RE: [ActiveDir] Verifying DNS records of many DC's
Sounds like a good thing Joe. I'd be interested. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Samstag, 17. April 2004 01:58 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Verifying DNS records of many DC's David, I forwarded on a zip to you with a scrubbed version. Let me know what you think. If anyone else was seriously looking forward to this let me know and based on the David's results I may or may not post it or put it on the web site. joe - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner Sent: Sunday, April 11, 2004 2:26 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Verifying DNS records of many DC's Cool. I'll be eagerly waiting. :) > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Sunday, April 11, 2004 13:06 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Verifying DNS records of many DC's > > I am actually working on a perl script to do this. I will see if it is > to a point that I would be willing to let people see it. The big > shortcoming right now is that it won't check GC records very well > because MS doesn't have a way (other than reading files on a DC) to > check to see what GCs are "supposed" to be covering what sites. > > It will also generate an output file that can be read by another > script I have that will use nsupdate to purge incorrect records. > > If I don't respond back on this in the next week and no one else has a > better solution, ping me. This will be a busy week as I am going back > to work after a week at the summit and another week where I was at > DEC. > > joe > > > - > http://www.joeware.net (download joeware) > http://www.cafeshops.com/joewarenet (wear joeware) > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of David Adner > Sent: Sunday, April 11, 2004 1:51 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Verifying DNS records of many DC's > > Verify all correct SRV records exist in their correct zones, no > stale/duplicate IP's, etc. We had a situation where we wanted to > verify each DC's DNS records were correct, but going through manually > (or using dnslint.exe over and over) is time consuming, so I was > curious if there's an easier way to go about this. > > > -----Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of deji Agba > > Sent: Sunday, April 11, 2004 12:27 > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Verifying DNS records of many DC's > > > > Check them/verify them for what? Check if they exist or if they are > > good? > > > > > > Sincerely, > > > > Dèjì Akómöláfé, MCSE MCSA MCP+I > > Microsoft MVP - Active Directory > > www.akomolafe.com > > www.iyaburo.com > > Do you now realize that Today is the Tomorrow you were > worried about > > Yesterday? -anon > > > > > > > > From: David Adner > > Sent: Sun 4/11/2004 10:16 AM > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] Verifying DNS records of many DC's > > > > > > What's the best way of verifying the AD related DNS records for a > > Domain that has upwards of 100+ DC's? I know dnslint.exe > will check > > records, but is there a way to get it to check the records > for so many > > DC's easily? Or some other tool? Thx > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ: http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Verifying DNS records of many DC's
David, I forwarded on a zip to you with a scrubbed version. Let me know what you think. If anyone else was seriously looking forward to this let me know and based on the David's results I may or may not post it or put it on the web site. joe - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner Sent: Sunday, April 11, 2004 2:26 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Verifying DNS records of many DC's Cool. I'll be eagerly waiting. :) > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Sunday, April 11, 2004 13:06 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Verifying DNS records of many DC's > > I am actually working on a perl script to do this. I will see if it is > to a point that I would be willing to let people see it. The big > shortcoming right now is that it won't check GC records very well > because MS doesn't have a way (other than reading files on a DC) to > check to see what GCs are "supposed" to be covering what sites. > > It will also generate an output file that can be read by another > script I have that will use nsupdate to purge incorrect records. > > If I don't respond back on this in the next week and no one else has a > better solution, ping me. This will be a busy week as I am going back > to work after a week at the summit and another week where I was at > DEC. > > joe > > > - > http://www.joeware.net (download joeware) > http://www.cafeshops.com/joewarenet (wear joeware) > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of David Adner > Sent: Sunday, April 11, 2004 1:51 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Verifying DNS records of many DC's > > Verify all correct SRV records exist in their correct zones, no > stale/duplicate IP's, etc. We had a situation where we wanted to > verify each DC's DNS records were correct, but going through manually > (or using dnslint.exe over and over) is time consuming, so I was > curious if there's an easier way to go about this. > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of deji Agba > > Sent: Sunday, April 11, 2004 12:27 > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Verifying DNS records of many DC's > > > > Check them/verify them for what? Check if they exist or if they are > > good? > > > > > > Sincerely, > > > > Dèjì Akómöláfé, MCSE MCSA MCP+I > > Microsoft MVP - Active Directory > > www.akomolafe.com > > www.iyaburo.com > > Do you now realize that Today is the Tomorrow you were > worried about > > Yesterday? -anon > > > > > > > > From: David Adner > > Sent: Sun 4/11/2004 10:16 AM > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] Verifying DNS records of many DC's > > > > > > What's the best way of verifying the AD related DNS records for a > > Domain that has upwards of 100+ DC's? I know dnslint.exe > will check > > records, but is there a way to get it to check the records > for so many > > DC's easily? Or some other tool? Thx > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ: http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Verifying DNS records of many DC's
