Validar zonas firmadas

Microsoft.Windows.DNSServer.2016.Task.Validate.DNSSEC (Task)

Valide los parámetros de DNSSEC si la configuración está establecida para validaciones de DNSSEC para determinados servidores. Reemplace Parámetro1 por nombres de servidores. No se admite en Nano.
Element properties:

Target	Microsoft.Windows.DNSServer.2016.Healthcheck.TaskTarget
Accessibility	Internal
Category	Custom
Enabled	True
Remotable	False
Timeout	300
Member Modules:

ID	Module Type	TypeId	RunAs
PA	ProbeAction	Microsoft.Windows.DNSServer.2016.ParametrizedPowershellProbe.PA	Microsoft.Windows.DNSServer.2016.ActionAccount
Source Code:

<Task ID="Microsoft.Windows.DNSServer.2016.Task.Validate.DNSSEC" Accessibility="Internal" Target="Microsoft.Windows.DNSServer.2016.Healthcheck.TaskTarget" Enabled="true" Timeout="300" Remotable="true">

  <Category>Custom</Category>

  <ProbeAction ID="PA" TypeID="Microsoft.Windows.DNSServer.2016.ParametrizedPowershellProbe.PA" RunAs="Microsoft.Windows.DNSServer.2016.ActionAccount">

    <ScriptName>Microsoft.Windows.Server.DNS.Validate.DNSSEC.PA.ps1</ScriptName>

    <ScriptBody><Script>

                        

                            param ([String] $PrincipalName, [String] $Parameter1, [String] $Parameter2, [String] $Parameter3)

                            $SCRIPT_NAME = "DNSSECSettingsValidationProbe"

                            $ErrorActionPreference = "Stop"



# Event type constants

$EVENT_TYPE_LOG = 0

$EVENT_TYPE_ERROR = 1

$EVENT_TYPE_WARNING = 2

$EVENT_TYPE_INFORMATION = 4



# Typed property bag constants

$PROPERTY_TYPE_ALERT = 0

$PROPERTY_TYPE_EVENT = 1

$PROPERTY_TYPE_PERFORMANCE = 2

$PROPERTY_TYPE_STATE = 3



# State type constants

$STATE_SUCCESS = "Success"

$STATE_WARNING = "Warning"

$STATE_ERROR = "Error"



$momAPI = new-object -comObject MOM.ScriptAPI



$DNS_NOT_RUNNING_EVENT_ID = 7654

$DNS_NOT_RUNNING_SCRIPT_MESSAGE = "DNS Server Service is not running. Exiting."



$ErrorInfo     = 5704

$EventWarn     = 5702

$EventError    = 5702

$EventSuccess  = 5700





function FuncCheckService{

 param($ServiceName)

 try

 {

	$arrService = Get-Service -Name $ServiceName

	if ($arrService.Status -ne "running")

	{ 

		return $false

	}

	return $true

 } 

 catch

 {

    return $false

 }

 }



                       Function Set-Error($momAPI,[String]$ErrorMessage,$EventLevel,$EventType,[String]$ScriptName)

                       {

                           if ($null -eq $momAPI)

                           {

                             return

                           }



                           try

                           {

							   if ($null -ne $momAPI)

							   {

                                  $momAPI.LogScriptEvent($ScriptName,$EventLevel,$EventType,$ErrorMessage)

							   }

                           }

                           catch

                                {

                                }



                       }



					   Function Import-CmdLets ($momAPI,[string]$ScriptName)

					   {

                           try

						   {

							   $dnsmodule = Get-Module -Name "DnsServer"

							   if ($null -eq $dnsmodule)

							   {

									Import-Module DnsServer

							   }

						   }

						   catch [System.IO.FileNotFoundException]

						       {

								  $ErrorMessage = "Dns cmdlets doesn't exist."

								  Set-Error -momAPI $momAPI -ScriptName $ScriptName -EventLevel $EventError -EventType $EVENT_TYPE_ERROR -ErrorMessage $ErrorMessage

                                  exit 

							   }

						   catch

						   {

                                 $ErrorMessage = Get-ErrorMessage -Exception $_.Exception -ScriptName $ScriptName

                                 Set-Error -momAPI $momAPI -ScriptName $ScriptName -EventLevel $EventError -EventType $EVENT_TYPE_ERROR -ErrorMessage $ErrorMessage

							     exit

						   }

					   }



                       Function Get-ErrorMessage($Exception,[string]$ScriptName)

                       {

						 $ErrorMes = $Exception.Message

                         $ErrorMessage = @"

Module: $ScriptName



Error(s) was(were) occurred:

Error(s):

$ErrorMes



"@



                        return $ErrorMessage

                       }



					   Function Process-DiscoveryFailure

					   {

							$ErrorMessage = Get-ErrorMessage -Exception $_.Exception -ScriptName $Script:SCRIPT_NAME

							Set-Error -momApi $Script:momApi -ScriptName $Script:SCRIPT_NAME -EventLevel $Script:EventError -EventType $Script:EVENT_TYPE_ERROR -ErrorMessage $ErrorMessage



							$discoveryData = $Script:momApi.CreateDiscoveryData(0, $Script:ElementID, $Script:TargetID)

							$discoveryData.IsSnapshot = $false

							$discoveryData

					   }



					   Import-Cmdlets -momAPI $momAPI -ScriptName $SCRIPT_NAME 



if($Parameter1 -eq $null -or $Parameter1 -eq "")

{

	Write-Host "Parameter1 for task can not be empty! Please specify required value."

	Return

}



$TargetObjects = $Parameter1 -split ";" | Where-Object {$_}



if($TargetObjects -ne $null)

{

	if($TargetObjects.Count -eq $null) # if single object returned

	{

		$ObjCount = 1

	}

	else

	{

		$ObjCount = $TargetObjects.Count

	}



	for ($i=0; $i -lt $ObjCount; $i++)

	{

	    if($ObjCount -eq 1)

		{

		    $Obj = $TargetObjects

		}

		else

		{

			$Obj = $TargetObjects.Item($i)

		}



		$zoneName = $Obj + "."

        try {

        $zoneRecords = Resolve-DnsName -Server $PrincipalName -Name $zoneName -DnssecOk -ErrorAction Stop| Where-Object {$_.QueryType -eq "RRSIG"} -ErrorAction Stop

		

        if (($zoneRecords -eq $null)-or ($zoneRecords.Count -le 0))

        {

            #Write-Host "Signed zone $zoneName DNSSEC setings validation failed at server $PrincipalName"

			Write-Host "The DNS query for signed zone $Obj did not get a DNSSEC response from server $PrincipalName"

			

        }

		else

        {

			#Write-Host "Signed zone $zoneName DNSSEC setings validation succeeded at server $PrincipalName"

			Write-Host "The signed zone $Obj on server $PrincipalName contains a RRSIG record"

        }

		}

		catch [Management.Automation.CommandNotFoundException]

		{

			Write-Host $_.Exception.Message

		}

		catch

        {            

            Write-Host "An Error Has Occurred in Resolve-DnsName cmdlet. Server: $PrincipalName,  Zone: $Obj"

        }

	}

}

</Script></ScriptBody>

    <PrincipalName>$Target/Host/Host/Property[Type='Windows!Microsoft.Windows.Computer']/PrincipalName$</PrincipalName>

    <Parameter1/>

    <Parameter2/>

    <Parameter3/>

    <TimeoutSeconds>300</TimeoutSeconds>

  </ProbeAction>

</Task>