Ok sorry for the delay, one of my nano marine tanks (5
gallon) had a thermostat crack and blow up and it took out a circuit
breaker (electrical device exposed in a tank of water, go figure). I am just
hoping everything didn't get zilched out. I know the fish and hermit crabs
survived, not so sure about the corrals and fan tails.
Anyway, here is a quick and dirty script to do
this
#****************************************************************************************
#* Anti-DSinAddr.PL *
#*======================================================================================*
#* Author : Joe Richards ([EMAIL PROTECTED]) *
#* Version: V01.00.00 *
#* Modification History: *
#* V01.00.00 2004.03.26 joe Original Version *
#*--------------------------------------------------------------------------------------*
#* This script pulls out host names out of an AD integrated reverse dns zone *
#*--------------------------------------------------------------------------------------*
#* Notes: *
#****************************************************************************************
#* This script requires ADFIND to be available to do the queries... *
#****************************************************************************************
#* Anti-DSinAddr.PL *
#*======================================================================================*
#* Author : Joe Richards ([EMAIL PROTECTED]) *
#* Version: V01.00.00 *
#* Modification History: *
#* V01.00.00 2004.03.26 joe Original Version *
#*--------------------------------------------------------------------------------------*
#* This script pulls out host names out of an AD integrated reverse dns zone *
#*--------------------------------------------------------------------------------------*
#* Notes: *
#****************************************************************************************
#* This script requires ADFIND to be available to do the queries... *
#****************************************************************************************
#****************************************************************************************
#* Definitions: *
#*--------------------------------------------------------------------------------------*
#* $TRUE : Define True for testing. *
#* $FALSE : Define False for testing. *
#* $YES : Define Yes for testing. *
#* $NO : Define No for testing. *
#* $SCRIPTPATH : Path to script. *
#****************************************************************************************
$TRUE=1;
$FALSE=0;
$YES=1;
$NO=0;
($SCRIPTPATH)=($0=~/(^.*)\\.*$/);
#
# Display header
#
print "\nAnti-DSinAddr V01.00.00pl Joe Richards ([EMAIL PROTECTED]) March 2004\n\n";
# Display header
#
print "\nAnti-DSinAddr V01.00.00pl Joe Richards ([EMAIL PROTECTED]) March 2004\n\n";
#
# Pull base and do initial dns zone search
#
my $base=shift;
my $cmd="adfind -gc -b $base -f name=microsoftdns -dn";
my @out=`$cmd 2>nul`;
my @rs=grep(/dn:/,@out);
chomp @rs;
map {s/^dn://} @rs;
#
# Go find reverse zones
#
print "Locating DNS in-addr arpa zones...\n";
my @zones=();
foreach $this(sort @rs)
{
print "$this\n";
$cmd="adfind -gc -b $this -f * -dn -s one";
@out=`$cmd 2>nul`;
@rs2=grep(/in-addr.arpa/,@out);
chomp @rs2;
map {s/^dn://} @rs2;
push @zones,@rs2;
@rs2=();
}
#
# Loop through zones and pull info
#
foreach $thiszone (sort @zones)
{
print "Zone: $thiszone\n";
$cmd="adfind -b $thiszone -f \"&(objectcategory=dnsnode)(dc>=0)\" -s one dnsrecord";
@out=`$cmd 2>nul`;
chomp @out;
$dn="";
foreach $thisline (@out)
{
if ($dn eq "")
{
($dn)=($thisline=~/^dn:(.+)/);
next;
}
if ($thisline=~/^>dnsRecord: (.+)/)
{
push @records,$1;
next;
}
# Loop through zones and pull info
#
foreach $thiszone (sort @zones)
{
print "Zone: $thiszone\n";
$cmd="adfind -b $thiszone -f \"&(objectcategory=dnsnode)(dc>=0)\" -s one dnsrecord";
@out=`$cmd 2>nul`;
chomp @out;
$dn="";
foreach $thisline (@out)
{
if ($dn eq "")
{
($dn)=($thisline=~/^dn:(.+)/);
next;
}
if ($thisline=~/^>dnsRecord: (.+)/)
{
push @records,$1;
next;
}
if ($thisline!~/\w/)
{
