Test Zone Health Across All DNS Servers

Microsoft.Windows.DNSServer.2016.Task.HealthCheck.ZoneAcrossAllDnsServers (Task)

Sends a name resolution query for each Zone to each DNS Server. Specify Server names overriding Parameter1 and zone names with Parameter2. Not supported on Nano.

Element properties:

Member Modules:

Source Code:

<Task ID="Microsoft.Windows.DNSServer.2016.Task.HealthCheck.ZoneAcrossAllDnsServers" Accessibility="Internal" Target="Microsoft.Windows.DNSServer.2016.Healthcheck.TaskTarget" Enabled="true" Timeout="300" Remotable="true">

  <Category>Custom</Category>

  <ProbeAction ID="PA" TypeID="Microsoft.Windows.DNSServer.2016.ParametrizedPowershellProbe.PA" RunAs="Microsoft.Windows.DNSServer.2016.ActionAccount">

    <ScriptName>Microsoft.Windows.Server.10.0.HealthCheck.ZoneAcrossAllDnsServers.Task.Script.ps1</ScriptName>

    <ScriptBody><Script>

                        

                            param ([String] $PrincipalName, [String] $Parameter1, [String] $Parameter2, [String] $Parameter3)

                            $SCRIPT_NAME = "HealthCheckZoneAcrossAllDnsServersServer10.0"

                            

$global:stringOutput = "Messages: "

$global:htmlReport = ""



try 

{

    Enum RetStatus

    {

		Success

		Failure

		RpcServerIsUnavailable

		AccessIsDenied

		ZoneDoesNotExist

		OperationIsNotSupported

		RecordDoesNotExist

		NotApplicable

		ResolveDnsNameServerNotFound

		ResolveDnsNameResolutionFailed

		ResolveDnsNameTimeoutPeriodExpired

    }





	Enum ValidationType

	{

		Domain

		Zone

		ZoneAging

		ZoneDelegation

		Forwarder

		RootHints

	}

}

catch

    {



	}



$script:resultView =@{ 

    "List" = "List" 

    ;"Table" = "Table" 

} 



Function LogComment

{ 

param ( 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    [string]$message,



    [int]$level = $script:logLevel.Verbose 

) 



    #$stringBuilder.AppendLine($message);

    $global:stringOutput += "`r`n" + $message

} 



Function ExecuteCmdLet 

{ 

param ( 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    [string]$cmdLetName, 

    [HashTable]$params = @{}    

) 

    $cmdString=$cmdLetName; 

    $displayString=$cmdLetName; 

    $script:cmdLetReturnedStatus = [RetStatus]::Success; 

    if ($null -ne $params) { 

        foreach($key in $params.keys) { 

            if ($script:switchParamVal -eq $params[$key]) { 

                $cmdString +=" -$key ";   

                $displayString +=" -$key "; 

            } else { 

                $cmdString += " -$key `$params[`"$key`"]"; 

                $displayString += " -$key $($params[$key])"; 

            } 

        } 

    }     

    $cmdString += " -ErrorAction Stop 2&gt; `$null"; 

    $displayString += " -ErrorAction Stop 2&gt; `$null"; 

    LogComment $displayString $script:logLevel.Host; 

    $retObj = $null; 

    try { 

        $retObj = Invoke-Expression $cmdString; 

    } catch [Exception] { 

        if (Get-Member -InputObject $_.Exception -Name "Errordata") 

        { 

            # Handling DNS server module specific exceptions. 

            if (5 -eq $_.Exception.Errordata.error_Code) { 

                LogComment $("Caught error: Access is denied, considering it as current login creds don't have server read access.")  $script:logLevel.Warning; 

                $script:cmdLetReturnedStatus = [RetStatus]::AccessIsDenied; 

            } elseif (1722 -eq $_.Exception.Errordata.error_Code) { 

                LogComment $("Caught error: The RPC server is unavailable, considering it as server is down.") ` 

                    $script:logLevel.Warning; 

                $script:cmdLetReturnedStatus = [RetStatus]::RpcServerIsUnavailable; 

            } elseif (9601 -eq $_.Exception.Errordata.error_Code) { 

                LogComment $("Caught error: DNS zone does not exist, considering it as given server isn't hosting input zone.")  $script:logLevel.Warning; 

                $script:cmdLetReturnedStatus = [RetStatus]::ZoneDoesNotExist; 

            } elseif (9611 -eq $_.Exception.Errordata.error_Code) { 

                LogComment $("Caught error: Invalid DNS zone type, considering it as we can't perform current operation on input zone.")  $script:logLevel.Warning; 

                $script:cmdLetReturnedStatus = [RetStatus]::OperationIsNotSupported; 

