RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
Nah I think you missed what I was saying. When I said AD is a big bucket of nails, I was trying to say, it is an LDAP directory, its in the owners manual. Being an LDAP directory, the natural way of retrieving info out of it is with LDAP. You simply need to work out the format of the data which is the same you do for any attribute say pwdLastSet or whatever. In terms of efficiency, if this is something that has to be done multiple times (almost always the case, very often you don't do something once unless it is a bulk update) then scripting the solution (especially in a way that doesn't require configuration changes that will be changed back each time) is going to end up being by far the more efficient and safe way. I don't consider small perl scripts to be big guns of programming. I have some big gun perl scripts but they run thousands of lines just in logic whereas most of this script was comment and formatting lines and it was only maybe 130 lines. Probably 50 lines without formatting/commenting and could have been even tighter had I specified where to start directly or not allowed it to be done on a domain by domain basis. Totally a difference of opinion in definition there, but I do A LOT of scripting as trying to use native tools is almost always too inflexible or slow for us. We write scripts and slowly tweak them as we need different things. The more scripting you do, the faster you get at it and the more powerful a tool it becomes for you. As a rule I like to keep things within a single script, as that way it is easier to fully automate or make into a web page. Having multiple manual processes to accomplish something is usually difficult to get automated. The exception is when I am modifying things, at that point I tend to like to do the lookups and decision making in one script and the updates in another as I like to slow myself down. As I get more comfortable with the changes and have done it lots of times manually then I will combine the scripts. Its all fun. - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, AlSent: Tuesday, March 30, 2004 9:30 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? lol. Cut once, pound to fit? LDAP is a directory, as is DNS both of which are optimized for fast reads. One is just specialized for one task that the other isn't. When either can work, I suppose it's often left to preference, but I hate to get out the big guns of programming when something is already done that can do the job with less effort. Seems inefficient to me. Either way, the solution was found and you helped him out in a way he was happy with. Al From: joe [mailto:[EMAIL PROTECTED] Sent: Monday, March 29, 2004 7:03 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Active Directory is a big bucket of nails Using LDAP doesn't require making configuration changes that should go through a change control process and could be messed up by mistake. Also doesn't require Admin rights. - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, AlSent: Monday, March 29, 2004 12:11 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Not that I don't like LDAP, Joe but when all of my solutions are a hammer, my problems begin to look like nails ;) I think this is a problem with an easier solution that reading via LDAP. That's way overkill for what he's looking to do. He could just as easily change perms and allow himself to transfer the zone to his own workstation and pipe it to a text file. Lot simpler. He could also use a batch file and the dnscmd utility and be done already. Al From: joe [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 5:22 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Interesting problem. What specifically do you need out of the octet string, just the host name? Anyone have a map of what exactly is in octet string or what data should be in it even if you don't know the format? I would assume probably serial number and some other info? It isn't in MSDN that I see. dn:DC=0,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com>dnsRecord: 0B00 0C00 05F0 0200 0E10 0901 0762 6F62 7465 7374 00 dn:DC=1,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com>dnsRecord: 0C00 0C00 05F0 0300 0E10 0A01 0862 6F62 7465 7374 3200 From this it
RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
lol. Cut once, pound to fit? LDAP is a directory, as is DNS both of which are optimized for fast reads. One is just specialized for one task that the other isn't. When either can work, I suppose it's often left to preference, but I hate to get out the big guns of programming when something is already done that can do the job with less effort. Seems inefficient to me. Either way, the solution was found and you helped him out in a way he was happy with. Al From: joe [mailto:[EMAIL PROTECTED] Sent: Monday, March 29, 2004 7:03 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Active Directory is a big bucket of nails Using LDAP doesn't require making configuration changes that should go through a change control process and could be messed up by mistake. Also doesn't require Admin rights. - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, AlSent: Monday, March 29, 2004 12:11 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Not that I don't like LDAP, Joe but when all of my solutions are a hammer, my problems begin to look like nails ;) I think this is a problem with an easier solution that reading via LDAP. That's way overkill for what he's looking to do. He could just as easily change perms and allow himself to transfer the zone to his own workstation and pipe it to a text file. Lot simpler. He could also use a batch file and the dnscmd utility and be done already. Al From: joe [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 5:22 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Interesting problem. What specifically do you need out of the octet string, just the host name? Anyone have a map of what exactly is in octet string or what data should be in it even if you don't know the format? I would assume probably serial number and some other info? It isn't in MSDN that I see. dn:DC=0,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com>dnsRecord: 0B00 0C00 05F0 0200 0E10 0901 0762 6F62 7465 7374 00 dn:DC=1,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com>dnsRecord: 0C00 0C00 05F0 0300 0E10 0A01 0862 6F62 7465 7374 3200 From this it appears that the hostname starts at about the 13th dword. So above would be 0A01 0862 6F62 7465 7374 3200 and 0A01 0862 6F62 7465 7374 3200 for the names which would resolve into bobtest and bobtest2. This could be done fairly painlessly with perl I think... As for Al's