Remove Old Name Servers from reverse lookup zones in DNS- PowerShell

Hello Scripting Guys,
I'm a long-time fan. Please let me know if I have included enough information for you to provide some guidance. Thank
you!
Here is what I am attempting to do:
import a .csv file which contains
zoneName,hostname,RecordType
and then delete the name server entries from the reverse lookup zones.
Why:
There are hundreds of zones and 80+ name servers in each for a total of about 25,000 records to be removed. I
have the list of zones and the list of name servers which I want to remove from the zones.
Environment:
I am running PowerShell as a Domain Admin with access to DNS. Zones allow secure updates only (if that matters here).
I am running it from a Server 2012 R2 server with the DNS admin tools installed against Server 2008 R2 DNS servers. Current AD functional level Windows Server 2003. All DC are DNS server and GC's.
What I have tried:
The following
works to return all the Name Server records in a zone:
.csv file format
zoneName,hostname,RecordType
1.112.170.in-addr.arpa,nameserver1.contoso.com.,Ns
1.112.170.in-addr.arpa,nameserver2.contoso.com.,Ns
1.112.170.in-addr.arpa,nameserver3.contoso.com.,Ns
2.112.170.in-addr.arpa,nameserver1.contoso.com.,Ns
2.112.170.in-addr.arpa,nameserver2.contoso.com.,Ns
2.112.170.in-addr.arpa,nameserver3.contoso.com.,Ns
Script\Command:
Import-Module DnsServer
$PDCE = Get-ADDomainController -Discover -Service PrimaryDC
import-csv c:\temp\OldNSrecords-test.csv | foreach {
Get-DnsServerResourceRecord -ZoneName $_.zoneName -RRType "Ns" -computerName $PDCE
-Node
OutPut to screen:
HostName RecordType Timestamp TimeToLive RecordData
@ NS 0 1:00:00 Nameserver1.contoso.com
@ NS 0 1:00:00 Nameserver2.contoso.com
However, replacing the business line (in green above after foreach) with the remove command (in red below)
does not work to delete the specific record listed in the .csv, even though it follows the
pattern from MS TechNet:
Remove-DnsServerResourceRecord -ZoneName $_.zoneName -RRType "Ns" -name $_.hostname -computerName
$PDCE
Error:
PS C:\Windows\system32> C:\Temp\OldNSCleanup.ps1
Remove-DnsServerResourceRecord : Failed to get nameserver1.contoso.com. record in
1.112.170.in-addr.arpa zone on PDCE server.
At C:\Temp\OldNSCleanup.ps1:4 char:1
+ Remove-DnsServerResourceRecord -ZoneName $_.zoneName -RRType "Ns" -name $_.name ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (PDCE:root/Microsoft/...rResourceRecord) [Remove-
DnsServerResourceRecord], CimException
+ FullyQualifiedErrorId : WIN32 9714,Remove-DnsServerResourceRecord​
When I remove the use of the .csv and put the names of the zone and server in the command, I get the same results.
Fail.
It's as if the record does not exist, but I can browse to it in the GUI. I found
this about Missing Glue records, but it does not seem to apply to reverse lookup NS records. I'm thinking that I need to first load each zone into an assembly and then do the removal,
but I'm not sure how to do that in PowerShell. I tried piping the get command for the zone to the remove command, but that did not work or I did not have the correct syntax.
I have attempted to use DNSCMD to do the same and that command appears to work, but then fails to actually remove
the record.
Here is an example of that command:
import-csv C:\Temp\OldNSrecords-test.csv | foreach {dnscmd.exe "DNSServer.contoso.com" /Recorddelete $_.ZoneName
$_.hostname $_.recordType /f}
Output:
Deleted Ns record(s) at 1.112.170.in-addr.arpa
Command completed successfully. [But not really, the NS record is still there]
I have researched several sites including the suggest one here, but this does not fit my requirement.
http://social.technet.microsoft.com/Forums/scriptcenter/en-US/97070ff2-59e2-4f34-9c39-054048e008af/automatically-delete-removed-dcname-servers-and-automatically-add-new-dcname-servers-in-reverse?forum=winserverDS
http://technet.microsoft.com/en-us/library/jj649872.aspx