            } elseif (9714 -eq $_.Exception.Errordata.error_Code) { 

                LogComment $("Caught error: DNS name does not exist, considering it as input record doesn't exist.") ` 

                    $script:logLevel.Warning; 

                $script:cmdLetReturnedStatus = [RetStatus]::RecordDoesNotExist; 

            } else { 

                LogComment $("Caught error while executing '" + $displayString + "' with errorcode: " + $_.Exception.Errordata.error_Code) $script:logLevel.Error; 

                $script:cmdLetReturnedStatus = $([String]$_.Exception.Errordata.error_Code + ":" + $_.Exception.Errordata.error_WindowsErrorMessage); 

                #throw;                            

            } 

        } elseif (Get-Member -InputObject $_ -Name "FullyQualifiedErrorId") 

        { 

            # Handling Resolve-DnsName specific errors. 

            if ($_.FullyQualifiedErrorId.Contains("DNS_ERROR_RCODE_NAME_ERROR")) { 

                LogComment $("Caught error: ResolveDnsNameResolutionFailed in Resolve-DnsName.") $script:logLevel.Warning; 

                $script:cmdLetReturnedStatus = [RetStatus]::ResolveDnsNameResolutionFailed; 

            } elseif ($_.FullyQualifiedErrorId.Contains("System.Net.Sockets.SocketException")) { 

                LogComment $("Caught error: ResolveDnsNameServerNotFound in Resolve-DnsName.") $script:logLevel.Warning; 

                $script:cmdLetReturnedStatus = [RetStatus]::ResolveDnsNameServerNotFound; 

            } elseif ($_.FullyQualifiedErrorId.Contains("ERROR_TIMEOUT")) { 

                LogComment $("Caught error: ResolveDnsNameTimeoutPeriodExpired in Resolve-DnsName.") $script:logLevel.Warning; 

                $script:cmdLetReturnedStatus = [RetStatus]::ResolveDnsNameServerNotFound; 

            } else { 

                LogComment $("Caught error while executing '" + $displayString + "' `n" + $_.Exception) $script:logLevel.Error;   

                $script:cmdLetReturnedStatus = $([String]$_.FullyQualifiedErrorId + ":" + $_.Exception); 

                throw;   

            } 

        } else 

        { 

            LogComment $("Caught error while executing '" + $displayString + "' `n" + $_.Exception) $script:logLevel.Error;   

            $script:cmdLetReturnedStatus = $($_.Exception); 

            throw;                               

        } 

    } 

    if ($null -eq $retObj) { 

        LogComment "CmdLet returned with NULL..." $script:logLevel.Host;         

    } 

    return $retObj 

} 



Function Insert-ResultInObject 

{ 

param ( 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    [Object]$inputObj,  

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    [String]$resultName, 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    [String]$resultVal 

)         

    if (Get-Member -InputObject $inputObj -Name $resultName) { 

        $inputObj.$resultName = $resultVal;         

    } else { 

        $inputObj | Add-Member -memberType NoteProperty -name $resultName -value $resultVal;         

    }     

    return $inputObj; 

} 



Function Generate-Report 

{ 

param ( 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    [Object]$inputObj,  

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    [String]$contextName, 

    [String]$viewAs = $script:resultView.Table 

)     

 

    $head = @' 

    &lt;!--mce:0--&gt; 

'@ 

 

    $header = "&lt;H1&gt;DNS Health Report for " + $contextName + "&lt;/H1&gt;"; 

    $ouputFile = $contextName + ".html"; 

    $inputObj = $inputObj | ? {$null -ne ($_ | gm -m properties)}; 

    $report = $inputObj | ConvertTo-Html -Head $head -Body $header -As $viewAs 

         

    # Do the colour coding of Success &amp; Failure, basically a hack in HTML. 

    $success2Search = "&lt;td&gt;" + [RetStatus]::Success + "&lt;/td&gt;"; 

    $success2Replace = "&lt;td style=`"color:green;font-weight:bold;`"&gt;" + [RetStatus]::Success + "&lt;/td&gt;"; 

    $failure2Search = "&lt;td&gt;" + [RetStatus]::Failure + "&lt;/td&gt;"; 

    $failure2Replace = "&lt;td style=`"color:red;font-weight:bold;`"&gt;" + [RetStatus]::Failure + "&lt;/td&gt;"; 



    $report = $report -creplace $success2Search, $success2Replace; 

    $report = $report -creplace $failure2Search, $failure2Replace; 



    $global:htmlReport += $report

} 



# 

# Tests whether given DNS Server is able to resolve input DNS Name. 

# 

Function Test-DnsServerForInputDnsName 

{ 

param ( 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    $dnsName, 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    $dnsServer, 

