I've been working toward getting DNS scavenging turned on in a domain. DNS scavenging,
as you may know, takes a good deal of patience and forethought. It's not something you want to just blindly enable without doing any reconnaissance first. First off, since I'm new to this environment, let me scan all the domain controllers (which are also the DNS servers in this case) and see what the scavenging and aging settings currently look like:
#
$Servers = @()
ForEach ($DC In Get-ADDomainController -Filter *)
{
$Server = New-Object PSObject -Property @{
Hostname = $DC.HostName
Scavenging = $((Get-DnsServerScavenging `
-ComputerName $DC.HostName).ScavengingState)
Aging = $((Get-DnsServerZoneAging `
-Name 'acme.com' `
-ComputerName $DC.HostName).AgingEnabled)
}
$Servers += $Server
}
$Servers | FT -AutoSize
#
Hostname Scavenging Aging
-------- ---------- -----
DC01 False True
DC02 False True
DC03 False True
DC04 False True
DC05 False True
So record aging is already turned on for the zone. All that's left to do is enable scavenging on one of the DNS servers. (I don't like having all of the domain controllers scavenging - just one.) But before I do that, I want to wait a while (like, a couple weeks) and see what hosts are updating their DNS records and which ones aren't. Lucky us - DNS server has a WMI provider.
#
$Records = Get-WmiObject
-Namespace 'Root\MicrosoftDNS'
-Query 'SELECT * FROM MicrosoftDNS_ResourceRecord WHERE Timestamp != 0'
$Records | Select TextRepresentation, `
@{n='Timestamp'; e={([DateTime]'1/1/1601').AddHours($_.Timestamp)}} `
| Where Timestamp -LT (Get-Date).AddDays(-30) | FT -AutoSize
The only tough bit is that the record's timestamp comes as a 32-bit integer that represents the number of hours elapsed since January 1st, 1601. So you'd want to convert that into a meaningful date. Now we can see which resource records in DNS aren't refreshing themselves on a regular basis. After checking that list for sanity and correcting any problems, we can turn on scavenging.