maybe another options is... use joe's ADFIND and query for dnsNode objects and specifically the dnsRecord attribute. And see if you can filter differences just a wild idea Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : <see sender address>
________________________________ From: [EMAIL PROTECTED] on behalf of WATSON, BEN Sent: Wed 2006-11-08 22:39 To: [email protected] Subject: RE: [ActiveDir] [Semi-OT] AD Integrated DNS entries Hi Al, Thanks for the response. Yeah, that was much of what I expected. I figured what I was looking for would be somewhere in the realm of extremely difficult to find or impossible and I guess I was right. I'll definitely look into the DNSCMD and DSACLS to see if that can provide any of the information I am looking for. Thanks again, ~Ben From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, November 08, 2006 12:55 PM To: [email protected] Subject: Re: [ActiveDir] [Semi-OT] AD Integrated DNS entries One of the "nice to have's" that was left out of Microsoft's integrated implementation was the ability to easily gather this type of information. IIRC, DNSCMD coupled with dsacls will give you some of that information. There are also some api's that are available to try and roll your own, but nothing that really gives good information IMHO. There's a kb somewhere out there that describes how to set the ownership of each record using dsacls due to a problem with dhcp registration of records using a particular service account. I don't recall exactly the kb, but take a look and see if you can't modify the dsacls command to report the ownership of the records. Al On 11/7/06, WATSON, BEN <[EMAIL PROTECTED]> wrote: Hey guys, Simple question I hope. I was looking for a way to determine a couple things about DNS (A & PTR records) entries in an Active Directory Integrated DNS environment... 1) Is there a way to determine whether the entry has been manually defined (and thus is never scavenged) or registered through dynamic updates? 2) Is there a way to determine the current age of a DNS entry? 3) Is there a way to determine who has the rights to make modifications to an entry through dynamic updates? Thanks as always, ~Ben This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
<<winmail.dat>>