question about why enumerate via LDAP? Because its there baby, that is the beauty of using LDAP. If you aren't going to do LDAP queries, might as well be using a SQL Server or flat file or something. Let me see what I can do with this. I just put the Disturbed CD in, feeling like doing some hacking. BTW, if you didn't go to the Directory Experts Conference, you missed a good time. NetPro did a good job and there was a lot of good discussions. Plus some of the stuff Stuart was talking about was pretty darn cool. - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, March 26, 2004 3:18 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? David, I am sure it will work but my DNS as over 45000+ objects and it is running on a production network. It scares me a little to do that. Y From: Chianese, David P.Sent: Fri 26/03/2004 2:47 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? As Al mentioned, why not convert the zone to Std. Primary and take a copy of the zone files that are written to disk. Then revert it back to ADI. I have done this before without incident to supply our BIND unix servers copies (or pieces) of our zone files. I have done this in the past for stale PTR records as well. Regards, Dave -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of ADSent: Friday, March 26, 2004 2:30 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? I am looking for duplicate registrations in the reverse lookup zone. I am hoping to export everything to txt (4+ objects) file so I can parse using excel. I actually found the article you mention but the I have to install the WMI provider on the DC. I am hoping to avoid this if I can. Tha't why I am hoping to use LDAP with some sort of OctetString convert
RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
I replied to Yves offlist. If anyone else tried to use this and had a problem, let me know and I will post the final solution as to what we find wrong. - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Monday, March 29, 2004 11:12 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Hey Joe, Thanks for the script. I tried running it on our domain here but it does not return anything. Not knowing Perl makes it hard to troubleshoot :-). Are you connecting to the GC catalog in your adfind? Can I specify a server name instead? Thanks Yves From: joeSent: Sat 27/03/2004 5:19 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Hmm. Can a non-perl person understand the perl code... Depends on the non-perl person I guess. That perl that makes up that script is not the easiest to convert to vbscript. If vbscript would have been easy to do this in, I probably would have gone that way, overall though I have to say that I don't much like vbscript. It isn't that I don't code in it, just don't prefer to. Whereas perl makes difficult things easy, vbscript seems to like to make some difficult things impossible and easy things merely difficult. Vbscript's strong point is not text manipulation. You don't need to know perl to use that script, simply download perl (preferably from activestate.com) and load it and run the script. It should work from any 2K+ machine just fine. You most certainly should be able to tweak it around to make it display the info differently etc. Yes DEC did occur, it was last week. Very good conference. - http://www.joeware.net/ (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, March 26, 2004 7:19 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Yep, I'm looking for the hostname. The hostname is not stored in a separate attribute that I can see. You definitely found the right attribute. Is that funky or what? I agree with you, LDAP all the way baby. Can a non perl person understand the perl code and convert it VBScript easily? I'm a vbscript person myself. I was at the conference last year, the one hosted in Ottawa. I believe this year it's in Washington. Has it happened yet? Plenty of good information there for sure. Thanks Yves From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Friday, March 26, 2004 5:22 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Interesting problem. What specifically do you need out of the octet string, just the host name? Anyone have a map of what exactly is in octet string or what data should be in it even if you don't know the format? I would assume probably serial number and some other info? It isn't in MSDN that I see. dn:DC=0,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com>dnsRecord: 0B00 0C00 05F0 0200 0E10 0901 0762 6F62 7465 7374 00 dn:DC=1,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com>dnsRecord: 0C00 0C00 05F0 0300 0E10 0A01 0862 6F62 7465 7374 3200 From this it appears that the hostname starts at about the 13th dword. So above would be 0A01 0862 6F62 7465 7374 3200 and 0A01 0862 6F62 7465 7374 3200 for the names which would resolve into bobtest and bobtest2. This could be done fairly painlessly with perl I think... As for Al's question about why enumerate via LDAP? Because its there baby, that is the beauty of using LDAP. If you aren't going to do LDAP queries, might as well be using a SQL Server or flat file or something. Let me see what I can do with this. I just put the Disturbed CD in, feeling like doing some hacking. BTW, if you didn't go to the Directory Experts Conference, you missed a good time. NetPro did a good job and there was a lot of good discussions. Plus some of the stuff Stuart was talking about was pretty darn cool. - http://www.joeware.net/ (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, March 26, 2004 3:18 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? David, I am sure it will work but my DNS as over 45000+ objects and it is running on a production network. It scares me a little to do that. Y From: Chianese, David P.Sent: Fri 26/03/2004 2:47 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecor
RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
