DNS. Remove NS Records. Powershell.

After a force removal of a Domain Controller and the metadata cleanup using ntdsutil, I was left with a heap of NS records for each Zone in DNS to remove. Although possible, using the GUI to do this would be painful.

I removed these using Powershell and the DNS cmdlets.

Get-DnsServerZone | %{$Name = $_.zonename ; Get-DnsServerResourceRecord -ZoneName $_.zonename -RRType ‘NS’ | ?{$_.RecordData.NameServer -like “*serverfqdn.domain.com*”} | Remove-DnsServerResourceRecord -ZoneName $name}

Note: This requires confirmation each time. If you are brave enough use the ‘-Confirm:$false’ switch, however I wouldn’t recommend it.

If you want to confirm the records returned are correct, run the command below first

Get-DnsServerZone | %{$Name = $_.zonename ; Get-DnsServerResourceRecord -ZoneName $_.zonename -RRType ‘NS’ | ?{$_.RecordData.NameServer -like “*serverfqdn.domain.com*”}



Internal CA. The request subject name is invalid or too long.

You create a certificate request and submit it to your internal CA and you get this error.

“Error Parsing Request The request subject name is invalid or too long”

It may seem odd, as the CN for your request isn’t that long.

Tip. Check the country field, this only supports the two characters

certutil -dump %YourRequestFile%

It is discussed in futher detail in this forum post.


If you prefer openssl, us this command

openssl req -noout -text -in %YourRequestFile%


Add-DHCPv4FailOverScope : Failed to update failover relationship

Recently I was setting up DHCP High Availability.

All was going well, I had set up DHCP Services on my Standby Node and configured the DHCP Failover Relationship with my first DHCP scope.

All until I started to get the error below

Add-DHCPv4FailOverScope : Failed to update failover relationship MyRelationship on server MyServer
Category info: Object not found: (MyRelationShip:root/Microsoft/…v4FailoverScope)

The Solution

After some digging, this problem occurs where you have custom options set on your DHCP server and inside your DHCP scope.

To fix this. On the new standby server, open DHCP > Right click IPv4 > Set Predefined Options and add your options as required.






Configure Time Service for Domain, PDC

In this post, I’ll briefly run through the process I follow for configuring the time service in a domain, including the PDC Emulator.

There are a couple of considerations and questions you will need to ask yourself
– Is my Forest a single domain or are there multiple domains?
– What is my external NTP Time source?

In my example, I have a Forest with two domains.

In my ‘root’ Forest, identify by the PDC by running the following command on a Domain Cotnroller

dsquery server -hasfsmo pdc

On the PDC, I run the following command.

net stop w32time
w32tm /config /manualpeerlist:”NTP.Domain.Com ntp2.domain.com” /syncfromflags:manual /reliable:yes
net start w32time

Those commands

  • Stops the time service,
  • Configures the NTP server,
  • Configures the PDC as a reliable time source for domain clients
  • Starts the time service again

For the rest of your environment, including the PDC in the child domain, Servers and Workstations, run the following commands

net stop w32time
w32tm /config /syncfromflags:domhier
net start w32time

Those commands

  • Stops the time Service,
  • Configures the Client to use the Domain Hierarchy for Time Syncronisation
  • Starts the time Service again,

More information:

For more information, including details of the Time Service Hierarchy, go here https://technet.microsoft.com/en-us/library/cc773013(v=ws.10).aspx

Powershell Script. AD Replication Report.

Every Morning, I run a script to collect Replication test results from each of my domain controllers.

Although there could be some improvements, particularly with the text files I use. This is the script I run, with details of my environment taken out.

$Date = (get-date -Format “yyyy-MM-dd HHmm”)
$Output = “.\output.txt”
$tempFile = “.\Temp.txt”
$RunFrom = (get-location)
$Computer = gc env:computername

$smtpServer = “<yourSMTPServer>”
$emailFrom = “<YourSenderAddress>”
$emailTo = “<YourRecipients>”
$subject = “<YourSubjectLine>

$servers = “MyServer1″,”MyServer2″,”MyServer3”
$location = “MyLocation”
Set-Location $location

# Create text file
New-Item -ItemType file $Output -Force
add-content -path $Output -value “<YourTitleInformation>”
add-content -path $Output -value “$Date”
add-content -path $Output -value ” ”

$Servers | Foreach {

add-content -path $Output -value ” ”
add-content -path $Output -value “Server: $_”
add-content -path $Output -value “”

dcdiag /test:replications /s:$_ > $TempFile

(gc $TempFile) | ? {$_.trim() -ne “” } | set-content $TempFile

$tempContent = get-content $tempfile
add-content -path $Output -value $tempcontent


add-content -path $Output -value ” ”
add-content -path $Output -value “Run from $location on computer $computer at $date”

# Email
$OutputRead = (get-content $Output)
$body = New-object System.Text.StringBuilder
foreach($line in $OutputRead)
[void] $body.AppendLine($line.ToString())

# Send Email
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$smtp.Send($emailFrom, $emailTo, $subject, $body.ToString())