| Author | Messages | |
boubbha
Posts:34
 | | 04/17/2008 10:34 AM |
| Hello,
We are about to activate the aging/scavenging on our DNS AD-integrated.
questions:
1) is it safe to activate aging/scavenging on _msdcs.<forestzone> ? I have many srv records that are timestamped to be deleted on 2008/04/10.
2) will clustered servers will also be affected by aging/scavenging ?
Thx
__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités
http://mail.yahoo.fr Yahoo! Mail
| | | |
| Chris-Dent
Posts:0
| | 04/17/2008 10:54 AM |
|
1. First bit:
Yep, it is.
Second bit:
That's the Registration Timestamp, not the deletion timestamp.
What are you thinking of setting Aging to?
Service Records will be Refreshed / Updated by the Domain Controllers once every 24 hours.
I recommend you consider leaving the default 7 Days No-Refresh and 7 Days Refresh there. At any point during either interval the record will accept an Update request so changes are still no problem.
2. All Dynamically Added records are effected by Aging / Scavenging. Only static records (records with no time-stamp) are immune.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org on behalf of Yann
Sent: Thu 17/04/2008 15:33
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Aging/Scavenging on _msdcs.<forestzone> URGENT
Hello,
We are about to activate the aging/scavenging on our DNS AD-integrated.
questions:
1) is it safe to activate aging/scavenging on _msdcs.<forestzone> ? I have many srv records that are timestamped to be deleted on 2008/04/10.
2) will clustered servers will also be affected by aging/scavenging ?
Thx
__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités
http://mail.yahoo.fr Yahoo! Mail
| | | |
| Chris-Dent
Posts:0
| | 04/17/2008 12:31 PM |
|
It can be extracted easily enough using WMI, I'll have to take a few minutes to look at the returned string to get the format though. I'll get back to you later on, must head off home now 
Chris
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org on behalf of Yann
Sent: Thu 17/04/2008 17:22
To: ActiveDir@mail.activedir.org
Subject: RE : RE: RE : RE: [ActiveDir] Aging/Scavenging on _msdcs.<forestzone> URGENT
Thx.
Any idea on how to know in advance how many and what records will be scavenged ? (ldifde, script,etc..)
Just to identify exactly what will be deleted from DNS.
Thx and have a nice day.
Yann
Chris Dent <chris@highorbit.co.uk> a écrit :
If Aging isn't enabled on a zone the TimeStamp value is, as far as I'm aware, not replicated.
It's worth turning on View / Advanced when configuring Aging. A value is set to state that the zone cannot be scavenged before a certain date, found under the Aging window. It's used to ensure full replication of TimeStamps has completed prior to the first Scavenging attempt and should be the value of the Refresh interval + 1 hour (or there abouts).
Chris
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org on behalf of Yann
Sent: Thu 17/04/2008 16:23
To: ActiveDir@mail.activedir.org
Subject: RE : RE: [ActiveDir] Aging/Scavenging on _msdcs. URGENT
OK,Thx for your answer Chris.
Last Q.
I have found several of my DCs with a Registration Timestamp set to 2007/07/20 on their A records (. dns zone).
I know that these DCs are up & running and it seems that no refresh to their A record have been done...
Any clues why operationnal DCs did not refresh their records ?
Many thx.
Yann
Chris Dent a écrit :
1. First bit:
Yep, it is.
Second bit:
That's the Registration Timestamp, not the deletion timestamp.
What are you thinking of setting Aging to?
Service Records will be Refreshed / Updated by the Domain Controllers once every 24 hours.
I recommend you consider leaving the default 7 Days No-Refresh and 7 Days Refresh there. At any point during either interval the record will accept an Update request so changes are still no problem.
2. All Dynamically Added records are effected by Aging / Scavenging. Only static records (records with no time-stamp) are immune.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org on behalf of Yann
Sent: Thu 17/04/2008 15:33
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Aging/Scavenging on _msdcs. URGENT
Hello,
We are about to activate the aging/scavenging on our DNS AD-integrated.
questions:
1) is it safe to activate aging/scavenging on _msdcs. ? I have many srv records that are timestamped to be deleted on 2008/04/10.
2) will clustered servers will also be affected by aging/scavenging ?
Thx
__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités
http://mail.yahoo.fr Yahoo! Mail
__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités
http://mail.yahoo.fr Yahoo! Mail
__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités
http://mail.yahoo.fr Yahoo! Mail
| | | |
| Chris-Dent
Posts:0
| | 04/17/2008 3:19 PM |
| Hey Yann,
Tthere are a few options here.