Not that I don't like LDAP, Joe but when all of my solutions are a hammer, my problems begin to look like nails ;) I think this is a problem with an easier solution that reading via LDAP. That's way overkill for what he's looking to do. He could just as easily change perms and allow himself to transfer the zone to his own workstation and pipe it to a text file. Lot simpler. He could also use a batch file and the dnscmd utility and be done already. Al From: joe [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 5:22 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Interesting problem. What specifically do you need out of the octet string, just the host name? Anyone have a map of what exactly is in octet string or what data should be in it even if you don't know the format? I would assume probably serial number and some other info? It isn't in MSDN that I see. dn:DC=0,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com>dnsRecord: 0B00 0C00 05F0 0200 0E10 0901 0762 6F62 7465 7374 00 dn:DC=1,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com>dnsRecord: 0C00 0C00 05F0 0300 0E10 0A01 0862 6F62 7465 7374 3200 From this it appears that the hostname starts at about the 13th dword. So above would be 0A01 0862 6F62 7465 7374 3200 and 0A01 0862 6F62 7465 7374 3200 for the names which would resolve into bobtest and bobtest2. This could be done fairly painlessly with perl I think... As for Al's question about why enumerate via LDAP? Because its there baby, that is the beauty of using LDAP. If you aren't going to do LDAP queries, might as well be using a SQL Server or flat file or something. Let me see what I can do with this. I just put the Disturbed CD in, feeling like doing some hacking. BTW, if you didn't go to the Directory Experts Conference, you missed a good time. NetPro did a good job and there was a lot of good discussions. Plus some of the stuff Stuart was talking about was pretty darn cool. - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, March 26, 2004 3:18 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? David, I am sure it will work but my DNS as over 45000+ objects and it is running on a production network. It scares me a little to do that. Y From: Chianese, David P.Sent: Fri 26/03/2004 2:47 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? As Al mentioned, why not convert the zone to Std. Primary and take a copy of the zone files that are written to disk. Then revert it back to ADI. I have done this before without incident to supply our BIND unix servers copies (or pieces) of our zone files. I have done this in the past for stale PTR records as well. Regards, Dave -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of ADSent: Friday, March 26, 2004 2:30 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? I am looking for duplicate registrations in the reverse lookup zone. I am hoping to export everything to txt (4+ objects) file so I can parse using excel. I actually found the article you mention but the I have to install the WMI provider on the DC. I am hoping to avoid this if I can. Tha't why I am hoping to use LDAP with some sort of OctetString converter. Y From: Mulnick, AlSent: Fri 26/03/2004 1:04 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? You mean like a zone transfer? DNS.CMD could be useful, scripting could be useful such as this one http://www.microsoft.com/technet/community/scriptcenter/network/scnet163.mspx (note the requirements). DNSLINT might have some value for you as well. Heck, Nslookup in a loop might be useful but you'd have to know what you're going after. Saying all of that, you could transfer the zone to a non-integrated instance and parse the zone file if you really wanted to. I'd opt for the script, but that's me. Al From: AD [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 1:00 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Hi Al, Can you elaborate how I can export the entire zone via DNS. Thanks Yves From: Mulnick, AlSent: Fri 26/03/2004 11:57 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
Hey Joe, Thanks for the script. I tried running it on our domain here but it does not return anything. Not knowing Perl makes it hard to troubleshoot :-). Are you connecting to the GC catalog in your adfind? Can I specify a server name instead? Thanks Yves From: joeSent: Sat 27/03/2004 5:19 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Hmm. Can a non-perl person understand the perl code... Depends on the non-perl person I guess. That perl that makes up that script is not the easiest to convert to vbscript. If vbscript would have been easy to do this in, I probably would have gone that way, overall though I have to say that I don't much like vbscript. It isn't that I don't code in it, just don't prefer to. Whereas perl makes difficult things easy, vbscript seems to like to make some difficult things impossible and easy things merely difficult. Vbscript's strong point is not text manipulation. You don't need to know perl to use that script, simply download perl (preferably from activestate.com) and load it and run the script. It should work from any 2K+ machine just fine. You most certainly should be able to tweak it around to make it display the info differently etc. Yes DEC did occur, it was last week. Very good conference. - http://www.joeware.net/ (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, March 26, 2004 7:19 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Yep, I'm looking for the hostname. The hostname is not stored in a separate attribute that I can see. You definitely found the right attribute. Is that funky or what? I agree with you, LDAP all the way baby. Can a non perl person understand the perl code and convert it VBScript easily? I'm a vbscript person myself. I was at the conference last year, the one hosted in Ottawa. I believe this year it's in Washington. Has it happened yet? Plenty of good information there for sure. Thanks Yves From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Friday, March 26, 2004 5:22 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Interesting problem. What specifically do you need out of the octet string, just the host name? Anyone have a map of what exactly is in octet string or what data should be in it even if you don't know the format? I would assume probably serial number and some other info? It isn't in MSDN that I see. dn:DC=0,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com>dnsRecord: 0B00 0C00 05F0 0200 0E10 0901 0762 6F62 7465 7374 00 dn:DC=1,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com>dnsRecord: 0C00 0C00 05F0 0300 0E10 0A01 0862 6F62 7465 7374 3200 From this it appears that the hostname starts at about the 13th dword. So above would be 0A01 0862 6F62 7465 7374 3200 and 0A01 0862 6F62 7465 7374 3200 for the names which would resolve into bobtest and bobtest2. This could be done fairly painlessly with perl I think... As for Al's question about why enumerate via LDAP? Because its there baby, that is the beauty of using LDAP. If you aren't going to do LDAP queries, might as well be using a SQL Server or flat file or something. Let me see what I can do with this. I just put the Disturbed CD in, feeling like doing some hacking. BTW, if you didn't go to the Directory Experts Conference, you missed a good time. NetPro did a good job and there was a lot of good discussions. Plus some of the stuff Stuart was talking about was pretty darn cool. - http://www.joeware.net/ (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, March 26, 2004 3:18 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? David, I am sure it will work but my DNS as over 45000+ objects and it is running on a production network. It scares me a little to do that. Y From: Chianese, David P.Sent: Fri 26/03/2004 2:47 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? As Al mentioned, why not convert the zone to Std. Primary and take a copy of the zone files that are written to disk. Then revert it back to ADI. I have done this before without incident to supply our BIND unix servers copies (or pieces) of our zone files. I have done this in the past for stale PTR records as well. Regards, Dave -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of ADSent: Friday, March 26, 2004 2:30 PMTo: [EMAIL PROTECTED]Subject: RE: [Act
RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
Hmm. Can a non-perl person understand the perl code... Depends on the non-perl person I guess. That perl that makes up that script is not the easiest to convert to vbscript. If vbscript would have been easy to do this in, I probably would have gone that way, overall though I have to say that I don't much like vbscript. It isn't that I don't code in it, just don't prefer to. Whereas perl makes difficult things easy, vbscript seems to like to make some difficult things impossible and easy things merely difficult. Vbscript's strong point is not text manipulation. You don't need to know perl to use that script, simply download perl (preferably from activestate.com) and load it and run the script. It should work from any 2K+ machine just fine. You most certainly should be able to tweak it around to make it display the info differently etc. Yes DEC did occur, it was last week. Very good conference. - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, March 26, 2004 7:19 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Yep, I'm looking for the hostname. The hostname is not stored in a separate attribute that I can see. You definitely found the right attribute. Is that funky or what? I agree with you, LDAP all the way baby. Can a non perl person understand the perl code and convert it VBScript easily? I'm a vbscript person myself. I was at the conference last year, the one hosted in Ottawa. I believe this year it's in Washington. Has it happened yet? Plenty of good information there for sure. Thanks Yves From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Friday, March 26, 2004 5:22 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Interesting problem. What specifically do you need out of the octet string, just the host name? Anyone have a map of what exactly is in octet string or what data should be in it even if you don't know the format? I would assume probably serial number and some other info? It isn't in MSDN that I see. dn:DC=0,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com>dnsRecord: 0B00 0C00 05F0 0200 0E10 0901 0762 6F62 7465 7374 00 dn:DC=1,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com>dnsRecord: 0C00 0C00 05F0 0300 0E10 0A01 0862 6F62 7465 7374 3200 From this it appears that the hostname starts at about the 13th dword. So above would be 0A01 0862 6F62 7465 7374 3200 and 0A01 0862 6F62 7465 7374 3200 for the names which would resolve into bobtest and bobtest2. This could be done fairly painlessly with perl I think... As for Al's question about why enumerate via LDAP? Because its there baby, that is the beauty of using LDAP. If you aren't going to do LDAP queries, might as well be using a SQL Server or flat file or something. Let me see what I can do with this. I just put the Disturbed CD in, feeling like doing some hacking. BTW, if you didn't go to the Directory Experts Conference, you missed a good time. NetPro did a good job and there was a lot of good discussions. Plus some of the stuff Stuart was talking about was pretty darn cool. - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, March 26, 2004 3:18 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? David, I am sure it will work but my DNS as over 45000+ objects and it is running on a production network. It scares me a little to do that. Y From: Chianese, David P.Sent: Fri 26/03/2004 2:47 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? As Al mentioned, why not convert the zone to Std. Primary and take a copy of the zone files that are written to disk. Then revert it back to ADI. I have done this before without incident to supply our BIND unix servers copies (or pieces) of our zone files. I have done this in the past for stale PTR records as well. Regards, Dave -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of ADSent: Friday, March 26, 2004 2:30 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? I am looking for duplicate registrations in the reverse lookup zone. I am hoping to export everything to txt (4+ objects) file so I can parse using excel. I actually found the article you mention but the I have to install the WMI provider on the DC. I am hoping to
RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
Title: Message
*CONFIDENTIALITY NOTICE*
This e-mail may contain information that is privileged, confidential, or otherwise exempt from disclosure under applicable law. If you are not the addressee or it appears from the context or otherwise that you have received this e-mail in error, please advise me immediately by reply e-mail, keep the contents confidential, and immediately delete the message and any attachments from your system.
*
Thanks, Joe.
I for
one find these things very useful. Maybe not today, maybe not tomorrow,
but soon.
JJ
-Original Message-From: joe
[mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 4:31
PMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] Anyone ever convert dnsRecord attribute?
Ok sorry for the delay, one of my nano marine tanks (5
gallon) had a thermostat crack and blow up and it took out a circuit
breaker (electrical device exposed in a tank of water, go figure). I am just
hoping everything didn't get zilched out. I know the fish and hermit crabs
survived, not so sure about the corrals and fan tails.
Anyway, here is a quick and dirty script to do
this
##*
Anti-DSinAddr.PL
*#*==*#*
Author : Joe Richards ([EMAIL PROTECTED])
*#* Version:
V01.00.00
*#* Modification
History:
*#* V01.00.00 2004.03.26
joe Original
Version
*#*--*#*
This script pulls out host names out of an AD integrated reverse dns
zone
*#*--*#*
Notes:
*##*
This script requires ADFIND to be available to do the
queries...
*#
##*
Definitions:
*#*--*#*
$TRUE : Define True for
testing.
*#* $FALSE :
Define False for
testing.
*#*
$YES : Define Yes for
testing.
*#*
$NO : Define No
for
testing.
*#* $SCRIPTPATH : Path to
script.