Here is a backing store for the root servers in the DNS format:
; formerly NS.INTERNIC.NET
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
; formerly NS1.ISI.EDU
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
; formerly C.PSI.NET
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
; formerly TERP.UMD.EDU
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
; formerly NS.NASA.GOV
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
; formerly NS.ISC.ORG
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
; formerly NS.NIC.DDN.MIL
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
; formerly AOS.ARL.ARMY.MIL
. 3600000 NS H.ROOT-SERVERS.NE
Notice that each is a pair.
One is the NS and the secon is the A record.
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
In this case the dot represents the self reference to the A record.  These are the records that bootstrap all of the Internet.  Remove them and you ae lost.
The CSV uses the @ to anchor the local domain.  Perhaps the DNS CmdLets prefer the dot.  The @ is what appears on the screen when we use the GUI. Note the dot at the end of the FQDN.  It is required.  Even browser use
it but they add it if you forget.
¯\_(ツ)_/¯

Similar Messages

  • Permissions to create Reverse Lookup Zones in DNS

    What Active Directory permissions are needed to create Reverse Lookup Zones in DNS?  My co-worker is getting an access denied error when completing the wizard for this and the zone is NOT created.  He is a member of the "DnsAdmins" group and
    he can create Forward Lookup Zones.  We are running Server 2008 R2 SP1 on our Domain Controllers where DNS is running.  Any ideas?

    Set permissions for the DnsAdmins group on the DomainDNSZones application partition. To do this, follow these steps:
    Click Start, click Run, type Adsiedit.msc, and then click
    OK.
    In the task pane, right-click ADSI Edit, and then click
    Connect to.
    Under Connection Point, click Select or type a Distinguished Name or Naming Context, type the following, and then click
    OK:
    CN=MicrosoftDNS,DC= DomainDNSZones,DC=<var>Domain</var>,DC=<var>Domain_Extension</var>
    In the task pane, locate and right-click CN=MicrosoftDNS,DC= DomainDNSZones,DC=<var>Domain</var>,DC=<var>Domain_Extension</var>, and then click
    Properties.
    Click the Security tab, and then click Advanced. The
    Advanced Security Settings for MicrosoftDNS dialog box appears.
    In the Permissions tab, click Add.
    In the Enter the object name to select box, type DnsAdmins, and then click
    Check Names to verify the name.
    Click OK. The Permission Entry for Microsoft DNS dialog box appears.
    In the Apply onto drop-down list, click This object only.
    Click to select the Allow check box for the Full Control
    permission, and then click OK.
    In the Advanced Security Settings for MicrosoftDNS dialog box, click
    Apply, and then click OK.
    Click OK to close the properties dialog box for the DomainDNSZones application partition.
    Close the ADSI Edit window.
    Test whether you can create a new DNS zone now.
    If you found this post helpful, please "Vote as Helpful". If it answered your question, remember to "Mark as Answer". MCSE,MSCITP-EA

  • Removing old exchange servers from AD with ADSIEdit

    Hello all,
    I know this has been discussed MANY times but I wanted to know if the only place these are stored is under CN:Server under Microsoft Exchange? I know this isn't the recommended way but I need to get these removed so I can re-use the old names.

    CN=configuration,DC=.example,DC=.COM > CN=Services > CN=Microsoft Exchange > CN=Organization > CN= Administrative Groups > CN=(Groupname) > CN=Servers >
    Looks to be correct.
    This is where you would the sevrers, but try add/remove programs first, if a uninstall has failed or hasnt move the object then delete from here.Sukh

  • How to Install DNS ROLE and its FQDN service and Reverse Lookup zone in Server Core using Powershell?

