This post is going to show you how to create a resuable windows powershell script to monitor a primary DNS server for the creation of new forward lookup zones, if a new zone is detected and it does not exist on the configurable secondary DNS server, it will create a new secondary zone, setup the master server and begin a zone transfer.
This script has the following assumptions:
- The computers must on a domain.
- Windows Powershell 2.0 installed on all servers.
- Powershell script execution is enabled (Set-ExecutionPolicy unrestricted)
- WinRM is configured and enabled on all servers in question.
Enabling WinRM on Server 2003 R2
To enable WinRM on server 2003 R2, download and install the windows poershell 2.0. Once you have it installed run enable-psremoting and accept the prompts.
Enabling WinRM on Server 2008 R2
Just open an elevated PowerShell and run enable-psremoting and follow the prompts
You could use this function to create a credential for authenticating to remote servers
###############################################################
# function: CreateCredential
# returns: System.Management.Automation.PSCredential
# parameters: $uid - user account name
# $pwd - account password
# example: CreateCredential "user@123.com" "somepwd"
###############################################################
function CreateCredential([string] $uid, [string] $pwd)
{
$spwd=ConvertTo-SecureString $pwd -AsPlainText -Force
return New-Object System.Management.Automation.PSCredential $uid, $spwd
}
I wrote the following function to test for the existance of a zone a particular server:
###############################################################
# function: ZoneExists
# parameters: $zoneName - the name of the zone to look for
# $server - the FQDN of the server to look
# $credential - a credential with rights to the server
# example: ZoneExists "123.com" "ns1.123.com" [credential]
###############################################################
function ZoneExists([string]$zoneName, [string]$server,[System.Management.Automation.PSCredential]$credential)
{
$return=0;
$s=new-pssession -ComputerName $server -Credential $credential
enter-pssession -Session $s
$c=Get-WMIObject -Class MicrosoftDNS_Zone -Namespace root\MicrosoftDNS -computername $server | Where-Object{$_.Name -eq $zoneName}
$return=$c -ne $null
#close session
remove-pssession -Session $s
#return
return $return;
}
And the final function needed to create the secondary zone on the specific server
###############################################################
# function: CreateSecondaryZone
# returns: System.Management.Automation.PSCredential
# parameters: $zoneName - user account name
# $masterIP - account password
# $server - server
# $credential - credential
# example: CreateSecondaryZone "123.com" []"192.168.1.1"
"ns2.123.com" [credential]
###############################################################
function CreateSecondaryZone($zoneName,$masterIP,$server,$credential)
{
$return=0;
$s=new-pssession -ComputerName $server -Credential $credential
enter-pssession -Session $s
$type=1;
$fileName=$zoneName+".dns";
$adminEmail="hostmaster@" +$zoneName;
([WmiClass]"\\$server\root\MicrosoftDNS:MicrosoftDNS_Zone").CreateZone( `
$zoneName, $type, $false, $filename, `
@($masterIP),$adminEmail)
#close session
remove-pssession -Session $s
#return
return $return;
}
Part 2 brings it all together --->
All the files needed to run this solution can be found at http://forums.iconsolution.net/viewtopic.php?f=11&t=6