*#$TRUE=1;$FALSE=0;$YES=1;$NO=0;($SCRIPTPATH)=($0=~/(^.*)\\.*$/);
## Display
header#print "\nAnti-DSinAddr V01.00.00pl Joe Richards
([EMAIL PROTECTED]) March 2004\n\n";
## Pull
base and do initial dns zone search#my $base=shift;my $cmd="adfind
-gc -b $base -f name=microsoftdns -dn";my @out=`$cmd 2>nul`;my
@rs=grep(/dn:/,@out);chomp @rs;map {s/^dn://} @rs;
## Go
find reverse zones#print "Locating DNS in-addr arpa zones...\n";my
@zones=();foreach $this(sort @rs) { print
"$this\n"; $cmd="adfind -gc -b $this -f * -dn -s one";
@out=`$cmd 2>nul`; @rs2=grep(/in-addr.arpa/,@out);
chomp @rs2; map {s/^dn://} @rs2; push @zones,@rs2;
@rs2=(); }
## Loop
through zones and pull info#foreach $thiszone (sort
@zones) { print "Zone: $thiszone\n"; $cmd="adfind
-b $thiszone -f \"&(objectcategory=dnsnode)(dc>=0)\" -s one
dnsrecord"; @out=`$cmd 2>nul`; chomp @out;
$dn=""; foreach $thisline (@out)
{ if ($dn eq "")
{
($dn)=($thisline=~/^dn:(.+)/);
next; } if
($thisline=~/^>dnsRecord: (.+)/)
{ push
@records,$1;
next; }
if ($thisline!~/\w/)
{ next unless
$dn; print
DecodeRecord($dn,[EMAIL PROTECTED]);
$dn="";
@records=();
next; }
RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
--*sub
DecodeRecord { my @rs=(); my $dn=shift;
my $refrecords=shift; my
$hostip=join(".",($dn=~/DC=(\d{2,2}).(\d{2,2}).(\d{2,2})/)).".".($dn=~/^DC=(\d+),/)[0];
foreach $thisrecord (@$refrecords) { my
$hostnamehex=substr(join("",split(/\s/,$thisrecord)),54);
my $hostname=""; map {$hostname.=chr(hex($_))}
($hostnamehex=~/(..)/g); push
@rs,"$hostip;$hostname\n"; } return
@rs; }
Here
is what the output would look like
[Fri 03/26/2004
19:12:59.47]F:\DEV\Perl\Anti-DSinAddr>anti-dsinaddr
Anti-DSinAddr V01.00.00pl Joe Richards ([EMAIL PROTECTED]) March 2004
Locating DNS in-addr arpa
zones...CN=MicrosoftDNS,CN=System,DC=joe,DC=comZone:
DC=68.69.69.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joe,DC=com68.69.69.0;workstation068.69.69.1;workstation2Zone:
DC=69.69.69.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joe,DC=com69.69.69.0;server0-a69.69.69.0;server069.69.69.1;server1
[Fri 03/26/2004
19:13:01.23]F:\DEV\Perl\Anti-DSinAddr>
Now
this script was only tested in my little home test environment. I do not
normally run AD integrated DNS at home and definitely don't do so at work or
else I would do a little more testing on it. If it blows up, let me know.
Note
that the example above shows two host names for 69.69.69.0; this is correct
output. I did it on purpose to make sure I would catch that case. The GUI allows
that to be configured and obviously since dnsRecord is multivalued it also
allows it.
You
can run it two ways. The first is just type the name of the script and it will
find a GC and then find the reverse zones and start decoding or if you want to
give it a search base you can do that like this
anti-dsinaddr
ou=someou,dc=somedomain,dc=com
Let me
know if it works for you.
Oh
Robbie, if you are reading this, you have permission to post to your cookbook
web site if you see value in it. Just let me know you did so I can keep it in
mind if I do anything with it later.
Overall to everyone else - do you find things like this
useful when I do them and post them?
joe
-
http://www.joeware.net (download joeware)
http://www.cafeshops.com/joewarenet (wear joeware)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Friday, March 26, 2004 5:22 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever
convert dnsRecord attribute?
Interesting problem.
What specifically do you need out of the octet string, just
the host name?
Anyone have a map of what exactly is in octet string or
what data should be in it even if you don't know the format? I would assume
probably serial number and some other info? It isn't in MSDN that I see.
dn:DC=0,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com>dnsRecord:
0B00 0C00 05F0 0200 0E10 0901 0762 6F62 7465
7374 00
dn:DC=1,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com>dnsRecord:
0C00 0C00 05F0 0300 0E10 0A01 0862 6F62 7465
7374 3200
From this it appears that the hostname starts at about the
13th dword. So above would be 0A01 0862 6F62 7465 7374 3200 and 0A01 0862 6F62
7465 7374 3200 for the names which would resolve into bobtest and bobtest2.
This could be done fairly painlessly with perl I think...
As for Al's question about why enumerate via LDAP? Because
its there baby, that is the beauty of using LDAP. If you aren't going to do LDAP
queries, might as well be using a SQL Server or flat file or something.
Let me see what I can do with this. I just put the
Disturbed CD in, feeling like doing some hacking.
BTW, if you didn't go to the Directory Experts Conference,
you missed a good time. NetPro did a good job and there was a lot of good
discussions. Plus some of the stuff Stuart was talking about was pretty darn
cool.
-
http://www.joeware.net (download joeware)
http://www.cafeshops.com/joewarenet (wear joeware)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
ADSent: Friday, March 26, 2004 3:18 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever
convert dnsRecord attribute?
David,
I am sure it will work but my DNS as over
45000+ objects and it is running on a production network. It scares me a little
to do that.