    Hi
    I am Setting A Lab Scenario That the PC name "Core2012" i.e. Server Core 2012 Will be Domain Controller.
    Using PowerShell I have done this Task
    Change hostname ; Configure IP address and Preferred DNS address ; Disable IPv6 ;
    Configure Firewall ; Even Active Directory Role install.
    Now problem occur
    Well I have know to install DNS role install-WindowsFeature DNS
    Ok
    But; 
    How to configure FQDN ; Restore mode password ; Setting up global catalog server ;and configure Reverse Lookup zone Using powershell
    I have search many Forums but I am not getting to touch with it.
    So I Need a help to set and Configure DNS using Powershell
    Thank You!!!
    sagarpdalvi

    Hi Sagarpdalvi,
    To set the Safe mode password with powershell, please refer to the cmdlet Install-ADDSDomainController, to enable global catalog(GC), please run the cmdlet "Set-ADObject" after install Active Directory on the core server, to configure Reverse Lookup zone,
    please refer to the cmdlet
    Add-DnsServerPrimaryZone.
    To configure DC with powershell, please check the scripts:
    Installing a Domain Controller on Windows Server 2012
    R2 Core
    Enabling and Disabling the Global Catalog
    To configure DNS, the Domain Name System (DNS) Server Cmdlets should be helpful for you:
    http://technet.microsoft.com/en-us/library/jj649850.aspx
    I hope this helps.

  • Change reverse lookup zone replication

    We have a windows 2008 R2 domain / forest.
    One Root domain and 2 childdomains. A DC/DNS server in the root domain is the scavenging server in the forest
    Long story short, i noticed that the replication of the reverse lookup zone in one childomain, is set to All DC's in this domain, instead of to all DNS servers in the forest.
    I want to change this because we have a lot of duplicate in the reverse zone, and encounter issues with remote desktop or remote asstistance.
    Can i change this to "all DNS servers running on domain controllers in this forest" without any downtime / issues?
    Thanx

    Suffixes should be configured on EVERY machine, not just DCs. This way any machine can resolve anything in the infrastructure. That's the goal to design DNS.
    If you want to go to forest wide replication, the first thing you must do is set all child DCs to ONLY use the forest root DNS servers. Don't worry about servers and clients in the child domains at this time that may be pointing to the child DC/DNS for the
    moment, because you will be doing this during a maintenance window and we'll get to them later... Stick with me a second...
    Then you would change the replication scope on the parent root domain DNS servers ONLY.
    Then WAIT for replication to happen. Go have lunch, go see a movie, etc... Then check the zone properties on a few DCs at the parent, and especially the child domains' DCs, to make sure that they reflect the zone is now set to forest wide replication.
    Now on a child domain DC, create a test record. Check the partner DCs and the other child domain DCs, and the parent root domain DCs to see if it replicated. If it did, you're good to go.
    Once you've confirmed that they are all showing forest wide replication, and the test worked, then change the child domain DCs to point to it's partner DC as the first entry, and itself or the loopback as the second entry.
    And yes, delegate the _msdcs zone. First create the _msdcs.domain.local zone, and set updates to Secure Only, and put it in the forest scope. Then go to domain.local, right-click, delegate, type in _msdcs, and type in the forest root DCs' IP.
    Hope that helps.
    Ace Fekay
    MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

  • I have just tried to sync my iphone. Error message saying it cannot be synced has popped up quoting error code (-50). I have just removed old iphone backups from itunes but was very careful to not delete the current one. What does this code mean?

    Hi there,
    I have just tried to sync my iphone.
    Worryingly an error message saying it cannot be synced has popped up quoting error code (-50)
    I have just removed old iphone backups from itunes but was very careful to not delete the current one
    What does this code mean?

    http://support.apple.com/kb/TS1583

  • How do you remove old email addresses from the invitee drop down menu in Calendar

    How do you remove old email addresses from the invitee drop down menu in Calendar

    Back up all data.
    Triple-click anywhere in the line below on this page to select it:
    ~/Library/Caches/com.apple.iCal/Previous Recipients.plist
    Right-click or control-click the line and select 
    Services ▹ Reveal
    from the contextual menu.* A folder should open with an item selected. Quit the application if it's running. Move the selected item to the Desktop, leaving the window open. Relaunch the application and test. If there's no change, quit again and put the item you moved back where it was, overwriting the one that may have been created in its place. Otherwise, delete the item you moved.
    *If you don't see the contextual menu item, copy the selected text to the Clipboard (command-C). In the Finder, select
    Go ▹ Go to Folder...
    from the menu bar, paste into the box that opens (command-V). You won't see what you pasted because a line break is included. Press return.

