Alan's Blog

"Yeah. I wrote a script that will do that."

Remove DNS Host Record and PTR with PowerShell

Posted on December 10th, 2016

You have been asked, “Please remove the host record for these 15 computers, plus their associated PTR records”.  It isn’t a difficult task, but it can be time consuming, especially if you have a large DNS database.  The bit can be annoying to do over and over again.  When I first decided to automate this task, I went looking to see who had done something similar before, and found  My code, Remove-DNSRecord.ps1,  is based on his, and extends it by searching all zones, and by creating an advanced function.  The script relies on the PowerShell DNSServer Module, which is available on Server 2008 and later.
Script Text

Tags: , ,
Filed under Active Directory, Windows Administration | No Comments »

Quickly Check Domain Controller Health

Posted on September 5th, 2016

How can you tell whether an Active Directory domain controller is functioning properly?  How do you know whether some over-zealous VLAN ACL is blocking necessary ports?  Testing ICMP, is easy, just ping it.  Testing LDAP response isn’t hard, I wrote a vbScript to do that years ago.  But to complete, we want to check more.  My list of things to check are this:

  • Ping
  • TCP Ports 53,88,135,389,445,464,636,3689
  • UDP Ports 53,389,464,636,3689
  • If you are running NetBIOS add 139 TCP and UDP ports 137,138
  • If the DNS port is open run NSLookup to check lookups
  • If LDAP port is open, do a test bind

Since a large enterprise may have a large number of DCs, I wanted to multi-thread the script.  For compatibility, I wanted to be able to run it on PowerShell 3 from a Windows 7 host without admin rights.

What I discovered is that testing TCP ports with PowerShell is pretty easy.  UDP connections, however, turned out to be more difficult.  After about 45 minutes of frustration, I found a great Test-Port function from PowerShell MVP Boe Prox.  It is contained inside the script.

In my view, WorkFlows, introduced in Version 3, are the easiest way to multi-thread in PowerShell, and is a way which does not require special setup or rights on the remote systems. On my system, I see about 4 simultaneous queries using this method.

Test-DCs.ps1 can be edited to choose the testing of whatever ports you require and could easily be changed to test other systems such as web servers, Exchange or SharePoint servers.

Update 10-1-19:  This version has many improvements, including multi-threading and dynamically determining whether query of DNS or GC ports is required. Updated 4/16/2017 to fix some bugs, and to add switch for optional scanning of secure ports.

Script Text

Tags: , , ,
Filed under Active Directory, Alan's Favorites, My Best, PowerShell, Scripting, Windows Administration | No Comments »

Export DNS Server Records with PowerShell

Posted on March 8th, 2015

I am frequently asked to export DNS records, such as, “Give me the list of A, MX and CName records in DNSZone1 and DNSZZone2”. Server 2012 has got some nice cmdlets, but I wanted something more universal with a GUI. Export-DNSEntries.ps1 uses a combination of Out-GridView and a custom from to allow you to pick DNS zones and the records you want to export. An excerpt of the script follows — note that I have word wrap enabled in the Crayon code display window:

As you can see in line 272, I get the list of zones by querying the WMI Namespace Root\MicrosoftDNS  and Class “MicrosoftDNS_Zone”.  I use a custom form to dynamically get the record types, then query WMI for each type in each zone.

Script Text

Tags: ,
Filed under PowerShell, Scripting, Windows Administration | No Comments »

Please Note

All the scripts are saved as .txt files. Newer files have a "View Script" button which will let you save or open a script in notepad. For earlier posts, the easiest way to download with IE is to right click on the link and use "Save Target As". Rename file from Name_ext.txt to Name.ext.

To see a full post after searching, please click on the title.

PowerShell Scripts were written with Version 3 or 4.

https connections are supported.

All new users accounts must be approved, as are comments. Please be patient. It is pretty easy to figure out my email address from the scripts, and you are welcome to contact me that way.

Site Search



SQL Site

Bad Behavior has blocked 169 access attempts in the last 7 days.