * from MicrosoftDNS_SRvtype" -ComputerName MyDNSServer | ?{($_.domainname -imatch "c3poDC1") -or ($_.srvdomainname -imatch "c3poDC1")} | ft OwnerName,DomainName,srvdomainname -auto


OwnerNameDomainNamesrvdomainname
_kerberos._tcp.Mos_Eisley._sites.dc._msdcs.tatooine.comc3poDC1.tatooine.com.
_ldap._tcp.Mos_Eisley._sites.dc._msdcs.tatooine.comc3poDC1.tatooine.com.
_kerberos._tcp.dc._msdcs.tatooine.comc3poDC1.tatooine.com.
_ldap._tcp.dc._msdcs.tatooine.comc3poDC1.tatooine.com.
_kerberos._tcp.Mos_Eisley._sites.tatooine.comc3poDC1.tatooine.com.
_ldap._tcp.Mos_Eisley._sites.tatooine.comc3poDC1.tatooine.com.
_kerberos._tcp.tatooine.comc3poDC1.tatooine.com.
_kpasswd._tcp.tatooine.comc3poDC1.tatooine.com.
_ldap._tcp.tatooine.comc3poDC1.tatooine.com.
_kerberos._udp.tatooine.comc3poDC1.tatooine.com.
_kpasswd._udp.tatooine.comc3poDC1.tatooine.com.
_ldap._tcp.Mos_Eisley._sites.DomainDnsZones.tatooine.comc3poDC1.tatooine.com.
_ldap._tcp.DomainDnsZones.tatooine.comc3poDC1.tatooine.com.


Explanation:
  • MyDNSServer could be a domain controller if the DNS zone is AD integrated or it sits on domain controllers as a separate DNS zone
  • This oneliner filters for DomainName and for SRVDomainName properties as well ($_.domainname and $_.srvdomainname), this is because depending on what kind of DNS zone you have, different fields will contain the domain controller name in the WMI class:
    • If you have the DNS zone in a separate AD partition, the SRV records will be in a separate zone called _msdcs.domainfqdn, this will make the WMI class show the DC name in the SRVDomainName property
    • If you have a Windows 2000 AD compatible DNS zone, which means the zone is in the domain partition in AD, then the WMI class will have the DC name in the DomainName property

Prerequisites:
  • I assume you have Windows DNS in your environment
  • You are admin on your DNS server

Clipboard friendly code:
 PS C:\> gwmi -Namespace root/microsoftdns -q "select * from MicrosoftDNS_SRvtype" -ComputerName MyDNSServer | ?{($_.domainname -imatch "c3poDC1") -or ($_.srvdomainname -imatch "c3poDC1")} | ft OwnerName,DomainName,srvdomainname -auto  


In the next post, I'll share a way how to compose dnscmd command syntax out of this output to perform SRV record deletion quickly - instead of walking through all records on dnsmgmt.msc.

Until then, May the Force be you all.

t


No comments:

Post a Comment