  • Remove OLD Slave iFolders from iFolder Master

    I have a old iFolder slave server that appears unders "Servers" when viewing servers in the iFolder 3.7 server administration tab. This server is no longer around. When you click on the server it returns an error.
    How does one go about removing a "dead" iFolder slave server that appears in the Servers listing of iFolder servers?
    I want to "delete" the last three servers from appearing in the list of iFolder server.
    Bill

    Bill,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Visit http://support.novell.com and search the knowledgebase and/or check all
    the other self support options and support programs available.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.novell.com/faq.php
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Product Support Forums Team
    http://support.novell.com/forums/

  • How to remove old backup files from time machine? Lion OSx

    Hi everyone,
    I am just wondering how to efficiently and safely remove the old backup files from time machine? I tried once with command, but it damaged my extra-disk... Does Lion OSx have fixed that?
    Many thanks
    Hong

    Blue-
    Time Machine will automatically delete back-ups as the need for space arises. If you want to delete a certain file (application, document, whatever) and have it gone for good you can do that as well.
    The best place on the web for information about Time Machine is...
    http://pondini.org/TM/Home.html
    ...it covers everything!
    Clinton

  • Removing old License Servers (SCP issues?)

    I've been tasked with cleaning up the list of "Known License Servers" that are found on our domain when running RD Session Host.
    I have several that shouldn't be there. I've checked in ADSI Edit/Configuration/Sites/Default Site/TS-Enterprise-License-Server and it only has my current (correct) server listed. The Terminal Server License Servers AD group only has the current server listed
    as well.
    I think the issue is old SCP connections. If I find the computer account in AD, (and select to view Users, Contacts, Groups and Computers as containers) and expand the computer account I can see TermServLicensing underneath the computer account. I suspect
    this is causing them to be discovered. Does anyone have any feedback or suggestions on if this could be my cause, and if so, is just Right-Click deleting the SCP the solution? Is there a better way to take care of deleting the old SCP?
    Thanks
    Sean

    Hi,
    Please go to the Remote Desktop Licensing website and check if old License servers are listed. If so, please try to remove them and see how it works.
    https://activate.microsoft.com/
    Thanks.
    Jeremy Wu
    TechNet Community Support

  • I cannot remove old Apple ID from my iPad Mini iCloud ID & Game Center ID

    I cannot remove my old Apple ID (*********) from my iPad Mini's iCloud ID & Game Center ID
    The old ID email address is no longer accessable as I do not have the virgin account any more.
    My current ID is *********
    My current ID is working every other system on the iPad mini.
    Can you tell me how I can fix this please
    Iris ****
    <Edited by Host>

    Hey best99,
    Thanks for the question. After you change your Apple ID, you’ll want to follow these directions for updating the iCloud account on iOS devices:
    Apple ID: What to do after you change your Apple ID
    http://support.apple.com/kb/HT5796
    iCloud
    iOS 6 and later: Go to Settings > iCloud.
    - If you signed out before changing your Apple ID, enter your current Apple ID to sign in. The data from your iCloud account will download to your device.
    - If you're still signed in with your previous Apple ID:
    1. Scroll down and tap Delete Account. Depending on what iCloud options are turned on, you'll be asked to confirm that you want to delete data from your device. To confirm, tap Delete. (If you're using iOS 7 and have Find My iPhone turned on, you'll be asked to enter the password for your previous Apple ID. Enter the password, then tap Turn Off.) The data will be deleted from your device, but not from iCloud.
    2. Enter your current Apple ID to sign in. The data from your iCloud account will download again to your device.
    Thanks,
    Matt M.

  • Can't remove RD Virt Servers from RD Connection Broker

    I have a single 2012 R2 server running CB, GW, WA with a single VD collection of 4 VM's. I had in the past added a couple of VH servers to add more collections, but the project colapsed and I was left with disolving the VH
    servers and just having the origninal VH to run everything. The problem is I didn't use a HA sql db for the connection broker, and when I removed the other servers that were in the server pool, I didn't do it the right way. I just disolved the servers without
    removing them from the pool first. Now I can't see my VD collection because it says that I have to readd the 2 servers back into the server pool first. When I run PS>Get-RDServer to see if I can use the remove command, it just gives me "The RD Connection
    Broker is not available." I'm running the command from the CB, I have a user using the VDC, so I know it's working. I just can't figure out how to remove the servers without having to build them again, readd them, and then remove them. Any ideas anyone?

