Enable scavenging on all dns zones using Powershell

So I needed to enable scavenging on all reverse zones for a customer. All forward and most reverse zones were done but not all. Since this was a Windows Server 2012R2 server I knew, that every cmdlet I might need was available.

But what if I have enabled scavaging but want to update which servers will scavenge?

And now all my zones have scavenge enabled and the correct DNS server specified.

I tried to create a reverse zone and all I got was this error message

So you read my earlier blog entry about creating reverse zones, and tried to create a the 0, 127 or 255 zone. If you tired to create one of those zones on a Windows DNS server you should get the following error message “The zone cannot be created. The zone already exists.”
The zone already exists

So whats up I don’t the see the zone but its there? Microsoft has made sure that all DNS servers will create those zones in the background unless a registry change is made. To be able to see these zones you need to enable their display. [Read more…]

How to demote a Domain Controller

So you might have a system hardcoded to talk with that domain controller. Now you need to find which servers are talking to the domain controller.

  1. Disable dynamic DNS
  2. So now clean up the DNS of that domain controller so no more clients will talk to the server by DNS queries.
  3. Wait a couple of days.
  4. Then use Network monitor to check if any and which clients are still talking to the server.
  5. For DNS you can use my script from the blog post about DNS logging.
  6. Continue to remove systems that are still using the Domain Controller.
  7. When you give up or is done. You can now remove the domain controller.
  8. Depending on which Windows version you have you have the option of dcpromo or the Server Manager.

How to Prevent Domain Controllers from Dynamically Registering DNS Names

Update: Since I wrote this Pierre Audonnet has written about this too given the following suggestions.

Easy handling before removing DNS

Prior to changing the IP or demoting a DNS server it is best to repoint all clients pointing to this DNS server to other DNS server. To assist in this I have written the following script. It requires the DNS service to have debug logging enabled. By running the script and pointing to the debug file, you will get an easy to handle array. Unless you specify a filename for the debuglog it will be in the file %SystemRoot%\system32\dns\dns.log

Download the script from the Microsoft social scripting archive.

[Read more…]