FWIW - If your environment has HP OpenView Operations for Windows with the AD SPI, it will check all of these records for you assuming you are monitoring each DC. In addition, it will also determine if that each site is being covered by a GC and notify you if it is not the case. -Aric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner Sent: Sunday, April 11, 2004 11:26 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Verifying DNS records of many DC's Cool. I'll be eagerly waiting. :) > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Sunday, April 11, 2004 13:06 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Verifying DNS records of many DC's > > I am actually working on a perl script to do this. I will see > if it is to a point that I would be willing to let people see > it. The big shortcoming right now is that it won't check GC > records very well because MS doesn't have a way (other than > reading files on a DC) to check to see what GCs are > "supposed" to be covering what sites. > > It will also generate an output file that can be read by > another script I have that will use nsupdate to purge > incorrect records. > > If I don't respond back on this in the next week and no one > else has a better solution, ping me. This will be a busy week > as I am going back to work after a week at the summit and > another week where I was at DEC. > > joe > > > - > http://www.joeware.net (download joeware) > http://www.cafeshops.com/joewarenet (wear joeware) > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of David Adner > Sent: Sunday, April 11, 2004 1:51 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Verifying DNS records of many DC's > > Verify all correct SRV records exist in their correct zones, > no stale/duplicate IP's, etc. We had a situation where we > wanted to verify each DC's DNS records were correct, but > going through manually (or using dnslint.exe over and over) > is time consuming, so I was curious if there's an easier way > to go about this. > > > -Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of deji Agba > > Sent: Sunday, April 11, 2004 12:27 > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Verifying DNS records of many DC's > > > > Check them/verify them for what? Check if they exist or if they are > > good? > > > > > > Sincerely, > > > > Dèjì Akómöláfé, MCSE MCSA MCP+I > > Microsoft MVP - Active Directory > > www.akomolafe.com > > www.iyaburo.com > > Do you now realize that Today is the Tomorrow you were > worried about > > Yesterday? -anon > > > > > > > > From: David Adner > > Sent: Sun 4/11/2004 10:16 AM > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] Verifying DNS records of many DC's > > > > > > What's the best way of verifying the AD related DNS records for a > > Domain that has upwards of 100+ DC's? I know dnslint.exe > will check > > records, but is there a way to get it to check the records > for so many > > DC's easily? Or some other tool? Thx > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ: http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Verifying DNS records of many DC's
Cool. I'll be eagerly waiting. :) > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Sunday, April 11, 2004 13:06 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Verifying DNS records of many DC's > > I am actually working on a perl script to do this. I will see > if it is to a point that I would be willing to let people see > it. The big shortcoming right now is that it won't check GC > records very well because MS doesn't have a way (other than > reading files on a DC) to check to see what GCs are > "supposed" to be covering what sites. > > It will also generate an output file that can be read by > another script I have that will use nsupdate to purge > incorrect records. > > If I don't respond back on this in the next week and no one > else has a better solution, ping me. This will be a busy week > as I am going back to work after a week at the summit and > another week where I was at DEC. > > joe > > > - > http://www.joeware.net (download joeware) > http://www.cafeshops.com/joewarenet (wear joeware) > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of David Adner > Sent: Sunday, April 11, 2004 1:51 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Verifying DNS records of many DC's > > Verify all correct SRV records exist in their correct zones, > no stale/duplicate IP's, etc. We had a situation where we > wanted to verify each DC's DNS records were correct, but > going through manually (or using dnslint.exe over and over) > is time consuming, so I was curious if there's an easier way > to go about this. > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of deji Agba > > Sent: Sunday, April 11, 2004 12:27 > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Verifying DNS records of many DC's > > > > Check them/verify them for what? Check if they exist or if they are > > good? > > > > > > Sincerely, > > > > Dèjì Akómöláfé, MCSE MCSA MCP+I > > Microsoft MVP - Active Directory > > www.akomolafe.com > > www.iyaburo.com > > Do you now realize that Today is the Tomorrow you were > worried about > > Yesterday? -anon > > > > > > > > From: David Adner > > Sent: Sun 4/11/2004 10:16 AM > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] Verifying DNS records of many DC's > > > > > > What's the best way of verifying the AD related DNS records for a > > Domain that has upwards of 100+ DC's? I know dnslint.exe > will check > > records, but is there a way to get it to check the records > for so many > > DC's easily? Or some other tool? Thx > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ: http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Verifying DNS records of many DC's