First of all, you can get the information using DNSCMD as follows:
DNSCMD /ZonePrint <ZoneName> /detail
But, its not the easiest format to decipher.
Ive found a little script I wrote last year thatll do it with WMI. Youd
want to run it with cscript <scriptname> or youll get a lot of popup
boxes.
The format is easy to modify if you need.
Really should rewrite these into PowerShell.
Chris
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Chris Dent
Sent: 17 April 2008 17:27
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Aging/Scavenging on _msdcs.<forestzone> URGENT
It can be extracted easily enough using WMI, I'll have to take a few minutes
to look at the returned string to get the format though. I'll get back to
you later on, must head off home now
Chris
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org on behalf of Yann
Sent: Thu 17/04/2008 17:22
To: ActiveDir@mail.activedir.org
Subject: RE : RE: RE : RE: [ActiveDir] Aging/Scavenging on
_msdcs.<forestzone> URGENT
Thx.
Any idea on how to know in advance how many and what records will be
scavenged ? (ldifde, script,etc..)
Just to identify exactly what will be deleted from DNS.
Thx and have a nice day.
Yann
Chris Dent <chris@highorbit.co.uk> a écrit :
If Aging isn't enabled on a zone the TimeStamp value is, as far as I'm
aware, not replicated.
It's worth turning on View / Advanced when configuring Aging. A value is set
to state that the zone cannot be scavenged before a certain date, found
under the Aging window. It's used to ensure full replication of TimeStamps
has completed prior to the first Scavenging attempt and should be the value
of the Refresh interval + 1 hour (or there abouts).
Chris
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org on behalf of Yann
Sent: Thu 17/04/2008 16:23
To: ActiveDir@mail.activedir.org
Subject: RE : RE: [ActiveDir] Aging/Scavenging on _msdcs. URGENT
OK,Thx for your answer Chris.
Last Q.
I have found several of my DCs with a Registration Timestamp set to
2007/07/20 on their A records (. dns zone).
I know that these DCs are up & running and it seems that no refresh to their
A record have been done...
Any clues why operationnal DCs did not refresh their records ?
Many thx.
Yann
Chris Dent a écrit :
1. First bit:
Yep, it is.
Second bit:
That's the Registration Timestamp, not the deletion timestamp.
What are you thinking of setting Aging to?
Service Records will be Refreshed / Updated by the Domain Controllers once
every 24 hours.
I recommend you consider leaving the default 7 Days No-Refresh and 7 Days
Refresh there. At any point during either interval the record will accept an
Update request so changes are still no problem.
2. All Dynamically Added records are effected by Aging / Scavenging. Only
static records (records with no time-stamp) are immune.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org on behalf of Yann
Sent: Thu 17/04/2008 15:33
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Aging/Scavenging on _msdcs. URGENT
Hello,
We are about to activate the aging/scavenging on our DNS AD-integrated.
questions:
1) is it safe to activate aging/scavenging on _msdcs. ? I have many srv
records that are timestamped to be deleted on 2008/04/10.
2) will clustered servers will also be affected by aging/scavenging ?
Thx
__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection
possible contre les messages non sollicités
http://mail.yahoo.fr Yahoo! Mail
__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection
possible contre les messages non sollicités
http://mail.yahoo.fr Yahoo! Mail
__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection
possible contre les messages non sollicités
http://mail.yahoo.fr Yahoo! Mail
| | | |
| Chris-Dent
Posts:0
| | 04/17/2008 3:34 PM |
|
VbScript version should have been attached to the previous mail. Maybe it
decided it didnt like it J
Might rewrite it later if I get bored 
Chris
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Yann
Sent: 17 April 2008 20:28
To: ActiveDir@mail.activedir.org
Subject: RE : RE: [ActiveDir] Aging/Scavenging on _msdcs.<forestzone> URGENT
Chris,
Thx very for your kind help.
Sorry to disturb you at home
I'm home too, its late in the night here , and i'll test dnscmd tomorrow
as you stated. May i ask you to share your magic script chris ? Oh, and in
powershell format please ! (i'm joking) If you find the vbscript version it
will be nice ;o).
Thnaks again,
Yann
Chris Dent <chris@highorbit.co.uk> a écrit :
Hey Yann,
Tthere are a few options here.
First of all, you can get the information using DNSCMD as follows:
DNSCMD /ZonePrint <ZoneName> /detail
But, its not the easiest format to decipher.
Ive found a little script I wrote last year thatll do it with WMI. Youd
want to run it with cscript <scriptname> or youll get a lot of popup
boxes.
The format is easy to modify if you need.
