Import AD subnets into Reverse Lookup Zones
March 29, 2008
Sometimes you have a task on your hand for your Active Directory environment but it isn’t an easy one, or lets just say that not many people have come across having a need for it (so not a whole lot you can google for). I recently had a situation like this. Basically in our AD environment we failed to realized the importance and fell behind in keeping our reverse lookup zones updated. As we all know that AD infrastructre does not rely on reverse lookups and you can get away with not having all your defined subnets populated in the reverse zones (in-addr.arpa). We began having some random errors of unsuccessful Group policy applications on some machines and also we started being bugged by the SMS group of the failure of SMS clients installation since some applications like SMS do rely on having to lookup machines by their IP addresses.
We are quite a big environment as we have little over 1000 AD defined subnets and only 80 some had been populated in the reverse lookup zones. I was tasked to make sure that all the reverse zones are created in our DNS from the defined subnets. As it could be very tedious task, I wanted to automate the process. I am not a scriptor but I knew that we could not be the only who has had this issue and I tried digging the newsgroups/blogs/forums and the internet in general but I had no or little luck finding any relevant information.
I started off looking into ADSIedit, as I wanted the export the subnet objects and then somehow import them back into the DNS. I knew that there was DNSCMD command line utility that allows you to do various tasks for zones/records creations, deletion and modification. Unfortunately it did not have a very wide syntax that allowed to pipe-in a list from an external source such a CSV file (that would have the subnets I export from AD). As expected the export part went fine and I had the full list of all the AD defined subnets. Now I was struggling to find a VBscript I could wrap this file into and pipe-in thru DNSCMD like utility.
I looked at Joeware free AD utilites, and I saw Joe had a tool called ADfind. I decided to query him and I got a rapid reply back from him with some suggestions, he assured me it is doable using his ADfind utility combined with some other script or utility. In mean time he forwarded my query to Dean Wells of MSEtechnology who emailed me a rather quick solution using Joe’s ADfind tool (see below). I was extremely pleased how my easy attempt to query seasoned scriptors had paid off.
Apart from other great writing and consulting achievements both Joe Richards and Dean Wells are Micrsoft MVPs and their voluntary efforts to help out the community truly exhibited what MVP program is all about.
So here is the command you would run at your DNS server to accomplish this task;
for /f "tokens=1,2,3 delims=." %n in ('adfind -config -rb "CN=Subnets,CN=Sites" -f "objectclass=subnet" name -list') do @dnscmd /zoneadd %p.%o.%n.in-addr.arpa /primary
add ‘ds’ in front of the primary (/dsprimary) if you wish to make the zones AD integrated
NOTES from Dean
-If you place the syntax above within a batch file, please note that any occurrence of a ‘%’ symbol must be replaced with ‘%%’ (two of them)
-ADfind and DNSCMD must both exist within the current directory or the system path
-In its current form, the syntax assumes the subnet is comprised of 3 octets
Filed under: Active Directory, Windows |