List all AD records

Feb 15, 2011 at 4:17 PM

Hello, first let me say that DNSShell is awesome!  I just used it to create a nice report of our 300 or so DNS Servers and their configurations, very cool.

My question is, how can I use DNSShell to list all of the the records, and their ages?  I would have thought I could do this with "Get-DNSRecord", or "Get-ADDNSRecord", but it doesn't seem to work, and there doesn't seem to be any builtin "help" around these to items. 

Any help would be appreciated.

Feb 15, 2011 at 5:44 PM

Hi there,

You mean the record timestamp (for dynamically updated records)? If so, both Get-DnsRecord and Get-ADDnsRecord will display that by default.

If you need the creation date for a record in an AD Integrated zone you will need to use Get-ADDnsRecord instead.

Are you finding the CmdLets do not return anything at all? Or are they returning Static for all records?


Feb 15, 2011 at 7:34 PM

Thanks Chris, yes, I mean the record timestamp.  But when I run either "Get-DNSRecord", or "Get-ADDnsRecord" as "Get-ADDnsRecord [DOMAIN]" I get the error below:

Get-DnsRecord : Invalid namespace
At line:1 char:14
+ Get-DNSRecord <<<<
    + CategoryInfo          : InvalidOperation: (DnsShell.PowerS...anagementCmdlet:RuntimeT
    + FullyQualifiedErrorId : WMIManagementException,DnsShell.PowerShell.CmdLet.DnsRecord

If I run it as "Get-ADDnsRecord [DNS Server]", it does not error and appears to do something, but after a second or two, I get a fresh prompt.  No data is returned.  Am I not using the correct syntax?

Feb 15, 2011 at 7:40 PM

Ahh got it :)

So for Get-DnsRecord you'll need to point it at a DNS server. It's utterly reliant on the WMI provider. So in theory this:

Get-DnsRecord -Zone -Server SomeServer
AD can find it's own way, however, by default it only searches DomainDnsZones. Best bet for that one is this:

Get-ADDnsPartition | Get-ADDnsRecord

That will show you all records across all zones and all partitions (Domain, DomainDnsZones, ForestDnsZones and, hopefully, any custom partitions). It has a slight advantage that it does not target a specific server, and does not require admin credentials to run.


Feb 15, 2011 at 7:49 PM

That did it!  Thank you very much.

Feb 15, 2011 at 8:26 PM
Edited Feb 15, 2011 at 8:34 PM

Ok, this is cool.  But I'm running into an error that I'm not sure how to troubleshoot, and I hope you have an idea.  I'm running the command and exporting the data to a CSV.  It works great for about 1300 records, but then it errors (see below), and stops.  I know we have more than 1300 records, but the error is fairly vague, so I'm not sure what to fix to allow this to run completely.  Is there a way to get "Get-ADDnsRecord" to spit out the specific server that it's having the problem with?  Or perhaps a more verbose output or debug mode?

PS U:\> Get-ADDnsPartition | Get-ADDnsRecord | Export-CSV C:\Users\JBoomer\Desktop\Records.csv
Get-ADDnsRecord : The server does not support the control. The control is critical.
At line:1 char:37
+ Get-ADDnsPartition | Get-ADDnsRecord <<<<  | Export-CSV C:\Users\JBoomer\Desktop\Records.csv
    + CategoryInfo          : NotSpecified: (:) [Get-ADDnsRecord], DirectoryOperationException
    + FullyQualifiedErrorId : System.DirectoryServices.Protocols.DirectoryOperationException,DnsShell.PowerShell.CmdLe

PS U:\>

Feb 15, 2011 at 8:32 PM

That's going to be a very difficult one to troubleshoot unfortunately. It's not one I've encountered in my test environment. You might see if you can limit the scope a little, avoiding the error:

Get-ADDnsPartition |
  Get-ADDnsZone |

I'm pretty sure that won't fix it, or even bypass it, but it's worth a shot. If that doesn't work, I'm afraid you'll have to head back to Get-DnsRecord until I can figure out the cause of that one or at least write some debugging code into the module



Feb 15, 2011 at 8:37 PM

Ok, thanks, this cmdlet definately rocks though!  Thankyou