Y
From: Chianese, David P.Sent: Fri
26/03/2004 2:47 PMTo: [EMAIL PROTECTED]Subject:
RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
As Al
mentioned, why not convert the zone to Std. Primary and take a copy of the zone
files that are written to disk. Then revert it back to ADI. I have
done this before without incident to supply our BIND unix servers
copies (or pieces) of our zone files. I have done this in the past for
stale PTR records a
RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
Yep, I'm looking for the hostname. The hostname is not stored in a separate attribute that I can see. You definitely found the right attribute. Is that funky or what? I agree with you, LDAP all the way baby. Can a non perl person understand the perl code and convert it VBScript easily? I'm a vbscript person myself. I was at the conference last year, the one hosted in Ottawa. I believe this year it's in Washington. Has it happened yet? Plenty of good information there for sure. Thanks Yves From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Friday, March 26, 2004 5:22 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Interesting problem. What specifically do you need out of the octet string, just the host name? Anyone have a map of what exactly is in octet string or what data should be in it even if you don't know the format? I would assume probably serial number and some other info? It isn't in MSDN that I see. dn:DC=0,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com>dnsRecord: 0B00 0C00 05F0 0200 0E10 0901 0762 6F62 7465 7374 00 dn:DC=1,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com>dnsRecord: 0C00 0C00 05F0 0300 0E10 0A01 0862 6F62 7465 7374 3200 From this it appears that the hostname starts at about the 13th dword. So above would be 0A01 0862 6F62 7465 7374 3200 and 0A01 0862 6F62 7465 7374 3200 for the names which would resolve into bobtest and bobtest2. This could be done fairly painlessly with perl I think... As for Al's question about why enumerate via LDAP? Because its there baby, that is the beauty of using LDAP. If you aren't going to do LDAP queries, might as well be using a SQL Server or flat file or something. Let me see what I can do with this. I just put the Disturbed CD in, feeling like doing some hacking. BTW, if you didn't go to the Directory Experts Conference, you missed a good time. NetPro did a good job and there was a lot of good discussions. Plus some of the stuff Stuart was talking about was pretty darn cool. - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, March 26, 2004 3:18 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? David, I am sure it will work but my DNS as over 45000+ objects and it is running on a production network. It scares me a little to do that. Y From: Chianese, David P.Sent: Fri 26/03/2004 2:47 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? As Al mentioned, why not convert the zone to Std. Primary and take a copy of the zone files that are written to disk. Then revert it back to ADI. I have done this before without incident to supply our BIND unix servers copies (or pieces) of our zone files. I have done this in the past for stale PTR records as well. Regards, Dave -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of ADSent: Friday, March 26, 2004 2:30 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? I am looking for duplicate registrations in the reverse lookup zone. I am hoping to export everything to txt (4+ objects) file so I can parse using excel. I actually found the article you mention but the I have to install the WMI provider on the DC. I am hoping to avoid this if I can. Tha't why I am hoping to use LDAP with some sort of OctetString converter. Y From: Mulnick, AlSent: Fri 26/03/2004 1:04 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? You mean like a zone transfer? DNS.CMD could be useful, scripting could be useful such as this one http://www.microsoft.com/technet/community/scriptcenter/network/scnet163.mspx (note the requirements). DNSLINT might have some value for you as well. Heck, Nslookup in a loop might be useful but you'd have to know what you're going after. Saying all of that, you could transfer the zone to a non-integrated instance and parse the zone file if you really wanted to. I'd opt for the script, but that's me. Al From: AD [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 1:00 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Hi Al, Can you elaborate how I can export the entire zone via DNS. Thanks Yves From: Mulnick, AlSent: Fri 26/03/2004 11:57 AMTo: '[EMAIL PROTECTED]'Subject: RE: [A
RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
Interesting problem. What specifically do you need out of the octet string, just the host name? Anyone have a map of what exactly is in octet string or what data should be in it even if you don't know the format? I would assume probably serial number and some other info? It isn't in MSDN that I see. dn:DC=0,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com>dnsRecord: 0B00 0C00 05F0 0200 0E10 0901 0762 6F62 7465 7374 00 dn:DC=1,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com>dnsRecord: 0C00 0C00 05F0 0300 0E10 0A01 0862 6F62 7465 7374 3200 From this it appears that the hostname starts at about the 13th dword. So above would be 0A01 0862 6F62 7465 7374 3200 and 0A01 0862 6F62 7465 7374 3200 for the names which would resolve into bobtest and bobtest2. This could be done fairly painlessly with perl I think... As for Al's question about why enumerate via LDAP? Because its there baby, that is the beauty of using LDAP. If you aren't going to do LDAP queries, might as well be using a SQL Server or flat file or something. Let me see what I can do with this. I just put the Disturbed CD in, feeling like doing some hacking. BTW, if you didn't go to the Directory Experts Conference, you missed a good time. NetPro did a good job and there was a lot of good discussions. Plus some of the stuff Stuart was talking about was pretty darn cool. - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, March 26, 2004 3:18 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? David, I am sure it will work but my DNS as over 45000+ objects and it is running on a production network. It scares me a little to do that. Y From: Chianese, David P.Sent: Fri 26/03/2004 2:47 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? As Al mentioned, why not convert the zone to Std. Primary and take a copy of the zone files that are written to disk. Then revert it back to ADI. I have done this before without incident to supply our BIND unix servers copies (or pieces) of our zone files. I have done this in the past for stale PTR records as well. Regards, Dave -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of ADSent: Friday, March 26, 2004 2:30 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? I am looking for duplicate registrations in the reverse lookup zone. I am hoping to export everything to txt (4+ objects) file so I can parse using excel. I actually found the article you mention but the I have to install the WMI provider on the DC. I am hoping to avoid this if I can. Tha't why I am hoping to use LDAP with some sort of OctetString converter. Y From: Mulnick, AlSent: Fri 26/03/2004 1:04 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? You mean like a zone transfer? DNS.CMD could be useful, scripting could be useful such as this one