next unless $dn;
print DecodeRecord($dn,[EMAIL PROTECTED]);
$dn="";
@records=();
next;
}
}
}
{
next unless $dn;
print DecodeRecord($dn,[EMAIL PROTECTED]);
$dn="";
@records=();
next;
}
}
}
#****************************************************************************************
#* Subs and Functions *
#*--------------------------------------------------------------------------------------*
#* Subs and Functions *
#*--------------------------------------------------------------------------------------*
#*--------------------------------------------------------------------------------------*
#* Sub DecodeRecord *
#*--------------------------------------------------------------------------------------*
#* Input *
#* Scalar DN of record *
#* List Ref Reference to list with Hex Data for record *
#* *
#* Output *
#* List List of decoded records for that DN (note this can be multiple) *
#*--------------------------------------------------------------------------------------*
sub DecodeRecord
{
my @rs=();
my $dn=shift;
my $refrecords=shift;
my $hostip=join(".",($dn=~/DC=(\d{2,2}).(\d{2,2}).(\d{2,2})/)).".".($dn=~/^DC=(\d+),/)[0];
foreach $thisrecord (@$refrecords)
{
my $hostnamehex=substr(join("",split(/\s/,$thisrecord)),54);
my $hostname="";
map {$hostname.=chr(hex($_))} ($hostnamehex=~/(..)/g);
push @rs,"$hostip;$hostname\n";
}
return @rs;
}
#* Sub DecodeRecord *
#*--------------------------------------------------------------------------------------*
#* Input *
#* Scalar DN of record *
#* List Ref Reference to list with Hex Data for record *
#* *
#* Output *
#* List List of decoded records for that DN (note this can be multiple) *
#*--------------------------------------------------------------------------------------*
sub DecodeRecord
{
my @rs=();
my $dn=shift;
my $refrecords=shift;
my $hostip=join(".",($dn=~/DC=(\d{2,2}).(\d{2,2}).(\d{2,2})/)).".".($dn=~/^DC=(\d+),/)[0];
foreach $thisrecord (@$refrecords)
{
my $hostnamehex=substr(join("",split(/\s/,$thisrecord)),54);
my $hostname="";
map {$hostname.=chr(hex($_))} ($hostnamehex=~/(..)/g);
push @rs,"$hostip;$hostname\n";
}
return @rs;
}
Here
is what the output would look like
[Fri 03/26/2004
19:12:59.47]
F:\DEV\Perl\Anti-DSinAddr>anti-dsinaddr
F:\DEV\Perl\Anti-DSinAddr>anti-dsinaddr
Anti-DSinAddr V01.00.00pl Joe Richards ([EMAIL PROTECTED]) March 2004
Locating DNS in-addr arpa
zones...
CN=MicrosoftDNS,CN=System,DC=joe,DC=com
Zone: DC=68.69.69.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joe,DC=com
68.69.69.0;workstation0
68.69.69.1;workstation2
Zone: DC=69.69.69.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joe,DC=com
69.69.69.0;server0-a
69.69.69.0;server0
69.69.69.1;server1
CN=MicrosoftDNS,CN=System,DC=joe,DC=com
Zone: DC=68.69.69.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joe,DC=com
68.69.69.0;workstation0
68.69.69.1;workstation2
Zone: DC=69.69.69.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joe,DC=com
69.69.69.0;server0-a
69.69.69.0;server0
69.69.69.1;server1
[Fri 03/26/2004
19:13:01.23]
F:\DEV\Perl\Anti-DSinAddr>
F:\DEV\Perl\Anti-DSinAddr>
Now
this script was only tested in my little home test environment. I do not
normally run AD integrated DNS at home and definitely don't do so at work or
else I would do a little more testing on it. If it blows up, let me know.
Note
that the example above shows two host names for 69.69.69.0; this is correct
output. I did it on purpose to make sure I would catch that case. The GUI allows
that to be configured and obviously since dnsRecord is multivalued it also
allows it.
You
can run it two ways. The first is just type the name of the script and it will
find a GC and then find the reverse zones and start decoding or if you want to
give it a search base you can do that like this
anti-dsinaddr
ou=someou,dc=somedomain,dc=com
Let me
know if it works for you.
Oh
Robbie, if you are reading this, you have permission to post to your cookbook
web site if you see value in it. Just let me know you did so I can keep it in
mind if I do anything with it later.
