mcsa mcse exam 70-292 study guide phần 9 pdf

dsquery quota The dsquery quota command is used query Active Directory for information about quota speci-fications and uses the following syntax: dsquery quota {domainroot | ObjectDN} [

Trang 1

Table A.21dsquery site Parameters

-o {dn | rdn } Specifies the output format for the search results

-name Name Searches for objects whose CN attributes match the specified

value

-desc Description Searches for objects whose descriptions match the specified value.-r Specifies the search to use recursion or follow referrals during the

search process

-gc Specifies that the search is to use the Global Catalog

-limit NumberOfObjects Specifies a limit to the number of matches that are returned for

the search

dsquery server

The dsquery server command is used query Active Directory for information about domain

con-trollers and uses the following syntax:

dsquery server [-o {dn | rdn}] [-forest] [-domain DomainName]

[-site SiteName] [-name Name] [-desc Description]

[-hasfsmo {schema | name | infr | pdc | rid}] [-isgc]

[{-s Server | -d Domain}] [-u UserName] [-p {Password | *}]

[-q] [-r] [-gc] [-limit NumberOfObjects] [{-uc | -uco | -uci}]

Table A.22 details the parameters associated with the dsquery server command.

Table A.22dsquery server Parameters

-forest Searches for all domain controllers in the current forest

-domain DomainName Searches for all domain controllers in the specified domain

-site SiteName Searches for all domain controllers in the specified site

-name Name Searches for objects whose CN attributes match the specified value

-desc Description Searches for objects whose descriptions match the specified value.-hasfsmo {schema | Searches for the domain controller(s) that hold the specified opera-name | infr | pdc | rid} tions master role

-isgc Searches for all domain controllers specified in the scope that are

Global Catalog servers

-r Specifies the search to use recursion or follow referrals during the

search process

www.syngress.com

Continued

Trang 2

Table A.22dsquery server Parameters

-limit NumberOfObjects Specifies a limit to the number of matches that are returned for the

search

dsquery user

The dsquery user command is used query Active Directory for information about users and uses

the following syntax:

dsquery user [{StartNode | forestroot | domainroot}]

[-o {dn | rdn | upn | samid}] [-scope {subtree | onelevel | base}]

[-name Name] [-desc Description] [-upn UPN] [-samid SAMName]

[-inactive NumberOfWeeks] [-stalepwd NumberOfDays] [-disabled]

[-q] [-r] [-gc] [-limit NumberOfObjects] [{-uc | -uco | -uci}]

Table A.23 details the parameters associated with the dsquery user command.

Table A.23dsquery user Parameters

-upn UPN Searches for objects whose UPN matches the specified value

-samid SAMName Searches for objects whose SAM names match the specified value

-inactive NumberOfWeeks Searches for inactive users for the specified time value.

stalepwd NumberOfDays Searches for users that have not changed their password for the

specified time value

-disabled Searches for users with disabled accounts

search process

Continued

Trang 3

Table A.23dsquery user Parameters

-limit NumberOfObjects Specifies a limit to the number of matches that are returned for

the search

dsquery quota

The dsquery quota command is used query Active Directory for information about quota

speci-fications and uses the following syntax:

dsquery quota {domainroot | ObjectDN} [-o {dn | rdn}] [-acct Name]

[-qlimit Filter] [-desc Description] [{-s Server | -d Domain}]

[-u UserName] [-p {Password | *}] [-q] [-r] [-gc] [-limit NumberOfObjects]

[{-uc | -uco | -uci}]

Table A.24 details the parameters associated with the dsquery quota command.