http://www.microsoft.com/technet/community/scriptcenter/network/scnet163.mspx (note the requirements). DNSLINT might have some value for you as well. Heck, Nslookup in a loop might be useful but you'd have to know what you're going after. Saying all of that, you could transfer the zone to a non-integrated instance and parse the zone file if you really wanted to. I'd opt for the script, but that's me. Al From: AD [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 1:00 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Hi Al, Can you elaborate how I can export the entire zone via DNS. Thanks Yves From: Mulnick, AlSent: Fri 26/03/2004 11:57 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Why do you want to enumerate via LDAP? Why not via DNS? From: AD [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 11:39 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Anyone ever convert dnsRecord attribute? Help, We have a DNS integrated zone and I have a need to enumerate all reverse lookup records. Unfortunetaly the computer name in saved in a octectstring format attribute called dnsRecord. Lookup a record in the DC=xx.in-addr.arpa,CN=MicrosoftDNS, CN=System,DC=DomainName" container and you will see what I am talking about. As anyone ever written a function to convert this octetstring to something that is readable? Thanks Yves St-Cyr
RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
David, I am sure it will work but my DNS as over 45000+ objects and it is running on a production network. It scares me a little to do that. Y From: Chianese, David P.Sent: Fri 26/03/2004 2:47 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? As Al mentioned, why not convert the zone to Std. Primary and take a copy of the zone files that are written to disk. Then revert it back to ADI. I have done this before without incident to supply our BIND unix servers copies (or pieces) of our zone files. I have done this in the past for stale PTR records as well. Regards, Dave -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of ADSent: Friday, March 26, 2004 2:30 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? I am looking for duplicate registrations in the reverse lookup zone. I am hoping to export everything to txt (4+ objects) file so I can parse using excel. I actually found the article you mention but the I have to install the WMI provider on the DC. I am hoping to avoid this if I can. Tha't why I am hoping to use LDAP with some sort of OctetString converter. Y From: Mulnick, AlSent: Fri 26/03/2004 1:04 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? You mean like a zone transfer? DNS.CMD could be useful, scripting could be useful such as this one http://www.microsoft.com/technet/community/scriptcenter/network/scnet163.mspx (note the requirements). DNSLINT might have some value for you as well. Heck, Nslookup in a loop might be useful but you'd have to know what you're going after. Saying all of that, you could transfer the zone to a non-integrated instance and parse the zone file if you really wanted to. I'd opt for the script, but that's me. Al From: AD [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 1:00 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Hi Al, Can you elaborate how I can export the entire zone via DNS. Thanks Yves From: Mulnick, AlSent: Fri 26/03/2004 11:57 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Why do you want to enumerate via LDAP? Why not via DNS? From: AD [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 11:39 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Anyone ever convert dnsRecord attribute? Help, We have a DNS integrated zone and I have a need to enumerate all reverse lookup records. Unfortunetaly the computer name in saved in a octectstring format attribute called dnsRecord. Lookup a record in the DC=xx.in-addr.arpa,CN=MicrosoftDNS, CN=System,DC=DomainName" container and you will see what I am talking about. As anyone ever written a function to convert this octetstring to something that is readable? Thanks Yves St-Cyr
RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
In that case, as the other poster mentioned DNS.cmd might be a better way. Al From: AD [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 2:30 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? I am looking for duplicate registrations in the reverse lookup zone. I am hoping to export everything to txt (4+ objects) file so I can parse using excel. I actually found the article you mention but the I have to install the WMI provider on the DC. I am hoping to avoid this if I can. Tha't why I am hoping to use LDAP with some sort of OctetString converter. Y From: Mulnick, AlSent: Fri 26/03/2004 1:04 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? You mean like a zone transfer? DNS.CMD could be useful, scripting could be useful such as this one http://www.microsoft.com/technet/community/scriptcenter/network/scnet163.mspx (note the requirements). DNSLINT might have some value for you as well. Heck, Nslookup in a loop might be useful but you'd have to know what you're going after. Saying all of that, you could transfer the zone to a non-integrated instance and parse the zone file if you really wanted to. I'd opt for the script, but that's me. Al From: AD [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 1:00 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Hi Al, Can you elaborate how I can export the entire zone via DNS. Thanks Yves From: Mulnick, AlSent: Fri 26/03/2004 11:57 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Why do you want to enumerate via LDAP? Why not via DNS? From: AD [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 11:39 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Anyone ever convert dnsRecord attribute? Help, We have a DNS integrated zone and I have a need to enumerate all reverse lookup records. Unfortunetaly the computer name in saved in a octectstring format attribute called dnsRecord. Lookup a record in the DC=xx.in-addr.arpa,CN=MicrosoftDNS, CN=System,DC=DomainName" container and you will see what I am talking about. As anyone ever written a function to convert this octetstring to something that is readable? Thanks Yves St-Cyr
RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
As Al mentioned, why not convert the zone to Std. Primary and take a copy of the zone files that are written to disk. Then revert it back to ADI. I have done this before without incident to supply our BIND unix servers copies (or pieces) of our zone files. I have done this in the past for stale PTR records as well. Regards, Dave -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of ADSent: Friday, March 26, 2004 2:30 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? I am looking for duplicate registrations in the reverse lookup zone. I am hoping to export everything to txt (4+ objects) file so I can parse using excel. I actually found the article you mention but the I have to install the WMI provider on the DC. I am hoping to avoid this if I can. Tha't why I am hoping to use LDAP with some sort of OctetString converter. Y From: Mulnick, AlSent: Fri 26/03/2004 1:04 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? You mean like a zone transfer? DNS.CMD could be useful, scripting could be useful such as this one http://www.microsoft.com/technet/community/scriptcenter/network/scnet163.mspx (note the requirements). DNSLINT might have some value for you as