Overall to everyone else - do you find things like this
useful when I do them and post them?
joe
-------------
http://www.joeware.net (download joeware)
http://www.cafeshops.com/joewarenet (wear joeware)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, March 26, 2004 5:22 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
Interesting problem.
What specifically do you need out of the octet string, just
the host name?
Anyone have a map of what exactly is in octet string or
what data should be in it even if you don't know the format? I would assume
probably serial number and some other info? It isn't in MSDN that I see.
dn:DC=0,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com
>dnsRecord: 0B00 0C00 05F0 0000 0200 0000 0000 0E10 0000 0000 0000 0000 0901 0762 6F62 7465 7374 00
>dnsRecord: 0B00 0C00 05F0 0000 0200 0000 0000 0E10 0000 0000 0000 0000 0901 0762 6F62 7465 7374 00
dn:DC=1,DC=20.10.169.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=joehome,DC=com
>dnsRecord: 0C00 0C00 05F0 0000 0300 0000 0000 0E10 0000 0000 0000 0000 0A01 0862 6F62 7465 7374 3200
>dnsRecord: 0C00 0C00 05F0 0000 0300 0000 0000 0E10 0000 0000 0000 0000 0A01 0862 6F62 7465 7374 3200
From this it appears that the hostname starts at about the
13th dword. So above would be 0A01 0862 6F62 7465 7374 3200 and 0A01 0862 6F62
7465 7374 3200 for the names which would resolve into bobtest and bobtest2.
This could be done fairly painlessly with perl I think...
As for Al's question about why enumerate via LDAP? Because
its there baby, that is the beauty of using LDAP. If you aren't going to do LDAP
queries, might as well be using a SQL Server or flat file or something.
Let me see what I can do with this. I just put the
Disturbed CD in, feeling like doing some hacking.
BTW, if you didn't go to the Directory Experts Conference,
you missed a good time. NetPro did a good job and there was a lot of good
discussions. Plus some of the stuff Stuart was talking about was pretty darn
cool.
-------------
http://www.joeware.net (download joeware)
http://www.cafeshops.com/joewarenet (wear joeware)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, March 26, 2004 3:18 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
David,
I am sure it will work but my DNS as over
45000+ objects and it is running on a production network. It scares me a little
to do that.
Y
From: Chianese, David P.
Sent: Fri 26/03/2004 2:47 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute?
As Al
mentioned, why not convert the zone to Std. Primary and take a copy of the zone
files that are written to disk. Then revert it back to ADI. I have
done this before without incident to supply our BIND unix servers
copies (or pieces) of our zone files. I have done this in the past for
stale PTR records as well.
Regards,
Dave
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of AD
Sent: Friday, March 26, 2004 2:30 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute?I am looking for duplicate registrations in the reverse lookup zone. I am hoping to export everything to txt (40000+ objects) file so I can parse using excel. I actually found the article you mention but the I have to install the WMI provider on the DC. I am hoping to avoid this if I can. Tha't why I am hoping to use LDAP with some sort of OctetString converter.Y
From: Mulnick, Al
Sent: Fri 26/03/2004 1:04 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute?You mean like a zone transfer?DNS.CMD could be useful, scripting could be useful such as this one http://www.microsoft.com/technet/community/scriptcenter/network/scnet163.mspx (note the requirements).DNSLINT might have some value for you as well.Heck, Nslookup in a loop might be useful but you'd have to know what you're going after.Saying all of that, you could transfer the zone to a non-integrated instance and parse the zone file if you really wanted to.I'd opt for the script, but that's me.Al
From: AD [mailto:[EMAIL PROTECTED]
Sent: Friday, March 26, 2004 1:00 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute?Hi Al,Can you elaborate how I can export the entire zone via DNS.ThanksYves
From: Mulnick, Al
Sent: Fri 26/03/2004 11:57 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Anyone ever convert dnsRecord attribute?Why do you want to enumerate via LDAP? Why not via DNS?
From: AD [mailto:[EMAIL PROTECTED]
Sent: Friday, March 26, 2004 11:39 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Anyone ever convert dnsRecord attribute?Help,We have a DNS integrated zone and I have a need to enumerate all reverse lookup records. Unfortunetaly the computer name in saved in a octectstring format attribute called dnsRecord.Lookup a record in theDC=xx.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=DomainName"container and you will see what I am talking about.As anyone ever written a function to convert this octetstring to something that is readable?ThanksYves St-Cyr