Table A.24dsquery quota Parameters

domainroot | ObjectDN Specifies where the search should start

-acct Name Specifies the search to locate quota specifications assigned to the

specified security principal

-qlimit Filter Searches for quota limits that match a specified value

-desc Description Searches for objects whose descriptions match a specified value.-r Specifies the search to use recursion or follow referrals during the

search process

-limit NumberOfObjects Specifies a limit to the number of matches that are returned for

the search

dsquery partition

The dsquery partition command is used query Active Directory for information about partition

objects and uses the following syntax:

dsquery partition [-o {dn | rdn}] [-part Filter] [{-s Server | -d Domain}]

[{-uc | -uco | -uci}]

Trang 4

Table A.25 details the parameters associated with the dsquery partition command.

Table A.25dsquery partition Parameters

-part Filter Searches for partition objects whose common name matches the

specified value

search process

-limit NumberOfObjects Specifies a limit to the number of matches that are returned for the

search

dsquery *

The dsquery * command is used query Active Directory for information about objects using the

specified criteria for an LDAP query and uses the following syntax:

dsquery * [{ObjectDN | forestroot | domainroot}]

[-scope {subtree | onelevel | base}] [-filter LDAPFilter]

[-attr {AttributeList | *}] [-attrsonly] [-l] [{-s Server | -d Domain}]

[{-uc | -uco | -uci}]

Table A.26 details the parameters associated with the dsquery * command.

Table A.26dsquery * Parameters

ObjectDN | forestroot | domainroot Specifies where the search should start

-scope {subtree | onelevel | base} Specifies the scope of the search

-filter LDAPFilter Specifies an explicit LDAP search filter

-attr {AttributeList | *} Specifies the attributes to display in the search output.-attrsonly Specifies the attribute types to display in the search

output

-l Specifies search output to be displayed in a list instead

of table format

-r Specifies that the search is to use recursion or follow

referrals during the search process

-limit NumberOfObjects Specifies a limit to the number of matches that are

returned for the search

Trang 5

The dsget command can be used to display the selected properties of Active Directory objects.

dsget has the following top-level options:

The dsget computer command is used display the properties of a specified computer in Active

Directory and has two possible usage variations.The first allows you to view the properties formultiple computers, while the second allows you to view the membership information for a

single computer.The dsget computer command uses the following syntax:

dsget computer ComputerDN [-dn] [-samid] [-sid] [-desc] [-loc]

[-disabled] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}]

[-c] [-q] [-l] [{-uc | -uco | -uci}] [-part PartitionDN [-qlimit] [-qused]]

dsget computer ComputerDN [-memberof [-expand]] [{-s Server | -d Domain}]

[-u UserName] [-p {Password | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}]

Table A.27 details the parameters associated with the dsget computer command.

Table A.27 dsget computer Parameters

Trang 6

Table A.27 dsget computer Parameters

-samid Displays the SAM account name of the computer

-sid Displays the SID of the computer

-desc Searches for objects whose description matches the specified value

-loc Displays the location of the computer

-disabled Searches for computers with disabled accounts

-l Specifies search output to be displayed in a list instead of a table

format

-c Specifies the command is to continue processing in the event of an error

-part PartitionDN Connects to the specified directory partition

-qlimit Displays the quota limit in place on the object

-qused Displays the quota used by the object

-memberof Displays the group memberships of the computer

-expand Specifies that group recursion is to occur when locating groups the

computer is a member of

dsget contact

The dsget contact command is used display the properties of a specified contact in Active

Directory and uses the following syntax:

dsget contact ContactDN [-dn] [-fn] [-mi] [-ln] [-display] [-desc]

[-office] [-tel] [-email] [-hometel] [-pager] [-mobile] [-fax] [-iptel]

[-title] [-dept] [-company] [{-s Server | -d Domain}] [-u UserName]

[-p {Password | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}]

Table A.28 details the parameters associated with the dsget contact command.

