| Author | Messages | |
Chris-Dent
Posts:0
 | | 04/18/2008 6:18 AM |
|
Ah.
The DNS data is stored in the main directory partition along with all your users. That means it's also loaded into your Global Catalog (Partial Attribute Set members).
As all DCs are Windows 2003 (or higher) you would gain from switching the zone to "All DNS Servers in the Active Directory Domain". This moves the data into it's own Naming Context / Application Partition called DomainDNSZones (DC=DomainDNSZones,DC=yourdomain,DC=local).
There are two reasons behind that. First, it stops changes to records in DNS being replicated into the Global Catalog. And second, the zone only replicates to servers Windows 2003 servers with the DNS Service installed.
I don't really think you'll take a big hit from the change. The largest zone I've converted from Directory Partition to Application Partition is 5000 records, for that we didn't notice any performance impact at all. It was already replicating Aging data and was fully Scavenged. That comes with a caveat, the slowest link that was replicating over was 10Mb/s.
Chris
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org on behalf of Yann
Sent: Fri 18/04/2008 11:03
To: ActiveDir@mail.activedir.org
Subject: RE : RE: RE : RE: [ActiveDir] Aging/Scavenging on _msdcs.<forestzone> URGENT
Thx for answering.
We are in w2k3 FFL mode. Replication scope "All domain controllers in the Active Directory domain" wit 320 DCs in the Domain.
Topology Hub(1) and spoke.
Have a nice day. I will manage with this tedious DNS scavenging ! :o)
Cheers,
Yann
Chris Dent <chris@highorbit.co.uk> a écrit :
But it's your thread really 
Before you can properly evaluate the state of the Time Stamp registrations you would have to enable Aging on the zone. To allow you to do that without disruption I recommend you disable the Scavenging Process if you have it running automatically.
Once the Time Stamps have had a chance to replicate, lets say a week, you can re-check and see what's what.
Remember that the Zone itself will place a block on immediate Scavenging. You can see when the zone can be scavenged by setting View, Advanced then opening the Aging properties. That gives all systems time to Refresh their records prior to removal of Stale records.
I'm not sure how we would calculate the bandwidth usage if there really are that many stale records. There are a few things to consider with that.
Are you using Windows 2003? If so, what Replication Scope have you configured? Do you centralise DNS Services, or does every DC host the service? Any slow links to consider?
I'm sure there are better people in here than I to advise on the replication impact. I consider myself good enough with DNS, but I don't have enough experience with replication topologies in large enterprise to estimate the impact on your network.
Chris
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org on behalf of Yann
Sent: Fri 18/04/2008 10:07
To: ActiveDir@mail.activedir.org
Subject: RE : RE: [ActiveDir] Aging/Scavenging on _msdcs. URGENT
Hello again,
Not to hijack your thread 
But i ran your great script and i found up to 9000 DNS Records timestamped (Registration Timestamp) to 8/13/2007, so that will be scavenged soonly ! 
File & Exchange Clusters servers, that are up & running, are among those outdated timestamped computers. Strange thing that their Netlogon service did not refresh their own records whereas they are still up & running for a while...
1- Will those clusters servers be in trouble after scavenging ?
2- Will the replication of those tombstoned records take a lot bandwith ?My DNS is (AD DNS Integrated). The scavenging will take place at 9 AM.
Thx so much for your help.
Yann
Chris Dent a écrit :
I see what you mean, that does provide a little more flexibility. Thanks
Chris
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org on behalf of Brandon
Sent: Thu 17/04/2008 22:23
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Aging/Scavenging on _msdcs. URGENT
That works great.. I would probably use a calculated property so it returns
an object instead of string
Get-WMIObject -Class "MicrosoftDNS_AType" -Namespace
"root\MicrosoftDNS" -Comp $DNSServer -Filter "DomainName='$Domain'" |
Select-Object
OwnerName,@{n="TimeStamp";e={(Get-Date("01/01/1601")).AddHours($_.TimeStamp)}}
This way you could | to a filter like
... | ?{$_.TimeStamp -gt $date}
or
... | ?{$_.OwnerName -match }
----- Original Message -----
From: "Chris Dent"
To:
Sent: Thursday, April 17, 2008 5:09 PM
Subject: RE: [ActiveDir] Aging/Scavenging on _msdcs. URGENT
Good of you to offer I think I have it though, well one of many possible,
any improvements recommended?
$DNSServer = ""
$Domain = ""
Get-WMIObject -Class "MicrosoftDNS_AType" -Namespace "root\MicrosoftDNS" `
-ComputerName $DNSServer -Filter "DomainName='$Domain'" `
| ForEach { ($_.OwnerName) + " " + `
(Get-Date("01/01/1601")).AddHours($_.TimeStamp) }
Might be easier to read spread out though.
