{"id":86099,"date":"2019-07-17T12:00:18","date_gmt":"2019-07-17T20:00:18","guid":{"rendered":"http:\/\/devblogs.microsoft.com\/scripting\/?p=86099"},"modified":"2019-10-29T06:37:17","modified_gmt":"2019-10-29T14:37:17","slug":"clean-up-domain-controller-dns-records-with-powershell","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/clean-up-domain-controller-dns-records-with-powershell\/","title":{"rendered":"Clean up Domain Controller DNS Records with Powershell"},"content":{"rendered":"

Summary<\/strong>: Using Windows PowerShell to remove Stale \/ Dead Domain Controller records.<\/p>\n

Q: Hey, Doctor Scripto!<\/p>\n

How can I quickly clean up all my dead Domain Controller\u2019s DNS records?<\/p>\n

A:<\/p>\n

That\u2019s a great question. The good Doctor also knows the very person to answer it best. My good friend Patrick Mercier, An Active Directory PFE who loves working with PowerShell.<\/p>\n

Take it away Patrick!<\/p>\n

Whether it\u2019s as part of Active Directory Disaster Recovery, or because you had an old Domain Controller you needed to get rid of, cleaning up all the DNS records of a now dead DC left behind can be tedious: that is, unless you use PowerShell<\/p>\n

So, as an Active Directory PFE, one of the common things we help customers out with is removing Domain Controllers from the environment. Sometimes that\u2019s as simple as the old DC that has to go away or as scary as having recovered AD from backup and having to remove all other DCs as we rebuild. Regardless of the scenario, cleaning DNS is a critical part of this and I\u2019ve frequently found it to be the part that scares customers the most.<\/p>\n

I was cleaning up records manually one day and as I typically do, I thought to myself, there has to be a better way\u2026 and there is.<\/p>\n

Before I continue though, this is not an Active Directory Disaster Recovery article. It\u2019s not a DNS clean up article. If you\u2019re looking for detailed explanations of all the DNS records this will delete, you\u2019ll want to go find an article about Active Directory DNS! What I will do, is demonstrate an easy way to delete all DNS records related to a Domain Controller with a single PowerShell command.<\/p>\n

First, let\u2019s create an array of all the records in the zone _msdcs.contoso.com:<\/p>\n

$dnsrecords = Get-DnsServerResourceRecord -ZoneName “_msdcs.contoso.com”<\/p>\n

This outputs everything in our zone.<\/p>\n

<\/p>\n

What we get though isn\u2019t the full picture. The data we need to filter on is part of the \u201cRecordData\u201d data column which in and of itself is an array of data. And to isolate the DC we want to clean up, we\u2019ll need to filter the resulting data. For that, we\u2019ll filter on some of the attributes available in the RecordData record set, specifically, IPv4Address, NameServer and DomainName.<\/p>\n

$deadDC = $dnsrecords | Where-Object {$_.RecordData.IPv4Address -eq “192.168.50.15” -or $_.RecordData.NameServer -eq “DC02.contoso.com.” -or $_.RecordData.DomainName -eq “DC02.contoso.com.”}<\/p>\n

<\/p>\n

Sweet, now I have all the DNS records for my dead Domain Controller in one array!<\/p>\n

From here, it\u2019s super easy to delete them all, simply by calling the Remove-DnsServerResourceRecord cmdlet against the array and the zone! Because any good domain administrator has a bit of paranoia built in, let\u2019s run that as a \u201cWhat if\u201d to confirm:<\/p>\n

$deadDC | Remove-DnsServerResourceRecord -ZoneName “_msdcs.contoso.com” -whatif<\/p>\n

<\/p>\n

And now, that I\u2019ve got some peace of mind that nothing I need is being deleted, I simply remove the what if and the records are gone! No manual clean up.<\/p>\n

So, if I were to bring all those components into one command, the result is:<\/p>\n

Get-DnsServerResourceRecord -ZoneName “_msdcs.contoso.com” | `<\/p>\n

Where-Object {$_.RecordData.IPv4Address -eq “192.168.50.15” `<\/p>\n

-or $_.RecordData.NameServer -eq “DC02.contoso.com.” -or `<\/p>\n

$_.RecordData.DomainName -eq “DC02.contoso.com.”} | Remove-DnsServerResourceRecord -ZoneName “_msdcs.contoso.com” -force<\/p>\n

Simple really.<\/p>\n

Thanks Patrick for an excellent tip to making all of this happen!<\/p>\n

So that is all there is to using PowerShell to cleanup dead Domain Controller records.<\/p>\n

I invite you to follow the Scripting Guys on Twitter<\/a> and Facebook<\/a>. If you have any questions, send email to them at scripter@microsoft.com<\/a>, or post your questions on the Official Scripting Guys Forum<\/a>. See you tomorrow.<\/p>\n

Until then always remember that with Great PowerShell comes Great Responsibility.<\/p>\n

Your Good friend, Dr. Scripto<\/p>\n

Windows PowerShell, Patrick Mercier, Scripter<\/strong><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Summary: Using Windows PowerShell to remove Stale \/ Dead Domain Controller records. Q: Hey, Doctor Scripto! How can I quickly clean up all my dead Domain Controller\u2019s DNS records? A: That\u2019s a great question. The good Doctor also knows the very person to answer it best. My good friend Patrick Mercier, An Active Directory PFE […]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[568,685,641],"tags":[7,509,1701,1700,45],"class_list":["post-86099","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hey-scripting-guy","category-scripting-techniques","category-windows-powershell","tag-active-directory","tag-hey-scripting-guy","tag-patrick-mercier","tag-scripter","tag-windows-powershell"],"acf":[],"blog_post_summary":"

Summary: Using Windows PowerShell to remove Stale \/ Dead Domain Controller records. Q: Hey, Doctor Scripto! How can I quickly clean up all my dead Domain Controller\u2019s DNS records? A: That\u2019s a great question. The good Doctor also knows the very person to answer it best. My good friend Patrick Mercier, An Active Directory PFE […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/86099","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=86099"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/86099\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=86099"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=86099"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=86099"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}