Table A.28dsget contact Parameters

Switch Function

ContactDN Specifies the distinguished name of the contact information you want to view

-dn Displays the distinguished name of the contact

-fn Displays the first name of the contact

-mi Displays the middle initial of the contact

-ln Displays the last name of the contact

-display Displays the display name of the contact

-desc Displays the description of the contact

Continued

Trang 7

Table A.28dsget contact Parameters

Switch Function

-office Displays the office location of the contact

-tel Displays the telephone number of the contact

-email Displays the e-mail address of the contact

-hometel Displays the home telephone number of the contact

-pager Displays the pager phone number of the contact

-mobile Displays the mobile phone number of the contact

-fax Displays the fax phone number of the contact

-iptel Displays the IP phone number of the contact

-title Displays the title of the contact

-dept Displays the department of the contact

-company Displays the company name of the contact

-c Specifies the command is to continue processing in the event of an error.-l Specifies search output to be displayed in a list instead of a table format

dsget group

The dsget grouip command is used to display the properties of a specified group in Active

Directory and has two possible variations in usage.The first allows you to view the propertiesfor multiple groups, while the second allows you to view the membership information for a

single group.The dsget group command uses the following syntax:

dsget group GroupDN [-dn] [-samid] [-sid] [-desc] [-secgrp] [-scope]

[{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-c] [-q]

[-l] [{-uc | -uco | -uci}] [-part PartitionDN [-qlimit] [-qused]]

dsget group GroupDN [{-memberof | -members}] [-expand]

[{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-c]

[-q] [-l] [{-uc | -uco | -uci}]

Table A.29 details the parameters associated with the dsget group command.

Table A.29dsget group Parameters

Switch Function

GroupDN Specifies the distinguished name of the group information you want to view.

-dn Displays the distinguished name of the group

-samid Displays the SAM account name of the group

Continued

Trang 8

Table A.29dsget group Parameters

-sid Displays the SID of the group

-desc Searches for objects whose description matches the specified value

-secgrp Displays whether or not the group is a security group

-scope Displays information about the scope of the group

-l Specifies search output to be displayed in a list instead of a table format

-part PartitionDN Connects to the specified directory partition.

-qlimit Displays the object quota limit

-qused Displays the quota used by the object

-memberof Displays the group memberships of the group

-members Displays the objects that are members of the group

-expand Specifies that group recursion occurs when locating groups the group is a

member of

dsget ou

The dsget ou command is used display the properties of a specified OU in Active Directory and

uses the following syntax:

dsget ou OrganizationalUnitDN [-dn] [-desc] [{-s Server | -d Domain}]

Table A.30 details the parameters associated with the dsget ou command.

Table A.30dsget ou Parameters

OrganizationalUnitDN Specifies the distinguished name of the OU information you want

to view

-dn Displays the distinguished name of the OU

-desc Displays the description of the OU

-c Specifies the command is to continue processing in the event of an

error

-l Specifies the search output is displayed in a list instead of a table

format

Trang 9

dsget server

The dsget server command is used display the properties of a specified domain controller in

Active Directory and has three possible usage variations.The first allows you to view the eral properties for the specified domain controller, the second allows you to display a listing ofsecurity principals who own the largest number of objects in the directory, and the third allows

gen-you to display a listing of the directory partitions on the specified domain controller.The dsget

server command uses the following syntax:

dsget server ServerDN [-dn] [-desc] [-dnsname] [-site] [-isgc]

[{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-c] [-q]

[-l] [{-uc | -uco | -uci}]

dsget server ServerDN [{-s Server | -d Domain}] [-u UserName]

[-p {Password | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}]

[-topobjowner Display]

dsget server ServerDN [{-s Server | -d Domain}] [-u UserName]

[-p {Password | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}] [-part PartitionDN]

Table A.31 details the parameters associated with the dsget server command.