well. Heck, Nslookup in a loop might be useful but you'd have to know what you're going after. Saying all of that, you could transfer the zone to a non-integrated instance and parse the zone file if you really wanted to. I'd opt for the script, but that's me. Al From: AD [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 1:00 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Hi Al, Can you elaborate how I can export the entire zone via DNS. Thanks Yves From: Mulnick, AlSent: Fri 26/03/2004 11:57 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Why do you want to enumerate via LDAP? Why not via DNS? From: AD [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 11:39 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Anyone ever convert dnsRecord attribute? Help, We have a DNS integrated zone and I have a need to enumerate all reverse lookup records. Unfortunetaly the computer name in saved in a octectstring format attribute called dnsRecord. Lookup a record in the DC=xx.in-addr.arpa,CN=MicrosoftDNS, CN=System,DC=DomainName" container and you will see what I am talking about. As anyone ever written a function to convert this octetstring to something that is readable? Thanks Yves St-Cyr
RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
I am looking for duplicate registrations in the reverse lookup zone. I am hoping to export everything to txt (4+ objects) file so I can parse using excel. I actually found the article you mention but the I have to install the WMI provider on the DC. I am hoping to avoid this if I can. Tha't why I am hoping to use LDAP with some sort of OctetString converter. Y From: Mulnick, AlSent: Fri 26/03/2004 1:04 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? You mean like a zone transfer? DNS.CMD could be useful, scripting could be useful such as this one http://www.microsoft.com/technet/community/scriptcenter/network/scnet163.mspx (note the requirements). DNSLINT might have some value for you as well. Heck, Nslookup in a loop might be useful but you'd have to know what you're going after. Saying all of that, you could transfer the zone to a non-integrated instance and parse the zone file if you really wanted to. I'd opt for the script, but that's me. Al From: AD [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 1:00 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Hi Al, Can you elaborate how I can export the entire zone via DNS. Thanks Yves From: Mulnick, AlSent: Fri 26/03/2004 11:57 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Why do you want to enumerate via LDAP? Why not via DNS? From: AD [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 11:39 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Anyone ever convert dnsRecord attribute? Help, We have a DNS integrated zone and I have a need to enumerate all reverse lookup records. Unfortunetaly the computer name in saved in a octectstring format attribute called dnsRecord. Lookup a record in the DC=xx.in-addr.arpa,CN=MicrosoftDNS, CN=System,DC=DomainName" container and you will see what I am talking about. As anyone ever written a function to convert this octetstring to something that is readable? Thanks Yves St-Cyr
RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
You could always use the following command depending on your purporse: dnscmd ServerName /enumrecords ZoneName @ Regards, Aric Bernard From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Friday, March 26, 2004 10:00 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Hi Al, Can you elaborate how I can export the entire zone via DNS. Thanks Yves From: Mulnick, Al Sent: Fri 26/03/2004 11:57 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Why do you want to enumerate via LDAP? Why not via DNS? From: AD [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 11:39 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Anyone ever convert dnsRecord attribute? Help, We have a DNS integrated zone and I have a need to enumerate all reverse lookup records. Unfortunetaly the computer name in saved in a octectstring format attribute called dnsRecord. Lookup a record in the DC=xx.in-addr.arpa,CN=MicrosoftDNS, CN=System,DC=DomainName" container and you will see what I am talking about. As anyone ever written a function to convert this octetstring to something that is readable? Thanks Yves St-Cyr
RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
You mean like a zone transfer? DNS.CMD could be useful, scripting could be useful such as this one http://www.microsoft.com/technet/community/scriptcenter/network/scnet163.mspx (note the requirements). DNSLINT might have some value for you as well. Heck, Nslookup in a loop might be useful but you'd have to know what you're going after. Saying all of that, you could transfer the zone to a non-integrated instance and parse the zone file if you really wanted to. I'd opt for the script, but that's me. Al From: AD [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 1:00 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Hi Al, Can you elaborate how I can export the entire zone via DNS. Thanks Yves From: Mulnick, AlSent: Fri 26/03/2004 11:57 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Why do you want to enumerate via LDAP? Why not via DNS? From: AD [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 11:39 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Anyone ever convert dnsRecord attribute? Help, We have a DNS integrated zone and I have a need to enumerate all reverse lookup records. Unfortunetaly the computer name in saved in a octectstring format attribute called dnsRecord. Lookup a record in the DC=xx.in-addr.arpa,CN=MicrosoftDNS, CN=System,DC=DomainName" container and you will see what I am talking about. As anyone ever written a function to convert this octetstring to something that is readable? Thanks Yves St-Cyr
RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
Hi Al, Can you elaborate how I can export the entire zone via DNS. Thanks Yves From: Mulnick, AlSent: Fri 26/03/2004 11:57 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute? Why do you want to enumerate via LDAP? Why not via DNS? From: AD [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 11:39 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Anyone ever convert dnsRecord attribute? Help, We have a DNS integrated zone and I have a need to enumerate all reverse lookup records. Unfortunetaly the computer name in saved in a octectstring format attribute called dnsRecord. Lookup a record in the DC=xx.in-addr.arpa,CN=MicrosoftDNS, CN=System,DC=DomainName" container and you will see what I am talking about. As anyone ever written a function to convert this octetstring to something that is readable? Thanks Yves St-Cyr
RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
Why do you want to enumerate via LDAP? Why not via DNS? From: AD [mailto:[EMAIL PROTECTED] Sent: Friday, March 26, 2004 11:39 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Anyone ever convert dnsRecord attribute? Help, We have a DNS integrated zone and I have a need to enumerate all reverse lookup records. Unfortunetaly the computer name in saved in a octectstring format attribute called dnsRecord. Lookup a record in the DC=xx.in-addr.arpa,CN=MicrosoftDNS, CN=System,DC=DomainName" container and you will see what I am talking about. As anyone ever written a function to convert this octetstring to something that is readable? Thanks Yves St-Cyr