    $rrType = "All" 

)     

    $result = [RetStatus]::Failure;  

 

    try {     

        $retObj = ExecuteCmdLet "Resolve-DnsName" @{"Name" = $dnsName; "Type" = $rrType; "Server" = $dnsServer};  

        if ($null -eq $retObj) { 

            LogComment $("Resolve-DnsName for " + $dnsName + " failed on server " + $dnsServer + " with " + $script:cmdLetReturnedStatus) $script:logLevel.Error;  

            $result = $script:cmdLetReturnedStatus; 

        } else { 

            LogComment $("Name resolution of " + $dnsName + " passed on server " + $dnsServer);  

            $result = [RetStatus]::Success; 

        } 

         

    } catch { 

        LogComment $("Test-DnsServerForInputDnsName failed " + $_.Exception) $script:logLevel.Error; 

        $result = [RetStatus]::Failure; 

    }    

     

    return $result; 

} 

 

Function Test-DnsServerForInputZone 

{ 

param ( 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    $zoneName, 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    $dnsServer, 

    $remoteServer = "." 

)     

    $result = [RetStatus]::Failure;  

 

    try { 

     

        $dnsServerIP = $null; 

        if (![Net.IPaddress]::TryParse($dnsServer, [ref]$dnsServerIP)) { 

            try { 

                #Resolve and get first IP 

                $dnsServerIP = [System.Net.Dns]::GetHostAddresses($dnsServer).IPAddressToString.Split(" ")[0];                 

            } catch { 

                LogComment $("Exception while trying to get IP Address of  " + $dnsServer + "`n" + $_.Exception)  $script:logLevel.Error; 

                throw; 

            } 

        } 

         

        $retObj = ExecuteCmdLet "Test-DnsServer" @{"ComputerName" = $remoteServer; "ZoneName" = $zoneName; "IPAddress" = $dnsServerIP}; 

        if ($null -eq $retObj) {   

            LogComment $("Test-DnsServer failed for " + $zoneName + " on server " + $dnsServer) $script:logLevel.Warning;  

            $result = $script:cmdLetReturnedStatus; 

        } else { 

            if (($retObj.Result -eq "Success") -or ($retObj.Result -eq "NotAuthoritativeForZone")) { 

                LogComment $("Test-DnsServer passed for " + $zoneName + " on server " + $dnsServer + " with Result: " + $retObj.Result); 

                $result = [RetStatus]::Success; 

            } else { 

                LogComment $("Test-DnsServer failed for " + $zoneName + " on server " + $dnsServer + " with Result: " + $retObj.Result) $script:logLevel.Warning;  

                $result = $retObj.Result; 

            } 

        } 

    } catch { 

        LogComment $("Test-DnsServerForInputDnsName failed " + $_.Exception) $script:logLevel.Error; 

        $result = [RetStatus]::Failure; 

    }    

     

    return $result; 

} 



Function Test-DnsServerForInputContext 

{ 

param (

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    $dnsServer, 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    $context, 

    $remoteServer = "." 

)     

    $result = [RetStatus]::Failure;   

 

    try { 

     

        $retObj = ExecuteCmdLet "Test-DnsServer" @{"ComputerName" = $remoteServer; "IPAddress" = $dnsServer; "Context" = $context}; 

        if ($null -eq $retObj) {   

            LogComment $("Test-DnsServer failed for DnsServer: " + $dnsServer + " with context: " + $context) $script:logLevel.Warning;  

            $result = $script:cmdLetReturnedStatus; 

        } else { 

            if ($retObj.Result -eq "Success") { 

                LogComment $("Test-DnsServer Passed for DnsServer: " + $dnsServer + " with context: " + $context + " and Result: " + $retObj.Result); 

                $result = [RetStatus]::Success; 

            } else { 

                LogComment $("Test-DnsServer Failed for DnsServer: " + $dnsServer + " with context: " + $context + " and Result: " + $retObj.Result) $script:logLevel.Warning;  

                $result = $retObj.Result; 

            } 

        } 

    } catch { 

        LogComment $("Test-DnsServerForInputContext failed " + $_.Exception) $script:logLevel.Error; 

        $result = [RetStatus]::Failure; 

    }    

     

    return $result; 

} 



Function Get-HashtableFromString

{

    param(

        [string] $serializedHashtable

    )



    [Hashtable] $ht = New-Object -TypeName Hashtable



    $kvStrings = $Parameter1 -split ";"



    foreach($kvStr in $kvStrings)

    {

        if($kvStr -ne $null -and $kvStr -ne "")

        {

            $arr = $kvStr -split ","

    

            $list = New-Object  -TypeName System.Collections.Generic.List[string]

            for($i=1;$i -lt $arr.Length; $i++)

