usually static records also have different ACLs - i.e.
records that were registered by machineX have an ACL which grant machineX write
privs to the respective DNS AD object.
note that by default in Win2000 a static record added to
DNS by an administrator was granting Authenticated Users write privs to the
record => which means it can be overwritten by any machine or use. Not so
static afterall... You may want to check your ACLs.
This was changed in Win2003 (I'm not sure, but I think
it was also changed in 2000 SP4).
/Guido
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Deji Akomolafe
Sent: Dienstag, 8. Juni 2004 05:23
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Identify STATIC records in AD DNS
Have you tried parsing the
output of "dnscmd DNSServerName /ZonePrint ZoneName /Detail" ?
Records without scavenging timestamp will
have the following clue: "dwTimeStamp = 0 ([ 0: 0: 0] [ 1/
1/1601])"
HTH
Sincerely,
Dèjì Akómöláfé, MCSE MCSA MCP+I
Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP
- Directory Services
www.readymaids.com - we know
IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: Jef
Sent: Mon 6/7/2004 6:44 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Identify STATIC records in AD DNS
Hi there, Does anyone know of a way to programmatically identify STATIC records within an AD integrated DNS zone? The DNS manager gui can show if a record has a timestamp or not, but with 100's of thousands of records you can't check them all. I've looked for a property I can search on using ADSI or WMI, but have not found anything consistent. The closest I found is the AD property dnsIsTombstoned. It appears to have 3 values: TRUE = Already tombstoned and will be replicated FALSE = Not tombstoned yet, but can be <not set> = Will not be scavenged. This is not 100% though, so I think I am missing something else. Thanks, Jef Kazimer List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
