The SPN trick only works on ADI DNS servers. I checked and verified.
What's the firewall status?
This two-liner works great for a DA if the firewall lets you through:
$computers = dsquery * forestroot -filter objectCategory=computer -attr
dnsHostName -limit 0
foreach( $computer in $computers ) { get-service "DNS Server" -computername
$computer.Trim() -ea 0| out-null; if( $? ) { "DNS Server on $computer" } else {
"...no DNS Server on $computer" } }
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: Webster [mailto:[email protected]]
Sent: Wednesday, September 22, 2010 4:29 PM
To: NT System Admin Issues
Subject: RE: Show all DNS Servers in AD
What the customer is wanting is a way to list all the servers running DNS in
their AD environment. The nslookup command that ASB gave shows the 5 AD DNS
servers but does not show the SQL Server that is running DNS (and they don't
know why that server is running DNS anyways). They are trying to see if there
is a way to find if there are any other servers running DNS on their network
besides telnetting to port 53 on every server.
Thanks
Webster
From: Brian Desmond [mailto:[email protected]]
Subject: RE: Show all DNS Servers in AD
Andrew-
The way that option works is it create an NDNC aka Application Partition and
the DCs hosting DNS enlist in it. It's possible that either a) DCs without DNS
are enlisted in it for replication or b) vice versa (though this may be
semi-protected against). It's also possible to create custom NDNCs for DNS with
custom replication scopes.
I'm guessing the OP probably has a relatively small/simple environment and this
is all over thinking, but, in a large AD environment there's going to be a lot
of variables to actually track down a proper list.
From: Andrew S. Baker [mailto:[email protected]]
Subject: Re: Show all DNS Servers in AD
I would think that AD has some way of tracking all DNS servers in a forest,
because it allows you to replicate a zone to all DNS servers in a forest or
domain.
One way to get at least a partial list of DNS servers would be via NSLOOKUP
nslookup -type=ns yourlocaldomain.tld
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to
[email protected]<mailto:[email protected]>
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
