Tuesday, 27 August 2013

Querying DNS RecordData properties in PowerShell

Using the Get-DnsServerResourceRecord cmdlet it's simple to retrieve the records in a domain, and by combining it with Where-Object it's simple to filter by most of the properties of the zone as well. For instance :

    Get-DnsServerResourceRecord -ZoneName "mydomain.com" | Where-Object {$_.RecordType -eq "MX"}

will give you all the MX records within the mydomain.com zone. We can equally filter by HostName, DistinguishedName and a few others since they're simple string values.

What happens when we want to query a zone on RecordData? For example, how would we find all the records that point to "", or MX records that are using "mydomain.com". This data isn't stored as a normal string, so it can't be queried in the same way. Using Get-Member to find the properties of Get-DnsServerResourceRecord you'll find that the RecordData property type is "CimInstance#Instance", not string like others mentioned above.

What this essentially means is that the RecordData property has properties within it, and it's these that we need query. Each type of record has its own individual properties corresponding to the type of data held within it.

Depending on the type of record you're querying there are different property names to use. To find the list use :

    $records = Get-DnsServerResourceRecord -ZoneName "mydomain.com"
    $records.RecordData | Get-Member

You'll see some have one relevant property, for instance IPv4Address, while others which hold more info have multiple, for instance MailExchange and Preference for MX records.

Note, you'll only see those values that exist within the zone you used above. So if the zone doesn't have an MX record you won't see any MX record details listed.

To query using them you add the property after RecordData, for instance :

    Get-DnsServerResourceRecord -ZoneName "mydomain.com" | Where-Object {$_.RecordData.IPv4Address -eq ""}


    Get-DnsServerResourceRecord -ZoneName "mydomain.com" | Where-Object {$_.RecordData.MailExchange -match "mydomain.com"}

You see it's fairly straight forward to query these, it's just a question of finding them in the first place. Below is a list of the most common record types, it's not every single one possible but it should cover most situations.

A Record            IPv4Address
AAAA Record      IPv6Address
MX Record          MailExchange, Preference
CNAME Record    HostNameAlias
SRV Record        DomainName, Port, Priority, Weight
TXT Record        DescriptiveText
SOA Record       PrimaryServer, ExpireLimit, MinimumTimeToLive,   

                        RefreshInterval, ResponsiblePerson, RetryDelay, Serial Number
NS Record         NameServer
PTR Record        PtrDomainName

If you require any additional record types simply use Get-Member as listed above on a zone containing the required properties.


Thursday, 18 July 2013

Removing a secondary zone from all DNS servers in an AD domain with PowerShell 3.0

Following on from the last blog "Adding secondary zones to all DNS servers in an AD domain with PowerShell 3.0" I'll move on to removing secondary zones from all the DNS servers in an AD domain.

Much of the code is very similar to that used when creating a new secondary, so I won't bother repeating those bits. As before you obviously need to retrieve the current list of DNS servers on the network and then work through the list.

To delete the zone itself we use the command :

    Remove-DnsServerZone -Name $domain -ComputerName $dnsserver -Force

but to add a little complication I also wanted to log the currently configured master server for the zone before deleting it. With that logged if we accidentally delete a zone it's easy to find where it pointed previously and set it up again.

Unfortunately as far as I can find there's currently no way to retrieve this info using PowerShell, so I had to resort to using the old friend of DNS scripting, dnscmd :

    $master=(dnscmd /zoneinfo $domain) -split '[,]' | ? {$_ -like '*addr=*'}
    write-output "Current master server for $domain is $master" | out-file $logfile -append

This retrieves the zoneinfo data for the domain being deleted, grabs the line containing "addr=" which lists the master servers, and then outputs that information to a log file.

You can download the completed script, which includes logging and error trapping, from http://gallery.technet.microsoft.com/Delete-a-secondary-DNS-44fce3eb.

Monday, 1 July 2013

Adding secondary zones to all DNS servers in an AD domain with PowerShell 3.0

One of the advantages of AD Integrated DNS is that adding or editing a zone on one server automatically replicates that action onto all the others, but that only works when the domain is an AD Integrated Primary. If you're dealing with secondary zones that doesn't apply, and things work like they do in a non-AD environment.

Adding a secondary zone needs to be done on each DNS server within the AD domain individually, which if you have a lot of DNS servers could be a lot of work. Add to that the more servers you're working with, the more chance of a mistake being made on one of them.

To get around this I wanted to script a way to create a secondary zone on all the DNS servers at once.

