- Create a certificate-signed RDP shortcut via Group Policy - Fri, Aug 9 2019
- Monitor web server uptime with a PowerShell script - Tue, Aug 6 2019
- How to build a PowerShell inventory script for Windows Servers - Fri, Aug 2 2019
For those of us with Active Directory domains, we also have Microsoft DNS servers. And most likely, we also have dynamic DNS. DDNS is a technology that eases a lot of the burden of keeping DNS records current. By default, all Windows computers are set to create a DNS A record for themselves automatically and keep it up to date if their IP addresses change. This significantly reduces the labor of keeping thousands of DNS records current.
Dynamic DNS consists of two different components: the client component and the server component. Each piece must talk with the other in order to ensure the server takes care of the client that requested the change. Although DDNS typically requires little intervention, there are times when it becomes necessary to intervene.
Note: In the rest of this article, I'll be assuming the clients are running Windows 8.1 or later, as we'll be using some commands that are only available in these versions. I'll also be assuming that each client already has PowerShell remoting set up and working.
Using PowerShell remoting and just two built-in commands on each client, we can easily toggle the "Register this connection's address in DNS" NIC setting on 1, 100 or 1,000 machines at once. To do this, we can use the Invoke-Command cmdlet to execute the command remotely, the Get-NetConnectionProfile cmdlet to find the NIC you're looking for and Set-DnsClient to make the actual change. An example will look like this:
Invoke-Command -ComputerName PC1,PC2 -ScriptBlock { Get-NetConnectionProfile -IPv4Connectivity Internet,Disconnected,LocalNetwork,Subnet -ErrorAction SilentlyContinue |Set-DnsClient -RegisterThisConnectionsAddress:$false }
After completing this command, you can then check via the GUI to ensure the feature is disabled by going to the properties of the NIC --> TCP/IP V4 Settings --> Advanced --> DNS Tab.
Disabled client DDNS registration
The next shortcut we'll cover is figuring out the DNS records in your server DNS zones that clients registered via DDNS. One feature of DDNS is setting a timestamp on a DNS record. By default, when a client registers a DNS record via DDNS, the system places a timestamp on the record. This timestamp ensures that the server knows how old this record is and whether it can scavenge (remove) it later. On the other hand, explicitly created records don't have a timestamp. To filter out only those records registered via DDNS, we just have to figure out a way to find all of the records with a timestamp attached to them. We can do this using the Get-DnsServerResourceRecord command.
This command returns all records in a DNS zone. It returns objects with various properties, and one of those properties is a timestamp property.
DDNS record in PowerShell
You can see above the difference between records registered via DDNS and one that is not. To find only those records registered via DDNS, we just have to narrow down the records returned by Get-DnsServerResourceRecord using the Where-Object command.
Get-DnsServerResourceRecord -ComputerName DC -Zone mylab.local | Where-Object {$_.TimeStamp}
Notice above that I'm enumerating all records on my DNS server called DC in the zone mylab.local. To find only DDNS records, I'm then filtering those results to find only those records with a timestamp on them, thus returning only records registered via DDNS.
By using PowerShell to discover this information, I could then take this code and incorporate it into a larger script or modify it in some way. After all, a lot of other objects exist to look into around DDNS, but luckily, we have PowerShell to discover and troubleshoot just about any DDNS problem that crops up.