Table A.31dsget server Parameters

Switch Function

ServerDN Specifies the distinguished name of the domain controller information you

want to view

-dn Displays the distinguished name of the domain controller

-desc Displays the description of the domain controller

-dnsname Displays the DNS host name of the domain controller

-site Displays the site in which the domain controller is located

-isgc Displays whether or not the domain controller is a Global Catalog server.-l Specifies the search output is displayed in a list instead of a table format.-topobjowner Displays a listing of the security principals that own the largest number of

Display directory objects on the server

-part Connects to the specified directory partition

PartitionDN

Trang 10

dsget user

The dsget user command is used display the properties of a specified group in Active Directory

and has two possible variations in usage.The first allows you to view the properties for multipleusers, while the second allows you to view the group membership information for a single user

The dsget user command uses the following syntax:

dsget user UserDN [-dn] [-samid] [-sid] [-upn] [-fn] [-mi] [-ln]

[-display] [-empid] [-desc] [-office] [-tel] [-email] [-hometel] [-pager]

[-mobile] [-fax] [-iptel] [-webpg] [-title] [-dept] [-company] [-mgr]

[-hmdir] [-hmdrv] [-profile] [-loscr] [-mustchpwd] [-canchpwd]

[-pwdneverexpires] [-disabled] [-acctexpires] [-reversiblepwd]

[{-uc | -uco | -uci}] [-part PartitionDN [-qlimit] [-qused]]

dsget user UserDN [-memberof] [-expand] [{-uc | -uco | -uci}]

Table A.32 details the parameters associated with the dsget user command.

Table A.32dsget user Parameters

Switch Function

UserDN Specifies the distinguished name of the user information you want to view

-dn Displays the distinguished name of the user

-samid Displays the SAM name of the user

-upn Displays the user principal name of the user

-sid Displays the SIDs of the user

-fn Displays the first name of the user

-mi Displays the middle initial of the user

-ln Displays the last name of the user

-display Displays the display name of the user

-empid Displays the employee ID of the user

-desc Displays the description of the user

-office Displays the office location of the user

-tel Displays the telephone number of the user

-email Displays the e-mail address of the user

-hometel Displays the home telephone number of the user

-pager Displays the pager phone number of the user

-mobile Displays the mobile phone number of the user

-fax Displays the fax phone number of the user

Continued

Trang 11

Table A.32dsget user Parameters

-iptel Displays the IP phone number of the user

-webpg Displays the Web page of the user

-title Displays the title of the user

-dept Displays the department of the user

-company Displays the company name of the user

-mgr Displays the manager of the user

-hmdir Displays the home directory of the user

-hmdrv Displays the home drive of the user

-profile Displays the profile path of the user

-loscr Displays the logon script path of the user

-mustchpwd Displays whether or not the user must change their password upon next

logon

-canchpwd Displays whether or not the user can change their password

-pwdneverexpires Displays whether or not the user account password expires

-disabled Displays whether or not the user account is disabled

-acctexpires Displays when the user account expires

-reversiblepwd Displays whether or not the user account password is stored usedreversible

encryption

-part Connects to the specified directory partition

PartitionDN

-qlimit Displays the quota limit set for the user

-qused Displays the quota used by the user

-memberof Displays the groups the user is a member of

-expand Specifies that group recursion occurs when locating groups that the

user is a member of

dsget subnet

The dsget subnet command is used display the properties of a specified subnet in Active

dsget subnet SubnetDN [-dn] [-desc] [-loc] [-site]

[-c] [-q] [-l] [{-uc | -uco | -uci}]

Table A.33 details the parameters associated with the dsget subnet command.

Trang 12

Table A.33dsget subnet Parameters

Switch Function

SubnetDN Specifies the distinguished name of the subnet information you want to view

-dn Displays the distinguished name of the subnet

-desc Displays the description of the subnet

-loc Displays the subnet location

-site Displays the site name of the subnet

-l Specifies search output is displayed in a list instead of a table format

dsget site

The dsget site command is used display the properties of a specified site in Active Directory and

dsget site SiteCN [-dn] [-desc] [-autotopology] [-cachegroups]

[-prefGCsite] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}]

[-c] [-q] [-l] [{-uc | -uco | -uci}]

Table A.34 details the parameters associated with the dsget site command.

