Valider les zones signées
Microsoft.Windows.DNSServer.2016.Task.Validate.DNSSEC (Task)
Validez le paramètre DNSSEC si l'installation est configurée pour les validations DNSSEC pour des serveurs donnés. Indiquez les noms de serveurs remplaçant Parameter1. Non pris en charge sur Nano.
Element properties: Member Modules:
Source Code: <Task ID="Microsoft.Windows.DNSServer.2016.Task.Validate.DNSSEC" Accessibility="Internal" Target="Microsoft.Windows.DNSServer.2016.Healthcheck.TaskTarget" Enabled="true" Timeout="300" Remotable="true">
<Category>Custom</Category>
<ProbeAction ID="PA" TypeID="Microsoft.Windows.DNSServer.2016.ParametrizedPowershellProbe.PA" RunAs="Microsoft.Windows.DNSServer.2016.ActionAccount">
<ScriptName>Microsoft.Windows.Server.DNS.Validate.DNSSEC.PA.ps1</ScriptName>
<ScriptBody><Script>
param ([String] $PrincipalName, [String] $Parameter1, [String] $Parameter2, [String] $Parameter3)
$SCRIPT_NAME = "DNSSECSettingsValidationProbe"
$ErrorActionPreference = "Stop"
# Event type constants
$EVENT_TYPE_LOG = 0
$EVENT_TYPE_ERROR = 1
$EVENT_TYPE_WARNING = 2
$EVENT_TYPE_INFORMATION = 4
# Typed property bag constants
$PROPERTY_TYPE_ALERT = 0
$PROPERTY_TYPE_EVENT = 1
$PROPERTY_TYPE_PERFORMANCE = 2
$PROPERTY_TYPE_STATE = 3
# State type constants
$STATE_SUCCESS = "Success"
$STATE_WARNING = "Warning"
$STATE_ERROR = "Error"
$momAPI = new-object -comObject MOM.ScriptAPI
$DNS_NOT_RUNNING_EVENT_ID = 7654
$DNS_NOT_RUNNING_SCRIPT_MESSAGE = "DNS Server Service is not running. Exiting."
$ErrorInfo = 5704
$EventWarn = 5702
$EventError = 5702
$EventSuccess = 5700
function FuncCheckService{
param($ServiceName)
try
{
$arrService = Get-Service -Name $ServiceName
if ($arrService.Status -ne "running")
{
return $false
}
return $true
}
catch
{
return $false
}
}
Function Set-Error($momAPI,[String]$ErrorMessage,$EventLevel,$EventType,[String]$ScriptName)
{
if ($null -eq $momAPI)
{
return
}
try
{
if ($null -ne $momAPI)
{
$momAPI.LogScriptEvent($ScriptName,$EventLevel,$EventType,$ErrorMessage)
}
}
catch
{
}
}
Function Import-CmdLets ($momAPI,[string]$ScriptName)
{
try
{
$dnsmodule = Get-Module -Name "DnsServer"
if ($null -eq $dnsmodule)
{
Import-Module DnsServer
}
}
catch [System.IO.FileNotFoundException]
{
$ErrorMessage = "Dns cmdlets doesn't exist."
Set-Error -momAPI $momAPI -ScriptName $ScriptName -EventLevel $EventError -EventType $EVENT_TYPE_ERROR -ErrorMessage $ErrorMessage
exit
}
catch
{
$ErrorMessage = Get-ErrorMessage -Exception $_.Exception -ScriptName $ScriptName
Set-Error -momAPI $momAPI -ScriptName $ScriptName -EventLevel $EventError -EventType $EVENT_TYPE_ERROR -ErrorMessage $ErrorMessage
exit
}
}
Function Get-ErrorMessage($Exception,[string]$ScriptName)
{
$ErrorMes = $Exception.Message
$ErrorMessage = @"
Module: $ScriptName
Error(s) was(were) occurred:
Error(s):
$ErrorMes
"@
return $ErrorMessage
}
Function Process-DiscoveryFailure
{
$ErrorMessage = Get-ErrorMessage -Exception $_.Exception -ScriptName $Script:SCRIPT_NAME
Set-Error -momApi $Script:momApi -ScriptName $Script:SCRIPT_NAME -EventLevel $Script:EventError -EventType $Script:EVENT_TYPE_ERROR -ErrorMessage $ErrorMessage
$discoveryData = $Script:momApi.CreateDiscoveryData(0, $Script:ElementID, $Script:TargetID)
$discoveryData.IsSnapshot = $false
$discoveryData
}
Import-Cmdlets -momAPI $momAPI -ScriptName $SCRIPT_NAME
if($Parameter1 -eq $null -or $Parameter1 -eq "")
{
Write-Host "Parameter1 for task can not be empty! Please specify required value."
Return
}
$TargetObjects = $Parameter1 -split ";" | Where-Object {$_}
if($TargetObjects -ne $null)
{
if($TargetObjects.Count -eq $null) # if single object returned
{
$ObjCount = 1
}
else
{
$ObjCount = $TargetObjects.Count
}
for ($i=0; $i -lt $ObjCount; $i++)
{
if($ObjCount -eq 1)
{
$Obj = $TargetObjects
}
else
{
$Obj = $TargetObjects.Item($i)
}
$zoneName = $Obj + "."
try {
$zoneRecords = Resolve-DnsName -Server $PrincipalName -Name $zoneName -DnssecOk -ErrorAction Stop| Where-Object {$_.QueryType -eq "RRSIG"} -ErrorAction Stop
if (($zoneRecords -eq $null)-or ($zoneRecords.Count -le 0))
{
#Write-Host "Signed zone $zoneName DNSSEC setings validation failed at server $PrincipalName"
Write-Host "The DNS query for signed zone $Obj did not get a DNSSEC response from server $PrincipalName"
}
else
{
#Write-Host "Signed zone $zoneName DNSSEC setings validation succeeded at server $PrincipalName"
Write-Host "The signed zone $Obj on server $PrincipalName contains a RRSIG record"
}
}
catch [Management.Automation.CommandNotFoundException]
{
Write-Host $_.Exception.Message
}
catch
{
Write-Host "An Error Has Occurred in Resolve-DnsName cmdlet. Server: $PrincipalName, Zone: $Obj"
}
}
}
</Script> </ScriptBody>
<PrincipalName>$Target/Host/Host/Property[Type='Windows!Microsoft.Windows.Computer']/PrincipalName$</PrincipalName>
<Parameter1/>
<Parameter2/>
<Parameter3/>
<TimeoutSeconds>300</TimeoutSeconds>
</ProbeAction>
</Task>