Use PowerShell to Troubleshoot Active Directory Integrated DNS

Use PowerShell to Troubleshoot Active Directory Integrated DNS

  • Comments 2
  • Likes

Summary: Microsoft Scripting Guy, Ed Wilson, talks about troubleshooting the status of Active Directory integrated DNS servers.

Microsoft Scripting Guy, Ed Wilson, is here. The first ever PowerShell Saturday that was held in Columbus, Ohio was a tremendous success. It was really great to see people who I had literally not seen for five or six years, and to meet new people for the first time ever. People came from nearly a dozen states to attend this event. It was awesome, and I look forward to helping out with the next PowerShell Saturday event.

One of the cool things about Windows PowerShell is that if a particular cmdlet does not exist, there are multiple choices for a solution. Depending on what I am seeking, I might write a quick script, dash off a fast little function, write a more reusable function, or even write a module to provide the functionality I seek. Many times, however, I do none of the above. In fact, I find myself spending a lot of time at the Windows PowerShell console plunking around. Interactive use of the Windows PowerShell console is a great way to discover information, to manage a system, or to troubleshoot a problem.

Today, I ran into a problem. It always happens when we come back home—or at least it seems to be a problem when we come back home after having been gone for a while. The network is down—or at least that was the report from the Scripting Wife. What the Scripting Wife actually meant to say was that from her computer in the kitchen, she was unable to connect to Facebook. That, in my mind, hardly qualifies as the network is down…but I digress.

The first thing I needed to do, after ensuring that her computer could actually communicate with other machines on the network, was to look at DNS. Indeed, it seemed to be a name resolution issue, because it turned out I could ping by IP address, by not by name. I have a rather complicated network at home, and I could not remember which of my domain controllers are actually running DNS (because I am using Active Directory integrated DNS).

The first thing I do is create a remote session to one of my domain controllers. (I do this because my computer does not have the RSAT tools installed.) The command is shown here, and it enables me to use alternate credentials, if needed. (My normal user account is as a regular user, and so I need to specify an account with admin rights.)

Enter-PSSession -ComputerName dc3 -Credential iammred\administrator

When I have done that, I import the ActiveDirectory module. This command is shown here.

Import-Module activedirectory

Now I need to retrieve a list of all of my domain controllers. To do this, I use the Get-ADDomainController cmdlet, and I use a wild card for the Filter parameter. For each of the domain controller objects that return from the previous command, I need to find out the status of the DNS Server service on the machine. To do this, I use the Get-Service cmdlet. Luckily the Get-Service cmdlet accepts a value for the ComputerName parameter, so I can use this one command to get the status of the DNS Server service on all of the returned domain controllers. After this is complete, I want to know the computer name, the name of the service, and the status of the service. The complete one-line command is shown here.

Get-ADDomainController -Filter * | foreach { Get-Service DNS -ComputerName $_.hostname} | Select machinename, name, status

The command tells me that the DNS Server service is stopped on one of the domain controllers. Unfortunately, the Start-Service cmdlet does not have a ComputerName parameter, so I cannot use it directly. But the Invoke-Command cmdlet does have a ComputerName parameter, so I can start the DNS Server service on the remote server in this way. The command is shown here.

Invoke-Command -cn dc1 {start-service dns}

Now I use the Up arrow to retrieve the prior command and to check the status of the DNS servers on the domain controllers. The command tells me that the service is now running. These commands, and the associated output are shown in the image that follows.

Image of command output

I check downstairs with the Scripting Wife and she is now happy—she can talk on Facebook with the friends she just saw. Cool. Now maybe I can find some time to relax and read a book. I just got a copy of Herman Wouk’s The Caine Mutiny, and I am excited to compare it to the Humphrey Bogart movie with the same title.

I will talk to you tomorrow, until then cheers.

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy 

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Hi Ed,

    the ActiveDirectory module is really of great help if you were managing AD accounts!Even for a non-admin like me, I do often use it to lookup groups and users or even computers and domain information. Easy, fast and the Powershell way!

    Greetings to Teresa! Good to know, that you could save her day!

    Klaus.

  • thanks