RE: [ActiveDir] Identify STATIC records in AD DNS
Ugh...Why do I get blinded by complexity?! I didn't even think to use the /Detail switch! This is perfect, as I can parse the output and identify them J Original Message: >From: Deji Akomolafe <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Subject: RE: [ActiveDir] Identify STATIC records in AD DNS >Date: Mon, 7 Jun 2004 20:22:37 -0700 >Have you tried parsing the output of "dnscmd DNSServerName /ZonePrint ZoneName >/Detail" ? > >Records without scavenging timestamp will have the following clue: "dwTimeStamp = 0 >([ 0: 0: 0] [ 1/ 1/1601])" > >HTH > >Sincerely, > >Dèjì Akómöláfé, MCSE MCSA MCP+I >Microsoft MVP - Directory Services >www.readymaids.com - we know IT >www.akomolafe.com >Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon > > > >From: Jef >Sent: Mon 6/7/2004 6:44 PM >To: [EMAIL PROTECTED] >Subject: [ActiveDir] Identify STATIC records in AD DNS > > >Hi there, > >Does anyone know of a way to programmatically identify STATIC records within >an AD integrated DNS zone? > >The DNS manager gui can show if a record has a timestamp or not, but with >100's of thousands of records you can't check them all. > >I've looked for a property I can search on using ADSI or WMI, but have not >found anything consistent. > >The closest I found is the AD property dnsIsTombstoned. It appears to have >3 values: > >TRUE = Already tombstoned and will be replicated >FALSE = Not tombstoned yet, but can be > = Will not be scavenged. > >This is not 100% though, so I think I am missing something else. > >Thanks, > >Jef Kazimer > > > >List info : http://www.activedir.org/mail_list.htm >List FAQ: http://www.activedir.org/list_faq.htm >List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Identify STATIC records in AD DNS
usually static records also have different ACLs - i.e. records that were registered by machineX have an ACL which grant machineX write privs to the respective DNS AD object. note that by default in Win2000 a static record added to DNS by an administrator was granting Authenticated Users write privs to the record => which means it can be overwritten by any machine or use. Not so static afterall... You may want to check your ACLs. This was changed in Win2003 (I'm not sure, but I think it was also changed in 2000 SP4). /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Deji AkomolafeSent: Dienstag, 8. Juni 2004 05:23To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Identify STATIC records in AD DNS Have you tried parsing the output of "dnscmd DNSServerName /ZonePrint ZoneName /Detail" ? Records without scavenging timestamp will have the following clue: "dwTimeStamp = 0 ([ 0: 0: 0] [ 1/ 1/1601])" HTH Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know ITwww.akomolafe.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: JefSent: Mon 6/7/2004 6:44 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Identify STATIC records in AD DNS Hi there, Does anyone know of a way to programmatically identify STATIC records within an AD integrated DNS zone? The DNS manager gui can show if a record has a timestamp or not, but with 100's of thousands of records you can't check them all. I've looked for a property I can search on using ADSI or WMI, but have not found anything consistent. The closest I found is the AD property dnsIsTombstoned. It appears to have 3 values: TRUE = Already tombstoned and will be replicated FALSE = Not tombstoned yet, but can be = Will not be scavenged. This is not 100% though, so I think I am missing something else. Thanks, Jef Kazimer List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Identify STATIC records in AD DNS
Have you tried parsing the output of "dnscmd DNSServerName /ZonePrint ZoneName /Detail" ? Records without scavenging timestamp will have the following clue: "dwTimeStamp = 0 ([ 0: 0: 0] [ 1/ 1/1601])" HTH Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know ITwww.akomolafe.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: JefSent: Mon 6/7/2004 6:44 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Identify STATIC records in AD DNS Hi there, Does anyone know of a way to programmatically identify STATIC records within an AD integrated DNS zone? The DNS manager gui can show if a record has a timestamp or not, but with 100's of thousands of records you can't check them all. I've looked for a property I can search on using ADSI or WMI, but have not found anything consistent. The closest I found is the AD property dnsIsTombstoned. It appears to have 3 values: TRUE = Already tombstoned and will be replicated FALSE = Not tombstoned yet, but can be = Will not be scavenged. This is not 100% though, so I think I am missing something else. Thanks, Jef Kazimer List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/