After enabling DNS Scavenging successfully in our infrastructure. It was huge pain to know what all DNS records have been scavenged. So, i wrote up a script to gather all information about scavenging and all scavenged records, then create a report for me and email me every Monday morning because Sunday is our scavenging day.
I am going to explain what all things will this script do for you and how can it be useful for your work.
Whenever DNS Scavenging happens, it generates two events, 2501 and 2502.
Event Id 2501 generates when DNS scavenging runs automatically. And the script which i created mainly uses 2501 event because DNS scavenging is configured to run automatically.
Event Id 2502 is same as 2501 and has all together information. But it generates when you run scavenging manually.
You will find both of these events under Event Viewer > Applications and Services Logs > DNS Server.
This event will look like this.
This event is a summary of all records which have been scavenged. For each and every scavenged record, there will be a event generated for the same by the event id 521. All these events are generated under Event Viewer > Application and Services Logs > Microsoft > Windows > DNS-Server > Audit.
This event will look like this.
Now you have enough idea where you can find all event logs regarding DNS Scavenging.
With help of this script, you will get message of event id 2501 in your email body and all event ids 521 will be in csv report in form of Host-name, Zone and Time.
Script will look like this.
Make sure you run the script on your domain controller and read it it properly before executing it.
Thank You.
Subscribe to:
Post Comments (Atom)
Hey! Curious script!
ReplyDeleteCan you update the link to download the script?