none
DNS and ACL RRS feed

  • Question

  • Hello,

    I'm trying to get all ACL for all DNS entries with Windows 2008.

    I don't find Powershell command and DNSCMD cannot give me the information.

    Can someone help me ?

    Thank you,

    Olivier

    Monday, June 27, 2016 11:47 AM

Answers

All replies

    • Marked as answer by oliviert74 Monday, June 27, 2016 12:47 PM
    Monday, June 27, 2016 11:50 AM
  • Thank you for your reply. The script is interesting but I don't understand how I can scan all records. In the example in the script, it is for 1 server only.

    Do you know how it works ?

    Monday, June 27, 2016 12:05 PM
  • I modified the script to scan everything. All works fine.

    Thank you very much,

    Olivier

    Monday, June 27, 2016 12:47 PM
  • What did u modify?
    Monday, June 27, 2016 12:48 PM
  • Here the script :

    [CmdletBinding()]
    [OutputType('System.DirectoryServices.ActiveDirectorySecurity')]
    param (
        [Parameter(ValueFromPipeline,
                   ValueFromPipelineByPropertyName)]
        [string]$DomainName = (Get-ADDomain).Forest,
        [ValidateSet('Forest','Domain')]
        [Parameter(ValueFromPipeline,
                   ValueFromPipelineByPropertyName)]
        [string[]]$AdDnsIntegration = 'Forest'
    )

    begin {
        Clear-Host
        $ErrorActionPreference = 'Stop'
        Set-StrictMode -Version Latest
    }

    process {
        try {
            $Path = "AD:\DC=$DomainName,CN=MicrosoftDNS,DC=$AdDnsIntegration`DnsZones,DC=$($DomainName.Split('.') -join ',DC=')"
            foreach ($Record in (Get-ChildItem -Path $Path)) {
                    #Get-Acl -Path "ActiveDirectory:://RootDSE/$($Record.DistinguishedName)" | Select Path, Owner | FT -AutoSize
            }
        } catch {
            Write-Error $_.Exception.Message    
        }
    }

    Modifications was made to get all entries.


    • Edited by oliviert74 Monday, June 27, 2016 1:49 PM
    Monday, June 27, 2016 1:27 PM