Table A.34dsget site Parameters

SiteCN Specifies the common name of the site information you want to view

-dn Displays the distinguished name of the site

-desc Displays the description of the site

-autotopology Displays whether or not the automatic intersite topology generation

dsget quota

The dsget quota command is used display the properties of a specified quota specification in

Active Directory and uses the following syntax:

Trang 13

dsget quota ObjectDN [-dn] [-acct] [-qlimit] [{-s Server | -d Domain}]

Table A.35 details the parameters associated with the dsget quota command.

Table A.35dsget quota Parameters

Switch Function

ObjectDN Specifies the distinguished name of the quota information you want to view.

-dn Displays the distinguished name of the quota

-acct Displays the distinguished names for the accounts that the quota is assigned to.-qlimit Displays the quota limit for the specified quota

-qused Displays the quota used for the specified quota

dsget partition

The dsget partition command is used display the properties of a specified partition in Active

dsget partition ObjectDN [-dn] [-qdefault] [-qtmbstnwt]

[-topobjowner Display] [{-s Server | -d Domain}] [-u UserName]

[-p {Password | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}]

Table A.36 details the parameters associated with the dsget partition command.

Table A.36dsget partition Parameters

ObjectDN Specifies the distinguished name of the partition information you

want to view

-dn Displays the distinguished name of the partition

-qdefault Displays the default quota that is applied all security principals.-qtmbstnwt Displays the percent that the tombstone object count should be

reduced

-topobjowner Display Displays a listing of the security principals that own the largest

number of directory objects in the partition

-l Specifies search output is displayed in a list instead of a table format.-c Specifies the command is to continue processing in the event of

an error

Trang 14

The gpresult command can be used to display Group Policy settings and the Resultant Set of

Policy (RSoP) applied to a user and uses the following syntax:

gpresult [/s Computer [/u Domain\User /p Password]] [/user TargetUserName]

[/scope {user | computer}] [{/v | /z}]

Table A.37 details the parameters associated with the gpresult command.

Table A.37gpresult Parameters

/s Computer Specifies the name or IP address of a remote computer

/u Domain\User Specifies a user account whose permissions are to be used to run

the command

/p Password Specifies the password for the provided user account

/user TargetUserName Specifies the user name of user whose RSoP is to be displayed

/scope {user | computer} Displays either computer or user settings

/v Specifies to provide verbose output

/z Specifies that output should display all available information You

can direct the output to a text file by using /z file.txt.

whoami

The whoami command returns information about the currently logged in user including

domain name, computer name, user name, group names, logon identifier, and privileges and usesthe following possible syntaxes:

whoami {/upn | /fqdn | /logonid}

whoami [{/user | /groups | /priv}] [/fo Format]

whoami /all [/fo Format]

Table A.38 details the parameters associated with the whoami command.

Table A.38whoami Parameters

Switch Function

/upn Displays the user name in User Principal Name (UPN) format

/fqdn Displays the user name in FQDN format

/logonid Displays the logon ID

/user Displays the current user name

/groups Displays group names

Continued

Trang 15

Table A.38whoami Parameters

Switch Function

/priv Displays privileges

/fo Format Specifies the output display format Options include:

■ table Displays output in a table This is the default value

■ list Displays output in a list

■ csv Displays output in comma-delimited (.CSV) format/all Displays the user name and groups, SID and privileges in the current access

token

csvde and ldifde

Realizing that administrators may have the need to import and export data into and out ofActive Directory and other Lightweight Directory Access Protocol (LDAP) directory services,Microsoft has provided two utilities to accomplish that task

■ csvde (CSV Directory Exchange ) csvde uses files formatted in the Microsoft

comma-separated value (CSV) format.The advantage of the CSV format is that it issupported by many other applications such as Microsoft Excel and Microsoft Access,thus allowing you to manipulate data in these applications before importing it.The

downside to using csvde is that it only allows the addition of new objects—ldifde allows

the modification of existing objects

■ ldifde (LDAP Data Interchange Format Directory Exchange) ldifde can be

used to extend the Active Directory schema, export data from Active Directory intoother LDAP applications and services and to populate the Active Directory databasewith LDAP data from other directory services LDIF is an Internet standard fileformat for performing batch import and export operations that conform to LDAPstandards

