23 November, 2015

Which DNS records would be scavenged - AD

In connection with a previous post on listing DNS scavenging settings, I thought I'd post those couple of lines of codes which gave me confidence before turning on or modifying scavenging settings - before I turn on any automation which only exists to delete stuff from production environment I always have a second thought when I put my head on the pillow, "did I really set the right values or will the phone ring in 2 hours waking me up and telling me there's a DNS outage?"

To make it a bit more scientific than "close your eyes and click OK", here is a couple of lines of PS which can help you identify all records from a DNS zone which would be deleted based on your thresholds.
  • Set parameters, DNS server name, the DNS zone and the age threshold which specifies how many days older records should be deleted. Scavenging has a 7 + 7 days "No-refresh" + "Refresh" interval, so records older than 14 days will potentially be deleted when scavenging process runs:
    #set parameters
    $server = "c3podc1"
    $domain = "tatooine.com"
    $agetreshold = 14
  • Threshold in hours from Microsoft's beginning of time definition (1st Jan 1601):
    # calculate how many hours is the age which will be the threshold
    $minimumTimeStamp = [int] (New-TimeSpan -Start $(Get-Date ("01/01/1601 00:00")) -End $((Get-Date).AddDays(-$agetreshold))).TotalHours
  • Enumerate all records older than the time threshold
    # get all records from the zone whose age is more than our threshold $records = Get-WmiObject -ComputerName $dnsServer -Namespace "root\MicrosoftDNS" -Query "select * from MicrosoftDNS_AType where Containername='$domain' AND TimeStamp<$minimumTimeStamp AND TimeStamp<>0 "
  • List the records and the time stamps
    # list the name and the calculated last update time stamp
    $records | Select Ownername, @{n="timestamp";e={([datetime]"1.1.1601").AddHours($_.Timestamp)}}
The output should look like this:
DNS records with time stamps


The full script:
 #set parameters  
 $dnsServer = "c3podc1"  
 $domain = "tatooine.com"  
 $agetreshold = 14  
   
 # calculate how many hours is the age which will be the threshold  
 $minimumTimeStamp = [int] (New-TimeSpan -Start $(Get-Date ("01/01/1601 00:00")) -End $((Get-Date).AddDays(-$agetreshold))).TotalHours  
   
 # get all records from the zone whose age is more than our threshold   
 $records = Get-WmiObject -ComputerName $dnsServer -Namespace "root\MicrosoftDNS" -Query "select * from MicrosoftDNS_AType where Containername='$domain' AND TimeStamp<$minimumTimeStamp AND TimeStamp<>0 "  
   
 # list the name and the calculated last update time stamp  
 $records | Select Ownername, @{n="timestamp";e={([datetime]"1.1.1601").AddHours($_.Timestamp)}}  
   



t


9 comments:

  1. $dnsserver = "c3podc1" <- Correction - change the variable name so it matches the command

    ReplyDelete
  2. Thanks for this. I didn't have to reinvent the wheel. There is an small error in the code: $server should be $dnsServer, otherwise runs perfectly.

    ReplyDelete
    Replies
    1. well done on finding this bug :) thanks!

      Delete
  3. is domain the same as dnszone? I do not get any output from my other zones

    ReplyDelete
  4. is domain the same as dnszone? I do not get any output from my other zones

    ReplyDelete
  5. is domain the same as dnszone? I do not get any output from my other zones

    ReplyDelete
  6. IS domain the same as dnszone?

    ReplyDelete
    Replies
    1. yes, in the example it is, but it can be separated if needed, just make sure you have the right level of access to the DNS servers (or the DCs if they are the ones running the zone.)

      Delete