There's a cmd line tool bundled with DNS called dnscmd. You can use it to make these sorts of bulk changes. What I would do is either a) use this tool to enumerate all the records in the zone and then set the flag, or, you could set the timestamp directly to -1 or 0 (I forget what it is) in AD and have the same effect as it may be easier to just do an ldap query and pipe that into something (e.g. adfind | admod).
Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: Fergal O'Connell [mailto:foconn...@curamsoftware.com] Sent: Friday, July 09, 2010 12:26 PM To: NT System Admin Issues Subject: RE: DNS Scavenging Sorry what I meant to say was Enable scavenging on all the zones but remove the "delete this record when it becomes stale". Can you elaborate on If you want to touch all the records in a zone you'll need a loop on top of dnscmd.? From: Brian Desmond [mailto:br...@briandesmond.com] Sent: 09 July 2010 16:38 To: NT System Admin Issues Subject: RE: DNS Scavenging Hi- If you turn off scavenging on the zones you'll defeat the purpose of having it enabled. You don't need to touch the settings on any of those SRV records for AD. Likewise with the PTR records you shouldn't need to touch them. If you want to touch all the records in a zone you'll need a loop on top of dnscmd. Thanks, Brian Desmond br...@briandesmond.com<mailto:br...@briandesmond.com> c - 312.731.3132 From: Fergal O'Connell [mailto:foconn...@curamsoftware.com] Sent: Friday, July 09, 2010 4:29 AM To: NT System Admin Issues Subject: DNS Scavenging Hi All, I am looking to set up DNS Scavenging on our DNS server. And I have a few questions: Should I turn off scavenging on the Forward Lookup Zones's and its sub folders? By removing the "delete this record when it becomes stale" There are a lot of_ldap srv and HOST A records with the scavenging set. Realistically these servers will always on We also have about 10+ subnets and 2 of these subnets contain all our main servers which have DHCP reservations etc Some of these DNS entries have "delete this record when it becomes stale" set and some do not have this set. Can I force to have this setting turned off on all 512 hosts in these 2 x /24 subnets? Anything else I want to watch out for? Regards Fergal O'Connell ICT Support The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