    Hi,
    Here is a similar thread below with possible solution:
    Could not remove RD virtualization host from the pool
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/009a685d-e8c1-4199-af0a-aaf864f22b42/could-not-remove-rd-virtualization-host-from-the-pool?forum=winserverTS
    In addition, to safely remove the server from your RDS deployment, please contact Microsoft Customer Support Services, it is not recommended that we manually edit the database that is used by the RDS deployment.
    More information for you:
    Cannot remove an RD Host from an RDS deployment
    https://support.microsoft.com/en-us/kb/2925854/en-us
    Best Regards,
    Amy
    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • HT4859 How do I remove old unwanted applications from my app store tracking?  I removed from the phone, but still showing and reinstalling from the App Store screen.

    I'm trying to remove old apps off my phone, and they keep showing up.  How do I get rid of them?

    i was losing temper looking for an answer for this. at the end the trick is that you need to show the side bar then only your library will list the apps menu for you to access & start doing the deletion huhhhhh..
    Itunes > view (menu bar) > show side bar > under library select apps > all apps list either active & deleted on your device will be displayed in tile view > then you start to delete by right clicking> finally empty recycle bin >

  • Application directory Partition, Reverse lookup Zone , after Installation of Tree Domain

    I have multiple domains (Windows Server 2008 Enterprize, and funtional level 2008) in an exisiting forest
    after installation of new Tree domain i am facing the problem in creating reverse zone in DNS
    Error message
    "the partition to replicate zone data top all dns server that domain controllers on the active directory ws not created. The application directory partition operation failed. the domain controller holding the domain naming master role is down or unable
    to service the request or is not running windows 2003"
    plz reply soon i am facing a trouble .
    Wajahat

    The error message states that your domain naming master role holder is down or not responding.
    First, you need to identify which one of your DCs is the holder of this FSMO role: You can use
    netdom query fsmo command for that. If there is no DC that is currently holding this FSMO role then you need to size to one of them: https://support.microsoft.com/KB/255504?wa=wsignin1.0
    If one of your DCs is holding the role then you need to check why it is not responding or unreachable. This could be checked by running
    dcdiag on this DC to do a health check.
    I would also recommend that you refer to recommendations I shared here: http://www.ahmedmalek.com/web/fr/articles.asp?artid=23
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • How do I remove old image buttons from Properties panel?

    Hi,
    I have been working out how to use Image Buttons in Captivate 6 and have created loads which now appear in the Properties Panel.
    How do I remove unused image buttons from the Properties Panel?
    Thanks

    Hi there
    When you look at the Properties panel, you see ALL available images for the buttons. (Assuming that you are referring to to the stock images supplied by Captivate)
    Is this the list you are trying to clear?
    If so, it's the same list you see with any project Captivate creates.
    Cheers... Rick
    Helpful and Handy Links
    Captivate Wish Form/Bug Reporting Form
    Adobe Certified Captivate Training
    SorcerStone Blog
    Captivate eBooks

Maybe you are looking for

  • Connecting to TV or other Video/Audio Devices

    Hi, I am rather new to the Media/Technology scene in terms of inter-operability of the hardware. So, if you could please just help me out with a few NEWBIE questions. 1.) Why do my new speakers only out put sound when I plug in the input cable to the

  • Using EJBs in Web Dynpro Applications

    I have recently started to develop Web applications using the Web Dynpro framework. Coming from a pure J2EE world, I must admit that Web Dynpro has a few innovative features that I find interesting for user interface development. The use of component

  • How to recover withholding tax information code that was deleted ....

    Dear Sirs, one person of our client have deleted witholding tax code information in their 2007 financial documents. As result of this error they are not able to generate legal witholding tax report that should be delivered to nationatal state authori

  • Remove titel bar from JInternalFrame?

    I don't need any of the things in the titel bar and want to remove it. Is this possible? If not is there another way to make the JInternalFrame look less bulky?

  • Flex: Are unused module project files included in the module swf's?

    Hi Currently optimizing a large application at work. There are many files in  some of the module projects that are not used by the exported (release  build) Module.swf's. Are these unused files included in the swf's? What about unused imports? Brian