DNS management using Powershell

DNSCMD is powerful command line utility to manage the DNS in windows environment. The details for DNSCMD comes into a rescue for such scenarios.

LAB-0002

DNSCMD

  • displays and changes the properties of DNS servers zones, and resource records
  • manually modifies these properties, creates and deletes zones and resource records
  • Forces replication events between DNS server physical memory DNS databases and data files.

Clearcache (DNS)

  • C:>dnscmd dc1.lab.local /clearcache

Recorddelete (PTR)

  • C:>dnscmd /recorddelete 20.20.20.in-addr.arpa. 123 PTR

RecordAdd

  • Dnscmd /RecordAdd will not generally perform a replace.
  • D:>dnscmd /RecordAdd lab.local W10PC A 20.20.20.101
  • Add A Record for W10PC.lab.local lab.local

RecordAdd

  • D:>dnscmd /RecordAdd lab.local test A 20.20.20.101
  • Add A Record for test. lab.local at lab.local

enumrecords

  • PS C:UsersAdministrator> dnscmd /enumrecords lab.local test

RecordDelete

  • D:>dnscmd /RecordDelete lab.local test A

Recordadd (A record)

  • D:>dnscmd /RecordAdd lab.local test A 20.20.20.103

 

For more detailed list of command and arguments here is the technet: https://technet.microsoft.com/en-us/library/cc772069.aspx

Active Directory Useful Commands

There are some useful Shortcut keys for managing Active Directory for daily operations.

dnsmgmt.msc (DNS Manager)

domain.msc (Active Directory domains and trusts)

schmmgmt.msc (Active Directory Schema snap-in)

dssit.msc (Active Directory Sites and Services)

dsa.msc (Active Directory Users and Computers)

DCPromo (Active Directory Installation Wizard)

Dcdiag.exe (command line tool analyzes the state of domain controllers and reports any problems.
adsiedit.msc (Used for editing Active Directory to add, delete, or move objects within the directory)

Netdiag.exe
(Helps isolate networking and connectivity problems by performing a series of tests to determine the state of the network client.)

Netdom.exe

Ntdsutil.exe (Used to perform database maintenance of Active Directory, manage and control single master operations, and remove metadata left behind by domain controllers that were removed from the network)

Repadmin.exe (diagnose replication problems between domain controllers.)

 

NLTEST

/dclist parameter is used to create a list of domain controllers of the domain fourthcoffee.com

nltest /dclist:lab.local

nltest /user:”TestAdmin” (Advanced information about users)

nltest.exe /server:W2K16dc01 /sc_query:lab.local (Verify trust relationship with a specific server)

nltest /dcname:lab (Determine the PDC emulator for a domain)

nltest /domain_trusts (Show trust relationships for a domain)

For more details on NLTEST command: https://technet.microsoft.com/en-us/library/cc786478.aspx

 

 

 

The User Profile Service Failed The Sign-In. User Profile Cannot Be Loaded – Server 2012

While working on server 2012, someone messed with profiles folder and so nobody was able to login on server. Whenever we try to login on server we got this error:
0001

The User Profile Service service failed the sign-in. User profile cannot be loaded.

The solution worked for us:

  1. Try to access the server from another server as file shre to C$ and freeup some space to see if its a problem of disk space. If no success then proceed to step 2.
  2. Go to Computer management on another server and connect to problematic server management from Actions menu. Check the event Logs and you must find an entry in Application logs as:

0000
Now, Make the local system account an owner of the v15 sub directory listed in the above error, and then apply to all child sub directories and files and then Enable inheritance on the V15 sub directory, and then delete all non inherited permissions on V15 and it’s child sub directories and files.

If the problem still remains same then continue the troubleshooting steps:

3. Delete all the profiles from REGEDIT ( HKLMSOFTWAREMicrosoftWindows NTCurrent VersionProfileList) EXCEPT for the system related ones.

Thats all. It should normally fix the problem. If not, then post your results in comment and we would like to assist you.

Thanks.

 

Check WMI Problem on SQL Cluster server

On SQL cluster, sometimes the fialover cluster manager stopped working because of WMI issue and we receive following errors:

0060

Or

0061

 

But we cannot say its defining the WMI problem.. We can check by running below command on each node of the Cluster.

Get-WmiObject -namespace "rootmscluster" -class MSCluster_Resource

Also, there is a script taken from the Technet  The script can be run on one of the nodes that will connect to all the other nodes and check to see if the namespace is present.  If it is, it will succeed.  If the namespace does not exist, it will fail.

Set-ExecutionPolicy unrestricted

cls

If(import-module failoverclusters)
{

Write-Host "Imported Cluster module"

}

Write-Host "Getting the cluster nodes..." -NoNewline
$nodes = Get-ClusterNode
Write-host "Found the below nodes "
Write-host " "
$nodes
Write-host ""
Write-host "Running the WMI query...."
Write-host " "
ForEach ($Node in $nodes)
{
Write-Host -NoNewline $node

if($Node.State -eq "Down")
{

Write-Host -ForegroundColor White    " : Node down skipping"
}

else
{

Try
{
#success

$result = (get-wmiobject -class "MSCluster_CLUSTER" -namespace "rootMSCluster" -authentication PacketPrivacy               -computername $Node -erroraction stop).__SERVER
Write-host -ForegroundColor Green      " : WMI query succeeded "
}
Catch
{

#Failure

Write-host -ForegroundColor Red -NoNewline  " : WMI Query failed "
Write-host  "//"$_.Exception.Message
}
}

}

In the below example, you can see that one of the nodes failed.

