Testing Dynamic DNS for a Client

Download this script on the Technet Script Repository I’ve recently been working a lot on a nagging problem at a client. Every once in a while, we’d notice DNS host records falling out of the Active-Directory integrated zone that the huge majority of domain clients kept up to date. The pattern seemed random. It seemed like DNS scavenging was the culprit but we couldn’t be for sure. I needed a way to point to a client and say with 100% certainty that client’s dynamic DNS functionality was working correctly thus this script was born. Using my DNS debug log summary script along with this script really helped me during the troubleshooting phase. These scripts gave me a ton more insight on figuring out what was going on.

Read more

Tracking Down Iterative Public DNS Queries

This week I ran into a problem understanding Microsoft DNS resolution behavior and thought I’d share. For the solution, just skip down to the last 2 paragraphs. At my client, they have an Active Directory domain with a few domain controllers which are also DNS servers. They all run Windows Server 2008 R2. All of these DNS servers/domain controllers all have forwarders enabled on them using the typical 8.8.8.8, 4.2.2.2 and 4.2.2.3. A problem cropped up that unknown DNS traffic was being initiated from a DNS server out to the Internet.  The network administrator had locked down outgoing DNS traffic only to the forwarders and was seeing a lot of hits on an ACL that was denying other DNS traffic to other public IPs.  He needed me to figure out if this traffic was necessary to further open up DNS.  I didn’t think so but I thought I’d investigate. Step […]

Read more

To Be a Great Team Requires Individual Responsibility

Great teams share responsibility on projects and collaborate well.  Great teams don’t leave a man behind to place blame if something goes wrong and someone has to report that to management.  When speaking about both successes and failures, great teams speak in terms of “we” and “us”; never “me” and “I”.  Great teams work as one cohesive unit just getting stuff done. Teams work on projects; not tasks.  Tasks are up to the team members themselves.  Tasks cannot be “done” by the team as a whole.  Imagine telling your boss that “we”, the team, are going to upgrade a server to Windows Server 2012 when your team is involved in a global server refresh project.  He’d look at you sideways not why you’re upgrading the server but he’d be confused as to who is actually going to do the work.  Your entire team isn’t going to take turns clicking the mouse or […]

Read more

Find all AD Groups that a Member of a Group is In

Find all AD Groups that a Member of a Group is In It’s been awhile since my last post and thought I’d throw up a simple script I recently created. For this scenario, I had an Active Directory group containing thousands of user accounts. Each of these user accounts were a member of another group that always was just a bunch of numbers. I needed to output each group member’s name, the all-number group(s) the originating group member was in and the description of that group. I then needed to put this into a CSV and the below one-liner is what emerged. IMO, ugly and could be improved upon but the kind of script that was built-in the moment to get an immediate need fulfilled.

Read more

Creating a Java Deployment Ruleset

This particular task almost put me in the grave.  The request was simple.  Silence Java security prompts for a couple web applications.  Sounds easy enough, right?  Hell no it wasn’t!  ..at least not when attempting to sign the rule set with an Active Directory Certificate Services cert.  After a TON of Googling around and trial and error I gave up and decided to just go with the self-signed cert.  I know this isn’t the most secure way to do this but I’ve given up and once I did, it worked like a charm. EDIT: Here’s a good link to use if you’re not using self-signed cert and are using an Active Directory Certificate Services certificate. Here’s the steps I took to create and deploy a Java Deployment RuleSet to my clients. Create your ruleset.xml file. Download and install the JDK on your admin workstation. Copy ruleset.xml to the JDK install folder […]

Read more

Making Sense of the Microsoft DNS Debug Log

Making Sense of the Microsoft DNS Debug Log If you’ve read my last post you’d know I’ve been trying to track down a problem related to dynamic DNS. One of the first things you should do when troubleshooting a problem like this is to enable DNS debug logging.  You’ve got a ton of different options to debug but in my case, I need more information regarding dynamic updates.  This is what my configuration looks like on one of my DNS servers.   When this is enabled, it will begin creating a log file at the file path you specify which looks like this:   The first row of marked out lines is the IP address and the last row is the DNS record it attempted to updated.  These were marked out for obvious reasons.  Depending on the options you choose this log file can become enormous and isn’t in the […]

Read more

Get Free Space (On All Partitions) for a Computer

Here’s a small script I recently created to find the free hard drive space for a set of remote computers. I found multiple scripts to do this online but none that had the kind of flexibility I needed. This script allows you to choose one, multiple or all partitions on a computer and also specify how you’d like the size reported to you in KB, MB, GB or TB. It really helps me in quickly figuring out how much free hard drive space a particular computer(s) has.

Download this script on the Technet Script Repository

Read more

OutputType (): Optional but Recommended

When writing advanced functions in Powershell you have ton of optional things you can add to make your scripts more usable. One of those is using OutputType() . Admittedly, I’ve never used  OutputType()  in my scripts. I have no real excuse. I just blame my ignorance. At first I thought, why would I need to do this? The scripts work fine without it. That is until I came across Lee Holmes’ excellent blog post entitled What is OutputType()?. Not only does using  OutputType()  add tab-completion functionality to your object but the Powershell ISE also leverages this for Intellisense. Pretty cool! Rather than rambling on about this obscure topic I’ll just leave you with another link to Bartek Bielawski’s blog post entitled OutputType – Why Would You Care?. Bartek does a great job in explaining in a little more in-depth as to why you’d want to use OutputType() .

Read more

Quit With the Text Files Already

As a Powershell beginner you’re probably a Googling maniac; I was definitely.  As you go out and find script snippets out there you’ll find that a ton of examples demonstrate a concept of reading computer names from a text file.  When someone is demonstrating how to run a command on multiple computers it is the easiest way; just dump some computers in a text file, save it and then use Get-Content or Import-CSV.  I strongly encourage you to NOT do this. Using a text file isn’t necessarily bad practice to do so.  It’s because you’re probably performing some manual process to get those computers into the file when you don’t have to!  Instead of dropping in a bunch of computer names into a file I strongly encourage you to think about how you’re getting those computer names and set that criteria in the script. When you just blindly dump a bunch […]

Read more

The Hard Part is not Powershell

I’ve been writing scripts in one shape or form for over 20 years now. During this time I’ve written scripts in batch, AutoIT, AutoHotkey, SQL, PHP, ASP, vbscript and Powershell. I love automation and typically take hold of whatever scripting language I need to use. If anything, writing literally thousands of scripts to do all kinds of crap has taught me that the hard part is not getting the script to do what you want it do; it’s figuring out what you want to do in the first place! When faced with learning a new programming/scripting language I found the core methodology to be all very similar.  Every modern OOP language has variables, constructs, objects, properties, methods, etc.  You can always loop over a container of items whether you call the container a collection, an array, a hash table, an associative array and array list…whatever.  You get the point.  At their root, […]

Read more
1 21 22 23 24 25 28