X

Networking basics: Check if your domain controller host records are registered

When you implement an Active Directory domain controller, the installation process creates several DNS records in the DNS server. The installation process creates service records, sometimes referred to as SRV, NTDS object in the Active Directory, and host record in the DNS Server. Not many Active Directory administrators know that missing domain controller host records in the DNS server can lead to replication and other issues in the Active Directory environment. For example, Windows client computers will fail to query and apply Group Policy settings if the host record of domain controller is missing in the DNS Server.

Possible reason for missing domain controller host records

As you might know, Windows client computers including domain controllers register their host record in the locally configured DNS server every day. It is important for domain controllers to keep refreshing their host record in the DNS Server. Domain controller host records might be missing if the domain controller fails to refresh the host record in the DNS Server and if DNS Scavenging is enabled on the DNS server. The DNS Scavenging checks the DNS records that have not been updated for some time and then removes them. The process for registering the Host record in the DNS Server is controlled by Register this connection’s addresses in DNS setting on the property page of network adapter as shown in the screenshot below:

If the Register this connection’s addresses in DNS option is not enabled, Windows clients including domain controllers will not be able to register or update its host record in the DNS Server. To ensure all Active Directory domain controllers have a host record registered in the DNS server, you can use the PowerShell script below. The PowerShell script helps you identify the missing domain controller host records for each domain controller and provided a report in the CSV format.

Requirements

Make sure to run the PowerShell script from a Windows Server 2012 R2 member server or domain controller, and ensure to create a Temp folder on the C:\ drive as script generates a report by name “OrpDCs.TXT” under the C:\Temp folder. Once you have met these requirements, copy the script in a PS1 file and execute it from an elevated PowerShell window.


$TestCSVFile = "C:\Temp\DCHostRecordStatus.CSV"
Remove-Item $TestCSVFile -ErrorAction SilentlyContinue
$ThisString="Domain Name, Domain Controller, A Host Record Name, Registered with IP Address, Final Status"
Add-Content "$TestCSVFile" $ThisString
$TestStatus="Passed"
$TestText = ""
$sumVal=0
$ReachOrNot = "Yes"
$AnyGap = "No"
$TotNo = 0
ForEach ($ThisDomain in Get-Content "$GDomList")
{
$CNAMEFile = "C:\Temp\"+$CurProfNowForAll+"_CNAMETempCRC.DPC"
Remove-item $CNAMEFile -ErrorAction SilentlyContinue
$PDCServerToConnect = "$ThisDomain"
$ThisZoneNow = $ThisDomain
$Error.Clear()
$RSNow = Get-DnsServerResourceRecord -ComputerName $PDCServerToConnect -ZoneName $ThisZoneNow | ? {($_.recordtype -eq 'A')}
IF ($Error.Count -eq 0)
{
$AllDCS = Get-ADDomainController -Filter * -Server $ThisDomain
ForEach ($AllDCsNow in $AllDCS)
{
$ThisDCToCheck=$AllDCsNow.Hostname
$ThisDCIPAddress = $AllDCsNow.IPv4Address
$FoundOrNotNow = "No"
ForEach ($InFileNow in $RSNow)
{
$ThisNameNow = $InFileNow.HostName
$ThisIPInFile = $InFileNow.recordData.IPv4Address.IPAddressToString
$CUT1, $CUT2 = $ThisDCToCheck.Split(".")
IF ($ThisNameNow.ToLower() -eq $CUT1.ToLower() -and $ThisIPInFile -eq $ThisDCIPAddress)
{
$FoundOrNotNow = "Yes"
break
}
}
IF ($FoundOrNotNow -eq "No")
{
$FinalSTR = $ThisDomain+","+$ThisDCToCheck+", Not Registered, "+$ThisDCIPAddress+", Warning: Host record Not found in DNS Server for this domain controller."
Add-Content "$TestCSVFile" $FinalSTR
$AnyGap = "Yes"
$TotNo++
}
IF ($FoundOrNotNow -eq "Yes")
{
$FinalSTR = $ThisDomain+","+$ThisDCToCheck+","+$ThisNameNow+","+$ThisIPInFile+", Ok"
Add-Content "$TestCSVFile" $FinalSTR
}
}
}
else
{
$ThisSTR = $ThisDomain+",Error Connecting to PDC in this domain."
$ErrorOrNot = "Yes"
Add-Content "$TestCSVFile" $ThisStr
}
}
IF ($AnyGap -eq "Yes")
{
$TestStatus="Critical"
$TestText = "There are a few domain controllers for which A Host Record in DNS Server is not registered. Please ensure A Host records are registered for all Domain Controllers in the DNS Server."
$SumVal = $TotNo
}
IF ($AnyGap -eq "No")
{
$TestStatus="Passed"
$TestText = "A Host Records for all domain controllers are registered in the DNS Server."
$SumVal = ""
}
$STR = $ADTestName +","+$TestStartTime+","+$TestStatus+","+$SumVal +","+$TestText
Remove-item $CNAMEFile -ErrorAction SilentlyContinue


Once the script has finished executing, a report will be generated under C:\Temp\DCHostRecordStatus.CSV as shown in the screenshot below.

As you can see in the report above, the script checked host records for all the domain controllers in the DNS server and reported the status for each domain controller. As it is indicated in the report above, the script couldn’t find a host record registered in the DNS server for DC3.TechGenix.com domain controller. Once you have the report and if you find any missing domain controller host records, you can take necessary corrective actions.

We explained how you can use a simple PowerShell script to check whether a host record for all the domain controllers is registered or not. The script generates a report in CSV file and provides the status for each domain controller. You can include above script in your Active Directory health procedure and have it run every month to ensure host records for all the domain controllers are healthy.