Hi Dèjì,
This is such moment when a person says to himself (or herself ofcourse) "Why didn't I think about that?!".
Yes that is a solution! Hope they only are willing to accept it...
Many thanks!
Bart
On 3/7/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>>>Extracting the zones to a .txt file which a script can loop through
searching for certain strings. Ideal solution would be to look for <server>*
records and delete them as they are being found. But as already indicated by
other people, this is not available......
Why not? If it's a standard zone, you could just read the zone file, using
filesystemobject, do a Readline, and if you see <servername> in the line,
delete the line.
Or did I misread you?
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: [EMAIL PROTECTED] on behalf of Bart Van den Wyngaert
Sent: Mon 3/6/2006 3:07 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT : Query DNS using wildcards?
Hi Al,
Thanks for your answer. It's not zone transfers I'm looking for, but your
answer nevertheless pointed me towards another road with a lot of thoughts!
We are used to register DNS records manually by script. All other records are
added manually. When a server is at the end of it's life, we clean all it's
registrations. In case of a cluster, including all records for it's cluster
resources.
As this process is totally manually and there are some with quiet a lot of
records pointing to cluster resources, we're looking for a way to query the
DNS server to retrieve all records related to that server/cluster and then
delete them.
Additionally a lot of servers/clusters are being powered off some week
already before we format them and unregister everything in our environment.
This is mostly the case for migrations so that the owners are sure they
haven't forgotten a little thing ;-) Currently we have to boot the server
again to have a script running locally to retrieve IP's and names registered
in the DNS. If we should have a workaround, we don't need to this anymore and
we just break the array, run a script that looks everything up and removes
the registrations.
I'm having already a small idea of a way to perform the check, although not
ideal. Extracting the zones to a .txt file which a script can loop through
searching for certain strings. Ideal solution would be to look for <server>*
records and delete them as they are being found. But as already indicated by
other people, this is not available... At least not to our knowledge.
Another possible to solution is to review the DNS infrastructure, like for
example aging. But, and it's not my choice, I have nothing to see with that
part... Although I'm trying to find out if there is nobody interested in
adapting the DNS infra to make my life easier, but that rather working on the
political road ;-)
I could understand that it doesn't make a lot of sense, but that's the way of
working at this moment. And I have to deal with it and try handle it the best
possible way. So in short: looking for a way to retrieve all records like
"*string*" in DNS so I can remove them all and keep the DNS tidy...
Best regards,
Bart
On 3/5/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
It sounds like what you really want is to move those records to
another server. I don't recall if this is AD integrated or not, and if so,
what the scope of those records is set to. However, setting up a second
server and using zone transfer to that server (for backup purposes) is one
way to get all of the records in the zones into text files. You could also
use WMI scripts/programs to cull that information or you could realize that
if it is AD integrated that data exists elsewhere and that copying it off is
not what you want to do. One other method, which is very much a zone
transfer is to use the nslookup ls -d zonename command which puts that
information to std i/o. Using dnscmd would be able to gather that information
as would a backup (either AD based (see above if that's what you need) or
server file based.
If not AD-Integrated, you could just copy the zone files :)
Am I missing something you need to do?
Al
On 3/2/06, Bart Van den Wyngaert <[EMAIL PROTECTED] > wrote:
Well I kind of need a DNS query. We used to register our DNS
records manually and also remove them. But in case the server is at the end
of it's lifecycle, we shut it down for some weeks (in case of migration
scenario) and then remove all it's registrations.
We're looking into a way that we don't need to power on the
server again, but still are able to remove all DNS registrations (server
itself, cluster resources, ...). So it would be like a DNS query... But if
there is something in AD that we can use as reference... Something like an
LDAP query for AD, but then on DNS seems like the best description.
Also there is a part that is always related to the server,
but there are extensions (ex. cluster resources), that's why I started
talking about wildcards...
I'll have a look into the dsquery tool you mentioned, as I'm
not familiar with that tool.... I'll get back to you.
Many thanks,
Bart
On 3/1/06, Ulf B. Simon-Weidner <[EMAIL PROTECTED] >
wrote:
Very true point - as long as you don't need it to be
a DNS-Query you can use dsquery or admod to query for the dnsNode-Objects in
the container hosting the DNS-Zones (out of my head since none of my test-dcs
is currenty running: cn=MicrosoftDNS,cn=system,dc=xxx where xxx is either the
domain or the application partition).
However keep in mind that those LDAP-Queries are
getting expensive when not querying all of them but specific and the wildcard
is in front - e.g . querying at *.domain.com is heavy on the server,
server01.* would be OK.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps":
http://tinyurl.com/44zcz <http://tinyurl.com/44zcz>
Weblog: http://msmvps.org/UlfBSimonWeidner
<http://msmvps.org/UlfBSimonWeidner>
Website: http://www.windowsserverfaq.org
<http://www.windowsserverfaq.org/>
Profile:
http://mvp.support.microsoft.com/profile="">
<http://mvp.support.microsoft.com/profile=""
D>
________________________________
From: [EMAIL PROTECTED]
[mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> ] On Behalf Of Paessens, Daniel
Sent: Wednesday, March 01, 2006 9:10 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT : Query DNS using
wildcards?
Hello,
Against what are you trying to perform a query. it's
possible to perform a query against AD by using a csvde command.
When using these command you are able to use some
wildcards.
Regards,
Daniel
________________________________
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> ] On Behalf Of Bart Van den
Wyngaert
Sent: Wednesday, March 01, 2006 15:43
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT : Query DNS using
wildcards?
Hello Ulf,
I agree on the point that it would open up an attack
surface, but on the other hand we want to keep our environment clean when a
server is at the end of lifecycle.
In a lot of cases the server is already powered off
some week before we start cleaning the different environments (to be sure
there is nothing forgotten). In case of a cluster, you have several hosts
registered into DNS and IP's for all the resources. We're looking into a way
to retrieve that info without the need to power on the server again...
Best regards,
Bart
On 3/1/06, Ulf B. Simon-Weidner
<[EMAIL PROTECTED] > wrote:
Hello Bart,
AFAIK DNS is not designed being queried with
a wildcard - which would open up a attack surface you definitelly don't want.
Closest thing you can do is performing a LS-Command against a DNS-Server (
e.g. with nslookup), however this requires the DNS-Server to allow zone
transfers to the machine where you perform the ls-command.
Ulf
________________________________
From: [EMAIL PROTECTED]
[mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED] > ] On Behalf Of Bart Van den
Wyngaert
Sent: Wednesday, March 01, 2006 1:34 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT : Query DNS using
wildcards?
Hi all,
We're looking at this moment for a way to
query DNS using wildcards, but untill now, no luck!
Does anybody knows a way to do this?
Thanks,
Bart
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