The full syntax of the csvde command is as follows:

csvde [-i] [-f FileName] [-s ServerName] [-c String1 String2] [-v]

[-j Path] [-t PortNumber] [-d BaseDN] [-r LDAPFilter] [-p Scope]

[-l LDAPAttributeList] [-o LDAPAttributeList] [-g] [-m] [-n] [-k]

[-a UserDistinguishedName Password] [-b UserName Domain Password]

The ldifde command also follows the same syntax:

ldifde [-i] [-f FileName] [-s ServerName] [-c String1 String2] [-v]

[-j Path] [-t PortNumber] [-d BaseDN] [-r LDAPFilter] [-p Scope]

[-l LDAPAttributeList] [-o LDAPAttributeList] [-g] [-m] [-n] [-k]

[-a UserDistinguishedName Password] [-b UserName Domain Password]

Trang 16

Table A.39 details the parameters associated with the csvde and ldifde commands.

Table A.39csvde/ldifde Parameters

Basic Global Parameters

-i Specifies to use import mode, if not specified export mode is used

-f FileName Specifies the file name for the import or export operation

-s ServerName Specifies the domain controller that is used for the import or

export operation

-c String1 String2 Specifies that all instances of String1 are to be replaced with

String2.

-t PortNumber Specifies port number connections The default port is 389 for

LDAP and 3268 for Global Catalog servers

Export Related Parameters

-d BaseDN Specifies the distinguished name of the search base for data

export

-r LDAPFilter Specifies an LDAP search filter for data export

-p Scope Specifies the search scope, the scope options are Base, OneLevel,

-g Specifies that paged searches are omitted

-m Specifies to omit attributes that only apply to Active Directory

objects such as the ObjectGUID, objectSID, pwdLastSet and

samAccountType attributes

-n Specifies that the export of binary values it to be omitted

-j Path Specifies the log file path and name

Import Related Parameters

-k Specifies to ignore errors during the import operation and

continue processing

Continued

Trang 17

Table A.39csvde/ldifde Parameters

Credentials Parameters

-a UserDistinguishedName Specifies the command to run using UserDistinguishedName and

Password Password By default, the credentials of the user currently logged

on are used

-b UserName Domain Specifies the command to be run using Username Domain and

Password Password By default, the credentials of the user currently logged

on are used

DNS Management

Microsoft has provided two new DNS management tools for Windows Server 2003: dnscmd and

dnslint As well, the ever-reliable nslookup command is still an important part of any DNS

administrator’s tool kit

dnscmd

This dnscmd command can be used to display and change the properties of DNS servers, zones and resource records.The dnscmd is an enhanced version of the dnsstat command dnscmd has the

following general syntax:

dnscmd ServerName Command [Command Parameters]

The ServerName placeholder is used to specify the DNS server that you wish to manage by IP address, FQDN or host name If the ServerName is not supplied, the command will be processed

on the local server.The following commands are available for use with the dnscmd command:

Trang 18

The dnscmd /ageallrecords command is used to set the time stamp on all resource records to the

current time and uses the following syntax:

dnscmd [ServerName] /ageallrecords ZoneName NodeName [/tree]|[/f]

Table A.39 details the parameters associated with the dnscmd /ageallrecords command.