The first step is getting a list of the DNS servers on the domain. You could manually create and maintain a list of servers, but I prefer to assume things will change and get the script to allow for this. To generate a list of DNS servers I use the following :

    $dnserversldap = [ADSI]"LDAP://ou=Domain Controllers,dc=mydomain,dc=co,dc=uk"
    $objsearcher = new-object system.directoryservices.directorysearcher
    $objsearcher.searchroot = $dnserversldap
    $objsearcher.filter = "(objectcategory=computer)"
    $proplist = "name","cn","lastlogon"
    foreach ($i in $proplist){$objsearcher.PropertiesToLoad.add($i)}
    $results = $objsearcher.findall()
    $serverlist = $results.properties.cn

Note, I'm assuming in this example that all DNS servers are also AD DC's and therefore appear in the Domain Controllers OU, if that's not the case for you then you'd need to adjust it accordingly.

$serverlist now contains a list of DNS servers to work with.

From there I can simply use foreach to work through the list, and call the AddDnsServerSecondaryZone cmdlet to add the required secondary as follows :

    foreach ($dnsserver in $serverlist)
        Add-DnsServerSecondaryZone -Name $domain -ZoneFile $zonefile -MasterServers $ipaddr -ComputerName $dnsserver

Since I want this to be runnable at a PowerShell prompt rather than have to edit the script each time, I add the following at the beginning :

    $zonefile=$domain + ".dns"

which reads in the domain and IP Address arguments passed to the script, and then generates the .dns filename to be used in the command (since secondary zones aren't stored in AD).

You can download the completed script, which includes logging and error trapping, from http://gallery.technet.microsoft.com/Create-secondary-DNS-zone-3793c0d8 since it also maintains the formatting.

Thursday, 20 June 2013

Adding modules into PowerShell 3.0 ISE for services running on other machines

In my last blog I talked a little about the new Commands menu within the PowerShell 3.0 ISE, the ability to view all the cmdlets relating to an individual module, and then use it to build a command.

It's a great feature and of course there are a lot of modules out there for different applications and services. As you install new roles and features that use their own set of modules the installer adds those modules into the list, so by default the PowerShell ISE modules list contains all the modules relevant to the local installation.

But what if you want to write your script and insert cmdlets into it on a machine that doesn't have those roles or features installed? You could install the relevant management pack, but that seems somewhat overkill to me.

The other option is to simply copy the relevant files from a machine that already has them.

All of the module files installed on a machine can be found in :


with an individual folder for each module installed. These obviously get loaded when PowerShell ISE loads.

To make these available on another machine, for instance making the DNS Server module show up on your desktop machine, simply copy the relevant folder(s) (in this case DnsServer) from a server that it's installed on, into the modules folder on your target machine (your desktop).

The next time you load the PowerShell ISE you'll find the module and its list of cmdlets listed and available for use. This way on one machine you can have all your required modules, be they SQL Server, Exchange Server, Active Directory, DNS Server etc on a single machine.


Just to avoid confusion, my intention when finding this method was simply to allow me to write the code on my local machine, NOT to allow me to execute the cmdlets locally. Using the -Computer parameter to specify the machine to run the command against won't work, since your local machine is missing the required dll's. That said, if you've established a connection to the remote server, eg using Enter-PSSession, then the cmdlets generated on your local machine can be run since you're using the dll's on the remote machine not the local ones.


Wednesday, 19 June 2013

PowerShell v3 and new features including DNS Server cmdlets

With the introduction of PowerShell v3 in Windows Server 2012 we now have a new collection of cmdlets to play with, and amoung them are a collection of cmdlets for controlling and administering DNS Server.

As someone who's been rewriting many old batchscripts to use PowerShell, and is also in the process of migrating to a new 2012 DNS setup this obviously came as great news. No more using PowerShell as a wrapper for dnscmd or having to dig into WMI calls. Unfortunately as is often the case being up to date has its drawbacks, yep, you guessed it, there's a definite drought of documentation out there explaining how to use it all. There are other additions as well, but DNS Server's the area I've been playing with recently.

For a straight forward list of DNS cmdlets check out http://technet.microsoft.com/en-us/library/jj649850%28v=wps.620%29.aspx. Once you know which cmdlet you need the easiest option is perhaps to use the Commands menu within the PowerShell v3 ISE, which if not already displayed on the right hand side can be viewed by selecting View and then Show Command Add-on.

