Remove an Individual DNS Entry

Simple I hear you say?! I work in an enterprise with 51 Windows DNS servers though. I don't really want to connect to each one to delete an individual record. The scenario was that due to some heavy handed builders cutting through some data cables, a company that we frequently email had to change it's public MX record in a hurry.

There was no staged phase over, it's MX record was this one minute and that the next. However, it sometimes takes days for DNS changes to filter across the globe and we were with out email correspondence until the new MX record was in use on our DNS servers.

I needed a quick way to wipe this record from each server so that emails could flow freely from my company to theirs. Which is why I created this script; by using the dnscmd line and a few questions it compiles the 51 lines I needed to wipe a record from each of the DNS servers.

@ECHO OFF

ECHO.
ECHO Clear individual entry from Windows Domain DNS servers.
ECHO Top Tips from www.vMowfo.co.uk
ECHO.

SET /P A=Enter the DNS record name (www.google.com):
SET /P B=Record type (A, MX, etc):
SET /P C=Incorrect IP:

dnscmd SERVERNAME /recorddelete /cache "%A%" "%B%" "%C%" /f

It starts of with the ubiquitary information text. Then goes into the 3 questions; DNS name, record type & IP in question. These are the 3 variables for the dnscmd /recorddelete command.

A quick example of the script in action. We have a DNS entry we need, which just happens to be www.vmowfo.co.uk.


This is the script running. As you can see I've entered www.vmowfo.co.uk as the DNS name, A as the record type and it's IP.


Voila, the record has gone. To make the whole thing worth while I need to do it to all the 51 DNS servers. To get a list of your Windows DNS servers, type this at the prompt:

nltest /dclist:FQDN

Where FQDN is your internal domain name. A few quick data organisation tricks in Excel soon produced this as the new batch command file:

AD Queries & LDIFDE

The other day I was required to report on how many users had thier email addresses hidden from the Global Address List, but also who were not disabled. This was a first for me, but was surprisingly easy to produce.

Starting in ADUC there is a Saved Queries folder, which leant itself to right clicking > new > query. From there I typed in the name of the search and followed the define query link.

This brought up a search window much like the advanced find in ADUC itself. It had a custom search option which selected, as I already knew what I was looking for from flicking through a user account in ADSI edit. So I thought!

As previously mentioned, I had scoured a user account in ADSI edit to see what options I needed to search for. I had guessed they were msExchHideFromAddressLists and userAccountControl. The msExchHideFromAddressLists values were quite simple to work out; true or false. userAccountControl was interesting though, as for a disabled account the value was 2, I assumed the value for an enabled account would be 1?! I had to search around to find out the value should have been 512!

This produced the result in the image to the left. It automatically put in the object category and object class.

After clicking OK and OK again the results of my search were displayed. Success! Not quite finished though, as I wanted to email these results to another member of staff, what I needed was ldifde!

This was another first, which I just went straight to google to find out a suggested string which I could customise. I ended up with:

ldifde -f DisabledUsers.txt -d "OU=User Accounts,DC=domain,DC=name,DC=net" -p subtree -r "(&(objectCategory=person)(userAccountControl=512)(msExchHideFromAddressLists=TRUE))" -l "cn"

The options in detail are:

-f DisabledUsers.txt - export to file of this name
-d "OU=User Accounts,DC=domain,DC=name,DC=net" - specific domain and OU
-p subtree - to include sub OU's
-r "(&(objectCategory=person)(userAccountControl=512)(msExchHideFromAddressLists=TRUE))" - the search string, copied from above
-l "cn" - what to list in the results

After running this command I was presented a screen like this:

and a text file like this, ready to be copied into an email:

Back to Hyper V

I've been unable to locate a spare Broadcom network card at work (they're all built in) and XFX (my motherboard) doesn't provide Linux drivers - shock! I suppose I could hunt out alternate driver sources, like extracting them from a proper Linux distro, but I don't know how!