            {

                if($arr[$i] -ne $null -and $arr[$i] -ne "") { $list.Add($arr[$i]) }

            }

            $ht.Add($arr[0],$list)

        }

    }



    return $ht

}



Function Get-StringFromHashtable

{

    param(

        [Hashtable] $ht

    )



    [string]$result = ""



    foreach($kv in $ht.GetEnumerator())

    {

        $result += ";"+ $kv.Key

        if($kv.Value -ne $null)

        {

            foreach($value in $kv.Value)

            {

                $result += "," + $value

            }

        }

    }



    return $result

}



                            [bool]$isRootZone = $false

                            if($Parameter1 -eq $null -or $Parameter1 -eq "")

{

	Write-Host "Parameter1 for task can not be empty! Please specify required value."

	Return

}



if($Parameter2 -eq $null -or $Parameter2 -eq "")

{

	Write-Host "Parameter2 for task can not be empty! Please specify required value."

	Return

}



$dnsServerList = $Parameter1 -split ";" | Where-Object {$_}

$zoneList = $Parameter2 -split ";" | Where-Object {$_}



[String]$outputReportName = $MyInvocation.MyCommand 



$statusArray = @(); 

     

foreach($zone in $zoneList) { 

     

    $status = New-Object PSObject; 

    $status | Add-Member -memberType NoteProperty -name "ZoneName" -value $zone; 

    $zone = $zone+"."

    foreach($dnsServer in $dnsServerList) { 

        try { 

            $result = [RetStatus]::Success; 

            $resultStream = $null; 

                 

            $retVal1 = Test-DnsServerForInputDnsName $zone $dnsServer; 

            $resultStream = $resultStream + "ResolveDnsName:" + $retVal1 + "`n"; 

            $retVal2 = Test-DnsServerForInputZone $zone $dnsServer $dnsServer;  

            $resultStream = $resultStream + "TestDnsServer:" + $retVal2 + "`n"; 

             

            if (!(([RetStatus]::Success -eq $retVal1) -and ([RetStatus]::Success -eq $retVal2))) { 

                $result = [RetStatus]::Failure; 

            } 

             

            # If it's root zone then validate _msdcs &amp; _ldap infra records 

            if ($isRootZone) { 

                $retVal3 = Test-DnsServerForInputDnsName ("_msdcs." + $zone) $dnsServer; 

                $resultStream = $resultStream + "MsdcsResolveDnsName:" + $retVal3 + "`n"; 

                $retVal4 = Test-DnsServerForInputZone ("_msdcs." + $zone) $dnsServer $dnsServer; 

                $resultStream = $resultStream + "MsdcsTestDnsServer:" + $retVal4 + "`n"; 

                $retVal5 = Test-DnsServerForInputDnsName ("_ldap._tcp.dc._msdcs." + $zone) $dnsServer "SRV"; 

                $resultStream = $resultStream + "LdapTCPMsdcsResolveDnsName:" + $retVal5 + "`n"; 

                if (!(([RetStatus]::Success -eq $retVal3) -and ([RetStatus]::Success -eq $retVal4) -and ([RetStatus]::Success -eq $retVal5))) { 

                    $result = [RetStatus]::Failure; 

                } 

            } 

             

            if ([RetStatus]::Success -eq $result) { 

                LogComment $("Validation of " + $zone + " passed on DNS Server: " + $dnsServer); 

                LogComment $("Validation of " + $zone + " passed on DNS Server: " + $dnsServer) ` 

                    $script:logLevel.Host;                 

            } else {                     

                LogComment $("Validation of " + $zone + " failed on DNS Server: " + $dnsServer) ` 

                    $script:logLevel.Error;  

                LogComment $("Validation output:" + $resultStream) $script:logLevel.Error; 

                $result = $resultStream; 

            } 

        } catch { 

            LogComment $("Test-ZoneHealthAcrossAllDnsServers failed for Zone: " + $zone + " on DNSServer: " + $dnsServer + " `n " + $_.Exception) ` 

                $script:logLevel.Error; 

            $result = [RetStatus]::Failure; 

        }             

        $status = Insert-ResultInObject $status $dnsServer $result; 

    }   

    $statusArray += $status; 

}     

Generate-Report $statusArray $outputReportName $script:resultView.Table; 

    

 

$global:htmlReport 

</Script></ScriptBody>

    <PrincipalName>$Target/Host/Host/Property[Type='Windows!Microsoft.Windows.Computer']/PrincipalName$</PrincipalName>

    <Parameter1/>

    <Parameter2/>

    <Parameter3/>

    <TimeoutSeconds>300</TimeoutSeconds>

  </ProbeAction>

</Task>