Using the new commands menu definitely helps, for any cmdlets you haven't used before. Selecting the DnsServer option from the modules list gives you a list of the available cmdlets in that category, and selecting one of them displays the parameter details for it. Note, where the options change depending on what you're doing (for instance using Add-DnsServerResouceRecord, where A records have different options to MX records etc), you'll see tabs along the top to allow you to select the required set of parameters. Simply fill in the required text boxes, and then click Insert, the complete PowerShell command line using those parameters will be created in the bottom window. Either run it there or copy and paste the code into your script.

If you're unsure which details need to go into which box, the -WhatIf parameter will let you know what your current selection would do if it was run (without actually doing it and potentially doing something wrong / unexpected). The WhatIf parameter isn't new to v3, but its combination and availability in the commands menu makes it even more useful. One thing worth noting about the -WhatIf parameter is that it gives an overview of what will happen, not always the exact detail. Take the following example :

Add-DnsServerResourceRecord -DomainName mail.domain.com -Name _autodiscover._tcp -Port 443 -Priority 0 -Srv -Weight 0 -ZoneName foo.com -WhatIf

The output produced will be :

What if: Adding DNS resource record _autodiscover._tcp of type SRV in zone foo.com on MYSERVER server.

You'll see that it confirms the command will create the resource record, that it's an SRV record, where it is and in which zone, but not the finer details. So if you put the port details in the wrong place then WhatIf won't help.

That's enough for now, the next couple of blogs will be looking at specific DNS Server cmdlets and how they can be used.

Wednesday, 17 April 2013

Making Windows 8 that little bit more usable

First of all, let me just say that I actually really quite like Windows 8, so don't expect this to deteriorate into a list of reasons why you shouldn't bother. I upgraded my home desktop almost as soon as I could get my mits on the upgrade, and it's been running on my work desktop for a little while now.

Once I'd got past the initial confusion everyone gets on seeing a new way of doing things, and focused instead on how I actually use my machine and the benefits available in this version, I was well and truly a convert. Yes TIFKAM (The Interface Formerly Known As Metro) jars a little at first, no I really don't like it, however and this is the important point, I hardly ever use it! Since Windows 7* introduced pinning your apps to the task bar I've generally had all my regularly used apps pinned, so I rarely needed to click start for anything other than shutting down. So if I didn't use the Start menu in 7, I probably won't use TIFKAM in 8, so it doesn't matter what it looks like!

All that said, there are a number of little tips and tricks I've discovered to resolve some of the little annoyances, and make Windows 8 far better (in my opinion) than it is out of the box. I figured I'd write about them here, if they help someone else then great, if not I've got a handy crib sheet if I need to set things up again in the future.**

  • For quick access to the desktop when starting Windows, drag the "Desktop" tile on the start menu to the top left hand corner. This then becomes the default tile and is already selected. When you login to Windows and are presented with the Start menu, simply hit return and you'll be at the desktop.
  • To start your applications without needing to use the Start menu the simplest way it to pin them to your task bar. Once they're running, simply right click the taskbar icon, and you'll see an option to "Pin this program to the taskbar". When the app is closed the icon remains without the box surrounding it, making it easy to start next time. You can also re-order them by dragging and dropping them into the order you prefer.
  • If you can't find an app, either type its name in the Start menu to search for it, or (and this isn't always obvious), right click in some empty space and you'll see an option for "All apps" which will being up a complete list of them.
  • Accessing the Shutdown/Restart menu can be done in multiple ways, moving the mouse to the bottom right and selecting settings, pressing Windows-C to access the Charms menu, or Windows-I to go direct to the Setting Charm, but if nothing is open or no applications are selected (eg you clicked on the desktop / taskbar) you can press ALT-F4 to go direct to the menu.
  • If you like having easy access to My Computer, documents, the Control Panel etc, you can get a measure of this functionality back via a taskbar toolbar. Right click on the taskbar, go to Toolbars and select Desktop. You'll now see on the right hand end of the task bar a new entry title "Desktop >>", clicking on the >>'s gives you access to many of those things you previously had through the start menu.
  • And finally, if / when you accidentally open something in Metro mode (it loads full screen, and the taskbar etc is no longer visible) it's simple enough to get back to the desktop, however you'll notice a lack of familiar x to close the application. In Metro mode, move the mouse to the top middle of the screen and the mouse changes to a hand icon, click and drag down until the application is gone (effectively dragging the application off your desktop).

Next post will be some of the useful changes you can make in Office 2013.

* It may have started in Vista, but I never used it and prefer to think of it as a beta version of Windows 7!

** Note, there are various add-ons and start bar replacements out there but I haven't touched them. I spend enough time supporting other peoples machines that I don't want mine moving too far from the default.