Home > Uncategorized > HOWTO: Obtain DNS information from NIC’s via PowerShell

HOWTO: Obtain DNS information from NIC’s via PowerShell

Recently we have had a need to confirm DNS settings on various Windows Servers to ensure that they are pointed to the correct servers and not fully dependant on servers in a remote site, incorrectly.  In order to do so, one needs to be able to get a report on all the current settings in use and locate the errors.

A few years ago I came across a blog post (http://deinfotech.blogspot.ca/2011/11/i-was-given-task-to-change-dns-server.html) that had a similar requirement and even went a step further to programmatically update the DNS entries.  For our needs here, we will focus only on obtaining the report.

===== DNSReport.PS1 =====

$servers = Get-Content MyServers.txt

Add-Content DNSInfo.csv "ServerName,IPAddresses,NICIndex,NICName,ExistingDNSSettings"

foreach($server in $servers)

{
$error.clear()
try
{

$nicConfigs = Get-WmiObject Win32_NetworkAdapterConfiguration -ComputerName $server -ErrorAction Stop | Where{$_.IPEnabled -eq "TRUE"}
foreach($nicConfig in $nicConfigs)

{
$nic = Get-WmiObject Win32_NetworkAdapter -ComputerName $server -ErrorAction Stop | Where{$_.DeviceID -eq $nicConfig.Index}
$nicName = $nic.NetConnectionID
$nicIndex = $nicConfig.Index
$nicIP = $nicConfig.IPAddress
$currentDNS = $nicConfig.DNSServerSearchOrder
Write-Host "$server,$nicIP,$nicIndex,$nicName,$currentDNS"
Add-Content DNSInfo.csv "$server,$nicIP,$nicIndex,$nicName,$currentDNS"
}
}
catch [system.exception]
{
Write-Host "Error: $server" $error
Add-Content DNSInfoError.txt "Error: $server $error"
}
}

===== DNSReport.PS1 =====

The report assumes that in the folder it is run from, that a list of servers exists as a file called “MYSERVERS.TXT”.  There are many ways to build this file, I’ll let you use whatever tools work to your satisfaction (eg: dump from “net view”, using “dsquery” to pull from AD, a ping sweep, etc)

This will get you a CSV file with information that looks like:

ServerName,IPAddresses,NICIndex,NICName,ExistingDNSSettings

SERVERKEL1,172.226.0.5,10,Ethernet,172.226.0.6 172.21.1.20 172.21.1.21

SERVERKIT1,172.21.1.110,7,Local Area Connection,172.21.1.20 172.21.1.21

SERVERLANG1,172.7.0.11 fe80::d03d:824e:4846:5deb,7,Local Area Connection,172.21.1.20 172.21.0.5

SERVERLBR1,172.229.0.5,13,Team 1,172.21.1.21 172.22.0.5

SERVERMHA1,172.4.0.5,1,Local Area Connection,172.22.0.6 172.21.1.20 172.21.0.5 172.21.1.21 172.22.0.6

One thing that could be done, at the command line (if you wish to avoid Excel) is to filter and look for only the incorrect entries (eg: 172.21.0.5 and 172.22.0.6).  However, doing so here can get false positives as you are scanning the entire network vs just one site (depending on how you built MYSERVERS.TXT), and some servers SHOULD likely legitimately use those addresses.   When you import it, you’ll find that the “ExistingDNSSettings” column is space delimited, and thus you should highlight this column and do a “text to columns” to make it one DNS per column.

This turns the CSV into:

ServerName

IPAddresses

NICIndex

NICName

DNSSettings

       

SERVERKEL1

172.226.0.5

10

Ethernet

172.226.0.6

172.21.1.20

172.21.1.21

   

SERVERKIT1

172.21.1.110

7

Local Area Connection

172.21.1.20

172.21.1.21

     

SERVERLANG1

172.7.0.11

7

Local Area Connection

172.21.1.20

172.21.0.5

     

SERVERLBR1

172.229.0.5

13

Team 1

172.21.1.21

172.22.0.5

     

SERVERMHA1

172.4.0.5

1

Local Area Connection

172.22.0.6

172.21.1.20

172.21.0.5

172.21.1.21

172.22.0.6

You can now:

· Filter the IPAddresses field for the IP range of the site in question (eg: STARTS WITH TEXT = “172.21.1”)

· Filter the ExistingDNSSettings by the IP’s you’re looking for (eg: 172.21.0.5 and 172.22.0.6) for each column.  If you do all columns, then you will catch ONLY the records that use ONLY those IP’s and not those that might use one of those IP’s for one of many DNS entries – which would be acceptable.

The Blog posting does have a script for how to take the CSV and then update the remote sites.  This is programmatically difficult as depending on which NIC it is, you need to specify the command different.  This is why the script captures the “NICIndex”, to solve this issue.

Note that of course this only works for systems that will allow PowerShell in some manner.  Older Windows OS’s may not, infrastructure devices will not, etc.  So there are still a lot of places where manual intervention is required.  But this process can at least process a good number of them in bulk.  Also, if the PowerShell can NOT obtain the information it does not output to the CSV.  Instead, at the command line you will see:

SERVEREDMINF2,172.22.0.243 fe80::5f1:3782:9552:b10b,10,Ethernet,172.22.0.5 172.21.1.20

SERVEREDMMDM1,172.22.17.61 fe80::80db:27ec:ff46:f864,7,Local Area Connection,172.21.1.20 172.21.1.21 172.22.0.6 172.21.0.5

Error: SERVEREDMOSSV1 The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

Error: SERVEREDMSAN3 The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

Error: SERVEREDMTEST1 The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

Error: SERVEREDMTF1 The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

SERVEREDMVR1,172.22.17.21 fe80::7441:2dc4:eb8f:3cf7,7,Local Area Connection,172.21.1.20 172.21.1.21

Error: SERVEREDMVRANGER The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

SERVERFMM1,172.212.0.7,2,Local Area Connection 2,172.21.0.5 172.22.0.6

SERVERFSJ1,172.35.0.5,7,Local Area Connection,172.35.0.8 172.21.1.20

SERVERFSJ1,169.254.95.120,13,Local Area Connection 3,

Error: SERVERFSJ1-OLD The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

Error: SERVERFSJ3 The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

Error: SERVERFTP1 Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

SERVERINV1,0.0.0.0,1,Local Area Connection 2,

SERVERINV1,172.21.0.5,2,Local Area Connection,172.21.0.5 172.22.0.6

So don’t assume that the output is all inclusive.  Also, it may be prudent to go find out WHY it’s failing, as it likely is indicative of some other larger error.  (Many of the above are obsolete servers showing 0x000706BA are in fact no longer present on the network).

Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: