i have (at least think) tricky problem server 2008 r2 domain. wrote cleanup script ad computer accounts. beside account in ad want delete sccm , dns accounts. dns have problem. need log script run timed job each day. normal ad module cmdlets work great using this:
remove-adcomputer -identity $account -confirm:$false if($?){ write-log -logcontent "delete-oldadaccount: deleted account `"$($account.name)`" lastlogondate `"$($account.lastlogondate)`", full path `"$($account.distinguishedname)`"" -logpath $logfile } else { write-log -logcontent "delete-oldadaccount: failed delete account `"$($account.name)`": $($error[0].exception.message)" -logpath $logfile -level 'warn' } for deleting old dns entries found 2 solutions server 2008 r2 (i can't use cool new server 2012 dns modules ps):
dnscmd $dnsserver /recorddelete $zonename $computer /f and
get-wmiobject -computername $dnsserver -namespace 'root\microsoftdns' -class microsoftdns_atype -filter "domainname = '$computer'" | remove-wmiobject but both commands (dnscmd , remove-wmiobject) return true, if there no records in dns matching computer account's name. cant use similar construct above.
so tried this:
try{ [system.net.dns]::gethostentry($computer) get-wmiobject -computername $dns -namespace 'root\microsoftdns' -class microsoftdns_atype -filter "domainname = '$computer'" | remove-wmiobject -whatif get-wmiobject -computername $dns -namespace 'root\microsoftdns' -class microsoftdns_aaaatype -filter "domainname = '$computer'" | remove-wmiobject -whatif write-log -logcontent "delete-oldadaccount: deleted dns entry `"$($computer)`"" -logpath $logfile } catch { write-log -logcontent "delete-oldadaccount: failed delete dns entry `"$($computer)`": $($error[0].exception.message)" -logpath $logfile -level 'warn' } with static function [system.net.dns]::gethostentry($computer) test if there @ least ipv4 entry (as ipv6 deactivated on system exception if there ipv6 entry. if both ipv4 , ipv6 exist works). if there entry proceeds remove-wmiobject cmdlet ipv4 , ipv6. if there no such entry in dns exception , directly jump catch-block log error. method have no clue later if remove-wmiobject successful. have ipconfig /flushdns , re-run command [system.net.dns]::gethostentry($computer) see if fails , interpret "entries deleted".
please, there cmdlet or way server 2008 r2 delete entry dns , validate if deletion successful? ;)
i can't use cool new server 2012 dns modules ps
yes can, long have @ least 1 machine new enough run them. work fine against 2008 r2 domain controller. simplify things lot!
otherwise, can still use cim/wmi calls retrieve value of record you're doing instead of using gethostentry.
example, courtesy of jon dechiro
if (get-wmiobject -computername $dnsserver -namespace 'root\microsoftdns' -class microsoftdns_atype -filter "domainname = '$computer'") { write-log -logcontent "delete-oldadaccount: failed delete dns entry "$($computer)": entry still exists on $dnsserver" -logpath $logfile -level 'warn' } else { write-log -logcontent "delete-oldadaccount: deleted dns entry "$($computer)"" -logpath $logfile } 
Comments
Post a Comment