I believe I have a full version of 2008, so I'm going to give Hyper V another go at the weekend.

VMWare & Exchange 07

I'm bored of the Hyper V server now that it's working (the trial software is about to expire too). I need a new challenge! I've decided next up is to have an Exchange 07 enviroment running on VMWare's ESX server.

I've broken it down to a similar front end/back end deployment as my last setup, with 2 firewall/routers separating the 2 subnets. In the 'DMZ' will be an ISA 04 box running Windows Server 2003. The back end will host an seperate OWA, Bridgehead and Exchange servers (Windows Server 2003) as well as a AD/DNS box.

There will also be a Virtual Center server running virtually on my main PC. This will also have the VI client and the license server features running on it.

So far I have built the Virtual Center box and installed the required features:


In other news, I cancelled the house purchase. It has become clear that the Indian take over will involve me being made redundant as my job gets 'off shored'. I even have to train my replacement!! Oh well, I'll do anything for the money.

not many NIC's are supported, including the 3 I have in there. I need to get a Broadcom NIC by the looks of it.

Running a Scheduled Task Using the System Account

I quick guide on what the title says really. It came about through a need of moving data you might not necessarily have permission to access and that the 'system' does. I am also publishing the guide because I saw several other webpages saying it wasn't possible.

In this example I'm performing a data move using the RoboCopy program. RoboCopy (Robust Copy) is used because it has comprehensive logging, the ability to restart a failed attempt & keeps all NTFS permissions intact.

Although I have an admin account, which should have access to all the files, it is possible for somebody to strip this access out blocking me access to the files unless I take ownership - this would also cause the RoboCopy job to fail.

Right, that's the reason behind this then - lets get started. Open up the Scheduled Task's page from the Control Panel and then start the New Scheduled Task wizard. Go through the initial options as you require. In my scenario I selected the batch file I created for the robocopy job and it's options, I also selected the run once option and the time/date the move was due to take place.

When it comes to the user name/password option just type in system and leave the password fields blank. Open up the advanced properties dialog box and you should see the run as box listing 'NT AUTHORITY\SYSTEM' populated.

Easy.

Advanced nVIDIA RAID Options

My current motherboard has a built in SATA RAID controller made by nVIDIA. This is hardware RAID and, as such, is invisible to the OS - unless you install the drivers. It was only a few days ago that I decided to investigate what these drivers actually did.

A quick flick though the start menu revealed the nVIDIA control panel with storage options. Opening this up showed all the extra RAID information which would normally be transparent.

It also included SMART (Self-Monitoring, Analysis, and Reporting Technology) options. For those who don't know SMART technology monitors HDD's and gives you warning of impending failure. Without the drivers this feature would be unavailable, which could leave you missing out on important messages/warnings.

These options included how to record logs, how often and also the ability to run an advanced test straight away. I was interested in the events logged and configuring advanced warning options from them.

First open the Computer Management tool and browse to the Event Viewing section. Right click on Custom Views and select new. I included all sources with NV at the beginning, however NVRAIDSERVICE seems to be the big one.


I then created a custom view to only include Critical, Error and Warning events to be displayed. Luckily none appeared! The last step was to 'Attach a task to this custom view'. This allowed me to configure an email alert when ever a event was logged under this criteria. There was also an option for running a script, which would allow you to do almost anything!

My First Domain Name

Well, I ummed and arred for quite a while at what it should be and if I should even bother - knowing it's going to be a few months until I get a static IP sorted. I really shouldn't have worried so much though, as it was only £2.99 a year.

SO far so good though, I have configured www.vmowfo.co.uk to point to here as well as a bunch of subdomains point to my public twitter, facebook and blog profiles (twitter.vmowfo.co.uk, facebook.vmowfo.co.uk & blog.vmowfo.co.uk).

Add to that my new email addresses pointing to my actual email addresses, it lends to a lot of future flexibility. Very pleased!