yakk0.org » active directory

PowerShell: Add printers to DNS

Jeremy — Mon, 08 Mar 2010 20:55:52 +0000

I realized today that most of our printers at work did not have DNS entries. This isn’t a big problem for users because they’re on our print server and they get their printers through Group Policy. The Print server has each printer set up to the IPs. We just implemented a management system today, and it lists the printers by IP and because the DNS entries were “Unknown” for most of them, it wasn’t easy to determine what printer we were looking at.

I found several PowerShell examples on the web for interacting with Microsoft DNS servers, and took a bit from each to come up with this script. It takes the shared printer name and publishes that as the DNS name. This does cause a problem if you have spaces in a share name, but our environment doesn’t, so I didn’t program for that issue.

Here’s the script:

Function Add-ARecord
{
Write-Host -ForegroundColor DarkCyan "Importing Printer information"
# Imports all printers from Print Server
$printers = (get-WmiObject -class $Class -computername $printSvr)
$Arecord = [WmiClass]"\\$dnsSvr\root\MicrosoftDNS:MicrosoftDNS_AType"
$class = 1
$ttl = 3600 # Time-To-Live in seconds

$printers | ForEach-Object{
Get the name of the Shared Printer
$name = $_.ShareName
# Get IP information from TCP/IP port
$address = $_.portname.Replace("IP_", "") # output variables for testing
#write-host -ForegroundColor Yellow $server, $zone, $name, $class, $ttl, $address

# create DNS A Records
$Arecord.CreateInstanceFromPropertydata($server, $zone, $name, $class, $ttl, $address)
}
}

$Class = "win32_printer" # WMI class for printers
# Change to suit your environment
$printSvr = "printsvr" # Print server
$dnsSvr = "dnssvr" # DNS Server
$zone = "dnszone" # DNS Zone

Add-ARecord

[edit] A couple people left comments that this didn't work for them, and I was unable to get it to work for me again. I swear it worked the day I needed it. If anyone can tell me why it doesn't work now, I'd appreciate it.

Fixing IT problems with a hammer

Jeremy — Fri, 20 Nov 2009 19:35:40 +0000

In a continuing process of cleaning up horrible decisions by our predecessors, we just moved a website off one of our domain controllers. The website was moving from IIS6 to 7 (or 7.5, whatever comes with Server 2008 R2), and it required some tweaking to start working again. One of the parts that didn’t work was a self-help page where teachers could unlock student accounts. I set up this web server, and created a service account for it that doesn’t have any special rights on the domain. Because the website runs in IIS as this service account, it could query the domain with no problems, but it didn’t have the rights to unlock accounts.

This is obviously where I differ from a coworker…

him: “Just add the service account to Domain Admins”

me: “Why would I want to do that?”

In the end I remembered I can delegate just the permissions needed to unlock our student accounts to that service account and it works fine.

Why use a hammer when you only need a tiny screwdriver?

One line administration – search and delete computer accounts

Jeremy — Wed, 06 May 2009 19:02:29 +0000

Here’s a quick one-line script I’ve been using to clean up some old computer accounts in active directory. It requires the dsquery and dsrm tools from the Server 2003 Admin Pack or the Remote Server Administration Toolkit.

@for /f %%a in ('DSQUERY COMPUTER -NAME *%1') do (dsrm %%a)

Save that in as a batch file and it’ll query Active Directory for computers including the argument passed. Here’s an example with a naming structure where we have the last 4 digits of the MAC address in the name for uniqueness.

C:\>adrm.cmd 6736
C:\>(dsrm "CN=LABPC6736,OU=Labs,DC=yakk0,DC=org" )
Are you sure you wish to delete CN=LABPC6736,OU=Labs,DC=yakk0,DC=org (Y/N)? y
dsrm succeeded:CN=LABPC6736,OU=Labs,DC=yakk0,DC=org