Really should rewrite these into PowerShell.
Chris
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Chris Dent
Sent: 17 April 2008 17:27
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Aging/Scavenging on _msdcs.<forestzone> URGENT
It can be extracted easily enough using WMI, I'll have to take a few minutes
to look at the returned string to get the format though. I'll get back to
you later on, must head off home now
Chris
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org on behalf of Yann
Sent: Thu 17/04/2008 17:22
To: ActiveDir@mail.activedir.org
Subject: RE : RE: RE : RE: [ActiveDir] Aging/Scavenging on
_msdcs.<forestzone> URGENT
Thx.
Any idea on how to know in advance how many and what records will be
scavenged ? (ldifde, script,etc..)
Just to identify exactly what will be deleted from DNS.
Thx and have a nice day.
Yann
Chris Dent <chris@highorbit.co.uk> a écrit :
If Aging isn't enabled on a zone the TimeStamp value is, as far as I'm
aware, not replicated..
It's worth turning on View / Advanced when configuring Aging. A value is set
to state that the zone cannot be scavenged before a certain date, found
under the Aging window. It's used to ensure full replication of TimeStamps
has completed prior to the first Scavenging attempt and should be the value
of the Refresh interval + 1 hour (or there abouts).
Chris
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org on behalf of Yann
Sent: Thu 17/04/2008 16:23
To: ActiveDir@mail.activedir.org
Subject: RE : RE: [ActiveDir] Aging/Scavenging on _msdcs. URGENT
OK,Thx for your answer Chris.
Last Q.
I have found several of my DCs with a Registration Timestamp set to
2007/07/20 on their A records (. dns zone).
I know that these DCs are up & running and it seems that no refresh to their
A record have been done...
Any clues why operationnal DCs did not refresh their records ?
Many thx.
Yann
Chris Dent a écrit :
1. First bit:
Yep, it is.
Second bit:
That's the Registration Timestamp, not the deletion timestamp.
What are you thinking of setting Aging to?
Service Records will be Refreshed / Updated by the Domain Controllers once
every 24 hours.
I recommend you consider leaving the default 7 Days No-Refresh and 7 Days
Refresh there. At any point during either interval the record will accept an
Update request so changes are still no problem.
2. All Dynamically Added records are effected by Aging / Scavenging. Only
static records (records with no time-stamp) are immune.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org on behalf of Yann
Sent: Thu 17/04/2008 15:33
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Aging/Scavenging on _msdcs. URGENT
Hello,
We are about to activate the aging/scavenging on our DNS AD-integrated.
questions:
1) is it safe to activate aging/scavenging on _msdcs. ? I have many srv
records that are timestamped to be deleted on 2008/04/10.
2) will clustered servers will also be affected by aging/scavenging ?
Thx
__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection
possible contre les messages non sollicités
http://mail.yahoo.fr <http://mail.yahoo.fr/> Yahoo! Mail
__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection
possible contre les messages non sollicités
http://mail.yahoo.fr <http://mail.yahoo.fr/> Yahoo! Mail
__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection
possible contre les messages non sollicités
http://mail.yahoo.fr <http://mail.yahoo.fr/> Yahoo! Mail
On Error Resume Next
'Const SERVER_NAME = ""
Const SERVER_NAME = "SOL"
'Const DOMAIN_NAME = ""
Const DOMAIN_NAME = "highorbit.local"
Const WBEM_RETURN_IMMEDIATELY = &h10
Const WBEM_FORWARD_ONLY = &h20
Set objWMIService = GetObject("winmgmts:\\" & SERVER_NAME &
"\root\MicrosoftDNS")
Set colItems = objWMIService.ExecQuery("SELECT * FROM MicrosoftDNS_AType",
"WQL", _
WBEM_RETURN_IMMEDIATELY + WBEM_FORWARD_ONLY)
For Each objItem In colItems
If InStr(1, objItem.DomainName, DOMAIN_NAME, VbTextCompare) > 0 Then
WScript.Echo "DnsServerName: " & objItem.DnsServerName
WScript.Echo "DomainName: " & objItem.DomainName
WScript.Echo "Name: " & objItem.OwnerName
WScript.Echo "IPAddress: " & objItem.IPAddress
If objItem.TimeStamp > 0 Then
WScript.Echo "Timestamp: " & DateAdd("h", objItem.TimeStamp, "1/1/1601
00:00:00 AM")
Else
WScript.Echo "Timestamp: Not Set"
End If
WScript.Echo
End If
Next
__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection
possible contre les messages non sollicités
http://mail.yahoo.fr Yahoo! Mail
| | | |
|
|