Chris
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brandon Shell
Sent: 17 April 2008 20:53
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Aging/Scavenging on _msdcs. URGENT
I will rewrite them in Powershell if you like. If you want it as a
learning exercise, I am here to help with that as well.
Unknown Guy w/ Dean
On 4/17/08, Chris Dent wrote:
> Hey Yann,
>
>
>
> Tthere are a few options here.
>
>
>
> First of all, you can get the information using DNSCMD as follows:
>
>
>
> DNSCMD /ZonePrint /detail
>
>
>
> But, it's not the easiest format to decipher.
>
>
>
> I've found a little script I wrote last year that'll do it with WMI. You'd
> want to run it with "cscript " or you'll get a lot of popup
> boxes.
>
>
>
> The format is easy to modify if you need.
>
>
>
> Really should rewrite these into PowerShell.
>
>
>
> Chris
>
>
>
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Chris Dent
> Sent: 17 April 2008 17:27
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Aging/Scavenging on _msdcs. URGENT
>
>
>
>
>
> It can be extracted easily enough using WMI, I'll have to take a few
minutes
> to look at the returned string to get the format though. I'll get back to
> you later on, must head off home now
>
> Chris
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org on behalf of Yann
> Sent: Thu 17/04/2008 17:22
> To: ActiveDir@mail.activedir.org
> Subject: RE : RE: RE : RE: [ActiveDir] Aging/Scavenging on
> _msdcs. URGENT
>
> Thx.
>
> Any idea on how to know in advance how many and what records will be
> scavenged ? (ldifde, script,etc..)
>
> Just to identify exactly what will be deleted from DNS.
>
> Thx and have a nice day.
>
> Yann
>
> Chris Dent a écrit :
>
> If Aging isn't enabled on a zone the TimeStamp value is, as far as I'm
> aware, not replicated.
>
> It's worth turning on View / Advanced when configuring Aging. A value is
set
> to state that the zone cannot be scavenged before a certain date, found
> under the Aging window. It's used to ensure full replication of TimeStamps
> has completed prior to the first Scavenging attempt and should be the
value
> of the Refresh interval + 1 hour (or there abouts).
>
> Chris
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org on behalf of Yann
> Sent: Thu 17/04/2008 16:23
> To: ActiveDir@mail.activedir.org
> Subject: RE : RE: [ActiveDir] Aging/Scavenging on _msdcs. URGENT
>
> OK,Thx for your answer Chris.
>
> Last Q.
>
> I have found several of my DCs with a Registration Timestamp set to
> 2007/07/20 on their A records (. dns zone).
> I know that these DCs are up & running and it seems that no refresh to
their
> A record have been done...
>
> Any clues why operationnal DCs did not refresh their records ?
>
> Many thx.
>
> Yann
>
> Chris Dent a écrit :
>
> 1. First bit:
>
> Yep, it is.
>
> Second bit:
>
> That's the Registration Timestamp, not the deletion timestamp.
>
> What are you thinking of setting Aging to?
>
> Service Records will be Refreshed / Updated by the Domain Controllers once
> every 24 hours.
>
> I recommend you consider leaving the default 7 Days No-Refresh and 7 Days
> Refresh there. At any point during either interval the record will accept
an
> Update request so changes are still no problem.
>
> 2. All Dynamically Added records are effected by Aging / Scavenging. Only
> static records (records with no time-stamp) are immune.
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org on behalf of Yann
> Sent: Thu 17/04/2008 15:33
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] Aging/Scavenging on _msdcs. URGENT
>
> Hello,
>
> We are about to activate the aging/scavenging on our DNS AD-integrated.
> questions:
> 1) is it safe to activate aging/scavenging on _msdcs. ? I have many srv
> records that are timestamped to be deleted on 2008/04/10.
>
> 2) will clustered servers will also be affected by aging/scavenging ?
>
> Thx
>
> __________________________________________________
> Do You Yahoo!?
> En finir avec le spam? Yahoo! Mail vous offre la meilleure protection
> possible contre les messages non sollicités
> http://mail.yahoo.fr Yahoo! Mail
>
>
>
> __________________________________________________
> Do You Yahoo!?
> En finir avec le spam? Yahoo! Mail vous offre la meilleure protection
> possible contre les messages non sollicités
> http://mail.yahoo.fr Yahoo! Mail
>
>
>
> __________________________________________________
> Do You Yahoo!?
> En finir avec le spam? Yahoo! Mail vous offre la meilleure protection
> possible contre les messages non sollicités
> http://mail.yahoo.fr Yahoo! Mail
>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités
http://mail.yahoo.fr Yahoo! Mail
__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités
http://mail.yahoo.fr Yahoo! Mail
| | | |
|
|