DNS Backup & Restore

by

One of the things I have learned from my past experiences is never underestimate anything, especially “windows services” you do not know from top to bottom. DNS is a kind of service like this. It is operational for 99% or more of the year I think. Therefore, it is forgotten somewhere out, because it works and if you have an automated infrastructure, no configuration or operational procedure is needed most of the time.

Then one day, DNS makes itself reminded. Computers randomly begin to work so slow, bla bla bla. At last, you notice, one of your dns servers is not functioning properly.

Anyway, it is useful to have a backup of dns in need of restore or something else.

Here it is:

“C:\Windows\System32\dnscmd.exe” is used for this operation.

To Backup DNS
**************

[code language=”bash”]
set THISDAY=%date:~10,4%-%date:~3,2%-%date:~0,2%
dnscmd.exe /ZoneExport domain.com DNSBACKUP_%THISDAY%.txt
Move C:\Windows\System32\dns\DNSBACKUP_%THISDAY%.txt C:\DNSBACKUP
[/code]

To Restore DNS
**************

[code language=”bash”]
Move C:\DNSBACKUP\DNSBACKUP_2014-09-10.txt C:\Windows\System32\dns
dnscmd /ZoneDelete domain.com /dsdel /f
dnscmd /ZoneAdd domain.com ^
/primary ^
/file C:\DNSBACKUP\DNSBACKUP_2014-09-10.txt ^
/load
dnscmd /ZoneResetType domain.com /dsprimary
[/code]

Group Policy Backup

by

Group policies are one of the most important instruments of administering windows machines which are part of the domain. Most of the bulk settings and configurations are applied via them. What is more, they are so powerful and may cause catastrophic results if misconfigured.

Besides, there are some policies that have more than 100 settings set (Don’t get angry with me, there exists policies like IE configurations. We do not divide them into small parts usually.) and it is not so easy to keep track of the changes to revert in case of disaster.

As a result, you backup your group policies

periodically

and know how to restore them if needed!

[code language=”powershell”]
Import-Module GroupPolicy

$Date = Get-Date -UFormat "%Y-%m-%d"
$BackupPath = $Env:HOMEPATH + "\Desktop\" + $Date

New-Item -ItemType Directory -Path $BackupPath -Force

#Backup-GPO -All -Path $BackupPath
Backup-GPO -Name "test" -Path $BackupPath
[/code]

For detailed info, please check this link:
https://technet.microsoft.com/en-us/library/cc754760(v=ws.11).aspx

Note:
In GPO restore, group policy links are NOT restored. If group policy is deleted accidentally, backup method above does not give you the whole rescue. To manage this, group policy links should also be backed up. I had written a script getting all group policies with their links and writing them to a file in the format [email protected] The rest was easy, read the file, parse the @ and add GPO-name to GPO-link. Because the script is not available for now, I can advise you checking powershell group policy cmdlets here.
This script can also be checked.

Scheduled Task Run

by

Windows uses task scheduler for a long time. It is a rather useful method for periodical or event triggered jobs. Please look at this.
If you like or need automation in this feature of windows and your server is not upgraded to Windows Server 2012 R2 or client version is below Windows 8.1, “schtasks” is the tool you will need. Here is a sample of running a scheduled task on remote system:

[code language=”bash”]
schtasks /S systemName /RUN /tn "Task Name"
[/code]

For details about schtasks, check here.

On the other hand, if you are able to upgrade your systems to at least Windows Server 2012 R2 and/or Windows 8.1, powershell cmdlets comes into play. Please check them!

Get Password Last Set

by

Active Directory powershell module is one of my favorite ones. Daily routines can easily be done or different systems integration becomes so easy with it. Especially, without trying to learn Active Directory gui search syntax (ldap, I mean), results can be taken out and formatted as intended. I like it. Check this article to have an idea about what I mention basically.

The code snippet below gets “PasswordLastSet” attribute (with default attributes of Get-ADUser) of all “enabled” active directory users, sort results by user name and outputs “SamAccountName”,”Name” and “PasswordLastSet”.

[code language=”powershell”]
Import-Module ActiveDirectory
Get-ADUser -Filter ‘Enabled -eq "True"’
-Properties PasswordLastSet|

sort Name|`
ft SamAccountName,Name,PasswordLastSet -AutoSize
[/code]