0062

 

To correct the problem, you would need to run the below from an administrative command prompt on the “failed” node(s).

cd c:windowssystem32wbem
mofcomp.exe cluswmi.mof

Once the Cluster WMI has been added back, you can successfully open Failover Cluster Management.  There is no restart of the machine or the Cluster Service needed.

If nothing works, Then proceed to restart the server is not a bad option.

DFSR Reference Articles

DFS Replication: Frequently Asked Questions (FAQ)

http://technet.microsoft.com/en-us/library/cc773238(v=ws.10).aspx

Understanding DFSR Dirty (Unexpected) Shutdown Recovery (event: 2213)

http://blogs.technet.com/b/filecab/archive/2012/07/23/understanding-dfsr-dirty-unexpected-shutdown-recovery.aspx

DFS Replication: Survival Guide:

http://social.technet.microsoft.com/wiki/contents/articles/438.dfs-replication-survival-guide.aspx

Tuning replication performance in DFSR (especially on Win2008 R2):

http://blogs.technet.com/b/askds/archive/2010/03/31/tuning-replication-performance-in-dfsr-especially-on-win2008-r2.aspx

Top 10 Common Causes of Slow Replication with DFSR:

http://blogs.technet.com/b/askds/archive/2007/10/05/top-10-common-causes-of-slow-replication-with-dfsr.aspx?PageIndex=16

How to Determine the Minimum Staging Area DFSR Needs for a Replicated Folder:

http://blogs.technet.com/b/askds/archive/2011/07/13/how-to-determine-the-minimum-staging-area-dfsr-needs-for-a-replicated-folder.aspx

Common DFSR Configuration Mistakes and Oversights:

http://blogs.technet.com/b/askds/archive/2010/11/01/common-dfsr-configuration-mistakes-and-oversights.aspx

Manually Clearing the ConflictAndDeleted Folder in DFSR:

http://blogs.technet.com/b/askds/archive/2008/10/06/manually-clearing-the-conflictanddeleted-folder-in-dfsr.aspx

What’s Causing that DFSR Change Storm?  :

http://blogs.technet.com/b/askds/archive/2012/06/01/what-s-causing-that-dfsr-change-storm.aspx

Get out and push! Getting the most out of DFSR pre-staging:

http://blogs.technet.com/b/askds/archive/2008/02/12/get-out-and-push-getting-the-most-out-of-dfsr-pre-staging.aspx?Redirected=true

Removing DFSR Filters:

http://blogs.technet.com/b/askds/archive/2011/11/14/removing-dfsr-filters.aspx

Understanding DFSR debug logging (Part 15: Pre-Seeded Data Usage during Initial Sync):

http://blogs.technet.com/b/askds/archive/2009/04/07/understanding-dfsr-debug-logging-part-15-pre-seeded-data-usage-during-initial-sync.aspx

Edit the Quota Size of the Staging Folder and Conflict and Deleted Folder:

http://technet.microsoft.com/en-us/cc754229.aspx

RDC and Cross file RDC

http://blogs.technet.com/b/askds/archive/2010/08/20/friday-mail-sack-scooter-edition.aspx

DFS Replication issue on Primary and Read-Only nodes

Scenario:

When you have issue with DFS replication in Read-Only mode.

Action:

Following are the steps that we followed to fix the no replication issue.

First check if both the nodes Primary and read-only are healthy however in this scenario Primary server had a Dirty shutdown issue and we were getting event 2213 for Volume: X

Since we had to ensure that Primary server: XXX becomes primary we had to disable the membership of Secondary server.

Once the Primary server was recovered from the error state using the wmic command provided in the 2213 event itself then we enabled the membership of the Secondary server. Also created services time out registry to ensure that DFSR service gets more time when we do shutdown or restart of the server or the DFSR service.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/ed52b8ca-f884-43a1-bcec-0ef24ea9ce63/servicespipetimeout-in-windows-2008-r2

Also we increased the value of WaittoKillservicestimeout registry.

Disabled offloads on the srevers using the below commands:

Disabled offload using commands on both the servers.

Pass these commands on both servers:

netsh int tcp set global chimney=disabled

netsh int tcp set global rss=disabled

netsh int ip set global taskoffload=disabled

netsh int tcp set global autotuninglevel=disabled

netsh int tcp set global congestionprovider=none

netsh int tcp set global ecncapability=disabled

netsh int tcp set global timestamps=disabled

netsh advf set allp state off

created performance registry keys as both the servers are 2008 R2

http://blogs.technet.com/b/askds/archive/2010/03/31/tuning-replication-performance-in-dfsr-especially-on-win2008-r2.aspx

Understanding DFSR Dirty (Unexpected) Shutdown Recovery: http://blogs.technet.com/b/filecab/archive/2012/07/23/understanding-dfsr-dirty-unexpected-shutdown-recovery.aspx

once we got state 4 on the Primary server then we enabled the secondary RO server membership.

Since the Primary server has lots of data and users are also making change at the same time so Secondary server will take lot of time to complete the sync.