| Author | Messages | |
AD000001799
Posts:0
 | | 11/07/2006 10:23 AM |
| Hey guys,
Simple question I hope. I was looking for a way to determine
a couple things about DNS (A & PTR records) entries in an Active Directory
Integrated DNS environment…
1)
Is there a way to determine whether the entry has been manually
defined (and thus is never scavenged) or registered through dynamic updates?
2)
Is there a way to determine the current age of a DNS entry?
3)
Is there a way to determine who has the rights to make
modifications to an entry through dynamic updates?
Thanks as always,
~Ben | | | |
| amulnick
Posts:138
| | 11/08/2006 8:54 AM |
| One of the "nice to have's" that was left out of Microsoft's integrated implementation was the ability to easily gather this type of information. IIRC, DNSCMD coupled with dsacls will give you some of that information. There are also some api's that are available to try and roll your own, but nothing that really gives good information IMHO.
There's a kb somewhere out there that describes how to set the ownership of each record using dsacls due to a problem with dhcp registration of records using a particular service account. I don't recall exactly the kb, but take a look and see if you can't modify the dsacls command to report the ownership of the records.
AlOn 11/7/06, WATSON, BEN wrote:
Hey guys,
Simple question I hope. I was looking for a way to determine
a couple things about DNS (A & PTR records) entries in an Active Directory
Integrated DNS environment…
1)
Is there a way to determine whether the entry has been manually
defined (and thus is never scavenged) or registered through dynamic updates?
2)
Is there a way to determine the current age of a DNS entry?
3)
Is there a way to determine who has the rights to make
modifications to an entry through dynamic updates?
Thanks as always,
~Ben | | | |
| AD000001799
Posts:0
| | 11/08/2006 9:39 AM |
| Hi Al,
Thanks for the response.
Yeah, that was much of what I expected. I figured what I was
looking for would be somewhere in the realm of extremely difficult to find or
impossible and I guess I was right.
I’ll definitely look into the DNSCMD and DSACLS to see if that
can provide any of the information I am looking for.
Thanks again,
~Ben
From:
ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On
Behalf Of Al Mulnick
Sent: Wednesday, November 08, 2006 12:55 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] [Semi-OT] AD Integrated DNS entries
One of the "nice to
have's" that was left out of Microsoft's integrated implementation was the
ability to easily gather this type of information.
IIRC, DNSCMD coupled with dsacls will give you some of that information. There
are also some api's that are available to try and roll your own, but nothing
that really gives good information IMHO.
There's a kb somewhere out there that describes how to set the ownership of
each record using dsacls due to a problem with dhcp registration of records
using a particular service account. I don't recall exactly the kb, but take a
look and see if you can't modify the dsacls command to report the ownership of
the records.
Al
On 11/7/06, WATSON, BEN wrote:
Hey guys,
Simple question I hope. I
was looking for a way to determine a couple things about DNS (A & PTR
records) entries in an Active Directory Integrated DNS environment…
1)
Is there a way to determine whether the entry has been manually defined (and
thus is never scavenged) or registered through dynamic updates?
2)
Is there a way to determine the current age of a DNS entry?
3)
Is there a way to determine who has the rights to make modifications to an
entry through dynamic updates?
Thanks as always,
~Ben | | | |
| ZJORZ
Posts:100
| | 11/08/2006 9:43 AM |
| maybe another options is...
use joe's ADFIND and query for dnsNode objects and specifically the dnsRecord attribute. And see if you can filter differences
just a wild idea
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail :
________________________________
From: ActiveDir-owner@mail.activedir.org on behalf of WATSON, BEN
Sent: Wed 2006-11-08 22:39
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] [Semi-OT] AD Integrated DNS entries
Hi Al,
Thanks for the response.
Yeah, that was much of what I expected. I figured what I was looking for would be somewhere in the realm of extremely difficult to find or impossible and I guess I was right.
I'll definitely look into the DNSCMD and DSACLS to see if that can provide any of the information I am looking for.
Thanks again,
~Ben
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Al Mulnick
Sent: Wednesday, November 08, 2006 12:55 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] [Semi-OT] AD Integrated DNS entries
One of the "nice to have's" that was left out of Microsoft's integrated implementation was the ability to easily gather this type of information.
IIRC, DNSCMD coupled with dsacls will give you some of that information. There are also some api's that are available to try and roll your own, but nothing that really gives good information IMHO.
There's a kb somewhere out there that describes how to set the ownership of each record using dsacls due to a problem with dhcp registration of records using a particular service account. I don't recall exactly the kb, but take a look and see if you can't modify the dsacls command to report the ownership of the records.
Al
On 11/7/06, WATSON, BEN wrote:
Hey guys,
Simple question I hope. I was looking for a way to determine a couple things about DNS (A & PTR records) entries in an Active Directory Integrated DNS environment...
1) Is there a way to determine whether the entry has been manually defined (and thus is never scavenged) or registered through dynamic updates?
2) Is there a way to determine the current age of a DNS entry?
3) Is there a way to determine who has the rights to make modifications to an entry through dynamic updates?
Thanks as always,
~Ben
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. | | | |
|
|