Validar zonas firmadas
Microsoft.Windows.DNSServer.2016.Task.Validate.DNSSEC (Task)
Valide los parámetros de DNSSEC si la configuración está establecida para validaciones de DNSSEC para determinados servidores. Reemplace Parámetro1 por nombres de servidores. No se admite en Nano.
Element properties: Member Modules:
Source Code: <Task ID="Microsoft.Windows.DNSServer.2016.Task.Validate.DNSSEC" Accessibility="Internal" Target="Microsoft.Windows.DNSServer.2016.Healthcheck.TaskTarget" Enabled="true" Timeout="300" Remotable="true">
<Category>Custom</Category>
<ProbeAction ID="PA" TypeID="Microsoft.Windows.DNSServer.2016.ParametrizedPowershellProbe.PA" RunAs="Microsoft.Windows.DNSServer.2016.ActionAccount">
<ScriptName>Microsoft.Windows.Server.DNS.Validate.DNSSEC.PA.ps1</ScriptName>
<ScriptBody><Script>
param ([String] $PrincipalName, [String] $Parameter1, [String] $Parameter2, [String] $Parameter3)
$SCRIPT_NAME = "DNSSECSettingsValidationProbe"
$ErrorActionPreference = "Stop"
# Event type constants
$EVENT_TYPE_LOG = 0
$EVENT_TYPE_ERROR = 1
$EVENT_TYPE_WARNING = 2
$EVENT_TYPE_INFORMATION = 4
# Typed property bag constants
$PROPERTY_TYPE_ALERT = 0
$PROPERTY_TYPE_EVENT = 1
$PROPERTY_TYPE_PERFORMANCE = 2
$PROPERTY_TYPE_STATE = 3
# State type constants
$STATE_SUCCESS = "Success"
$STATE_WARNING = "Warning"
$STATE_ERROR = "Error"
$momAPI = new-object -comObject MOM.ScriptAPI
$DNS_NOT_RUNNING_EVENT_ID = 7654
$DNS_NOT_RUNNING_SCRIPT_MESSAGE = "DNS Server Service is not running. Exiting."
$ErrorInfo = 5704
$EventWarn = 5702
$EventError = 5702
$EventSuccess = 5700
function FuncCheckService{
param($ServiceName)
try
{
$arrService = Get-Service -Name $ServiceName
if ($arrService.Status -ne "running")
{
return $false
}
return $true
}
catch
{
return $false
}
}
Function Set-Error($momAPI,[String]$ErrorMessage,$EventLevel,$EventType,[String]$ScriptName)
{
if ($null -eq $momAPI)
{
return
}
try
{
if ($null -ne $momAPI)
{
$momAPI.LogScriptEvent($ScriptName,$EventLevel,$EventType,$ErrorMessage)
}
}
catch
{
}
}
Function Import-CmdLets ($momAPI,[string]$ScriptName)
{
try
{
$dnsmodule = Get-Module -Name "DnsServer"
if ($null -eq $dnsmodule)
{
Import-Module DnsServer
}
}
catch [System.IO.FileNotFoundException]
{
$ErrorMessage = "Dns cmdlets doesn't exist."
Set-Error -momAPI $momAPI -ScriptName $ScriptName -EventLevel $EventError -EventType $EVENT_TYPE_ERROR -ErrorMessage $ErrorMessage
exit
}
catch
{
$ErrorMessage = Get-ErrorMessage -Exception $_.Exception -ScriptName $ScriptName
Set-Error -momAPI $momAPI -ScriptName $ScriptName -EventLevel $EventError -EventType $EVENT_TYPE_ERROR -ErrorMessage $ErrorMessage
exit
}
}
Function Get-ErrorMessage($Exception,[string]$ScriptName)
{
$ErrorMes = $Exception.Message
$ErrorMessage = @"
Module: $ScriptName
Error(s) was(were) occurred:
Error(s):
$ErrorMes
"@
return $ErrorMessage
}
Function Process-DiscoveryFailure
{
$ErrorMessage = Get-ErrorMessage -Exception $_.Exception -ScriptName $Script:SCRIPT_NAME
Set-Error -momApi $Script:momApi -ScriptName $Script:SCRIPT_NAME -EventLevel $Script:EventError -EventType $Script:EVENT_TYPE_ERROR -ErrorMessage $ErrorMessage
$discoveryData = $Script:momApi.CreateDiscoveryData(0, $Script:ElementID, $Script:TargetID)
$discoveryData.IsSnapshot = $false
$discoveryData
}
Import-Cmdlets -momAPI $momAPI -ScriptName $SCRIPT_NAME
if($Parameter1 -eq $null -or $Parameter1 -eq "")
{
Write-Host "Parameter1 for task can not be empty! Please specify required value."
Return
}
$TargetObjects = $Parameter1 -split ";" | Where-Object {$_}
if($TargetObjects -ne $null)
{
if($TargetObjects.Count -eq $null) # if single object returned
{
$ObjCount = 1
}
else
{
$ObjCount = $TargetObjects.Count
}
for ($i=0; $i -lt $ObjCount; $i++)
{
if($ObjCount -eq 1)
{
$Obj = $TargetObjects
}
else
{
$Obj = $TargetObjects.Item($i)
}
$zoneName = $Obj + "."
try {
$zoneRecords = Resolve-DnsName -Server $PrincipalName -Name $zoneName -DnssecOk -ErrorAction Stop| Where-Object {$_.QueryType -eq "RRSIG"} -ErrorAction Stop
if (($zoneRecords -eq $null)-or ($zoneRecords.Count -le 0))
{
#Write-Host "Signed zone $zoneName DNSSEC setings validation failed at server $PrincipalName"
Write-Host "The DNS query for signed zone $Obj did not get a DNSSEC response from server $PrincipalName"
}
else
{
#Write-Host "Signed zone $zoneName DNSSEC setings validation succeeded at server $PrincipalName"
Write-Host "The signed zone $Obj on server $PrincipalName contains a RRSIG record"
}
}
catch [Management.Automation.CommandNotFoundException]
{
Write-Host $_.Exception.Message
}
catch
{
Write-Host "An Error Has Occurred in Resolve-DnsName cmdlet. Server: $PrincipalName, Zone: $Obj"
}
}
}
</Script> </ScriptBody>
<PrincipalName>$Target/Host/Host/Property[Type='Windows!Microsoft.Windows.Computer']/PrincipalName$</PrincipalName>
<Parameter1/>
<Parameter2/>
<Parameter3/>
<TimeoutSeconds>300</TimeoutSeconds>
</ProbeAction>
</Task>