I am actually working on a perl script to do this. I will see if it is to a point that I would be willing to let people see it. The big shortcoming right now is that it won't check GC records very well because MS doesn't have a way (other than reading files on a DC) to check to see what GCs are "supposed" to be covering what sites. It will also generate an output file that can be read by another script I have that will use nsupdate to purge incorrect records. If I don't respond back on this in the next week and no one else has a better solution, ping me. This will be a busy week as I am going back to work after a week at the summit and another week where I was at DEC. joe - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner Sent: Sunday, April 11, 2004 1:51 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Verifying DNS records of many DC's Verify all correct SRV records exist in their correct zones, no stale/duplicate IP's, etc. We had a situation where we wanted to verify each DC's DNS records were correct, but going through manually (or using dnslint.exe over and over) is time consuming, so I was curious if there's an easier way to go about this. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of deji Agba > Sent: Sunday, April 11, 2004 12:27 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Verifying DNS records of many DC's > > Check them/verify them for what? Check if they exist or if they are > good? > > > Sincerely, > > Dèjì Akómöláfé, MCSE MCSA MCP+I > Microsoft MVP - Active Directory > www.akomolafe.com > www.iyaburo.com > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > > > > From: David Adner > Sent: Sun 4/11/2004 10:16 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Verifying DNS records of many DC's > > > What's the best way of verifying the AD related DNS records for a > Domain that has upwards of 100+ DC's? I know dnslint.exe will check > records, but is there a way to get it to check the records for so many > DC's easily? Or some other tool? Thx > > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Verifying DNS records of many DC's
Hi David,
It seems to me the best way to check these would be part of a dcdiag execution. If
these DCs are all part of a root/child domain structure, you could run "dcdiag /e /v"
on your FSMO role holder. Enter "dcdiag /?" for details.
Mike Thommes
-Original Message-
From: David Adner [mailto:[EMAIL PROTECTED]
Sent: Sun 4/11/2004 12:50 PM
To: [EMAIL PROTECTED]
Cc:
Subject: RE: [ActiveDir] Verifying DNS records of many DC's
Verify all correct SRV records exist in their correct zones, no
stale/duplicate IP's, etc. We had a situation where we wanted to verify
each DC's DNS records were correct, but going through manually (or using
dnslint.exe over and over) is time consuming, so I was curious if there's an
easier way to go about this.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of deji Agba
> Sent: Sunday, April 11, 2004 12:27
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] Verifying DNS records of many DC's
>
> Check them/verify them for what? Check if they exist or if
> they are good?
>
>
> Sincerely,
>
> Dèjì Akómöláfé, MCSE MCSA MCP+I
> Microsoft MVP - Active Directory
> www.akomolafe.com
> www.iyaburo.com
> Do you now realize that Today is the Tomorrow you were
> worried about Yesterday? -anon
>
>
>
> From: David Adner
> Sent: Sun 4/11/2004 10:16 AM
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] Verifying DNS records of many DC's
>
>
> What's the best way of verifying the AD related DNS records
> for a Domain that has upwards of 100+ DC's? I know
> dnslint.exe will check records, but is there a way to get it
> to check the records for so many DC's easily? Or some other
> tool? Thx
>
>
> List info : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Verifying DNS records of many DC's
Verify all correct SRV records exist in their correct zones, no stale/duplicate IP's, etc. We had a situation where we wanted to verify each DC's DNS records were correct, but going through manually (or using dnslint.exe over and over) is time consuming, so I was curious if there's an easier way to go about this. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of deji Agba > Sent: Sunday, April 11, 2004 12:27 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Verifying DNS records of many DC's > > Check them/verify them for what? Check if they exist or if > they are good? > > > Sincerely, > > Dèjì Akómöláfé, MCSE MCSA MCP+I > Microsoft MVP - Active Directory > www.akomolafe.com > www.iyaburo.com > Do you now realize that Today is the Tomorrow you were > worried about Yesterday? -anon > > > > From: David Adner > Sent: Sun 4/11/2004 10:16 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Verifying DNS records of many DC's > > > What's the best way of verifying the AD related DNS records > for a Domain that has upwards of 100+ DC's? I know > dnslint.exe will check records, but is there a way to get it > to check the records for so many DC's easily? Or some other > tool? Thx > > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Verifying DNS records of many DC's
Check them/verify them for what? Check if they exist or if they are good? Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Active Directorywww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: David AdnerSent: Sun 4/11/2004 10:16 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Verifying DNS records of many DC's What's the best way of verifying the AD related DNS records for a Domain that has upwards of 100+ DC's? I know dnslint.exe will check records, but is there a way to get it to check the records for so many DC's easily? Or some other tool? Thx List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