Trang 19

Table A.39dnscmd /ageallrecords Parameters

Switch Function

ZoneName Specifies the zone FQDN

/NodeName Specifies the node to age

/tree Specifies that all child nodes should also be aged

/f Specifies that confirmation is not required to age the records

dnscmd /clearcache

The dnscmd /clearcache command is used to clear the DNS cache of resource records and uses

dnscmd [ServerName] /clearcache

dnscmd /config

The dnscmd /config command is used to change values in the registry for a DNS server and its

zones and uses the following syntax:

dnscmd [ServerName] /config ServerOption [Value] ZoneOption [Value]

Table A.40dnscmd /config Server Level Parameters

Server Option Switch Function

/addressanswerlimit [0|5-28] Specifies the maximum number of host records that a DNS

server can send in response to a query The default value is 0; other possible values can be between 5 and 28

/bindsecondaries [0|1] Specifies whether or not to use fast zone transfers The

default setting of 1 disables this option

/bootmethod [0|1|2|3] Specifies where the DNS server loads its configuration

infor-mation from at startup The default setting is 3

Continued

Trang 20

■ 0 No source

■ 1 Loads from the BIND file that is located in the DNS directory

■ 2 Loads from the registry

■ 3 Loads from Active Directory and the registry/defaultagingstate [0|1] Specifies whether or not scavenging is enabled on newly

created zones The default setting of 1 disables this option

/defaultnorefreshinterval Specifies a period of time during which refreshes are not

[0x1-0xFFFFFFFF|0xA8] accepted for dynamically updated records The default value

is 0xA8

/defaultrefreshinterval Specifies a period of time during which refreshes are

[0x1-0xFFFFFFFF|0xA8] accepted for dynamically updated records The default value

is 0xA8

/disableautoreversezones [0|1] Specifies whether or not reverse lookup zones are to be

automatically created The default setting of 0 enables this option

/disablensrecordsautocreation Specifies whether or not the DNS server automatically

cre-[0|1] ates NS records for the zones that it hosts

/dspollinginterval 0-30 Specifies how often the DNS server will poll Active Directory

for changes in Active Directory integrated zones

/dstombstoneinterval [1-30] Specifies the amount of time in seconds that tombstoned

records should be kept alive in Active Directory

/ednscachetimeout Specifies the number of seconds that Extension Methods for [3600-15724800] DNS (EDNS) information is cached The default is 604,800

seconds

/enableednsprobes [0|1] Specifies whether or not EDNS probes are enabled

/enablednssec [0|1] Specifies whether or not the DNS Security Extensions

(DNSSEC) are enabled

/eventloglevel [0|1|2|4] Specifies the level of logging that is to occur in the DNS log

The default value is 4

■ 0 Logs no events

■ 1 Logs only errors

■ 2 Logs only errors and warnings

■ 4 Logs errors, warnings, and informational events/forwarddelegations [0|1] Specifies how a query for a delegated zone is to be handled

by the DNS server The default value is 0

Continued

Trang 21

■ 0 Automatically sends queries referring to gated subzones to the appropriate subzone

dele-■ 1 Forwards queries referring to the delegated subzone to the existing forwarders

/forwardingtimeout [0x1- Specifies how many seconds that a DNS will wait for a 0xFFFFFFFF|0x5] warder to respond before querying another one The default

for-value is 0x5 (5 seconds)

/isslave [0|1] Specifies how the DNS server will respond when a forwarded

query receives no response The default value is 0

■ 0 If the forwarder does not respond, the serverattempts to resolve the query itself

■ 1 If the forwarder does not respond, the serverterminates the search and sends a failure to theresolver

/localnetpriority [0|1] Specifies the order in which the host records are returned

when the DNS server has multiple host records for the same name The default value is 1

■ 0 Returns the records in the order in which they are listed in the DNS database

■ 1 Returns the records that have similar IP work addresses first

net-/logfilemaxsize Specifies the maximum size in bytes that the DNS.log

[0x10000-0xFFFFFFFF| file can grow to The default size is 0x400000 (4MB)

/loglevel [EventType] Specifies the types of events that are to be logged in the

DNS.log file The default value is 0x0

■ 0x0 The DNS server does not create a log

■ 0x10 Logs queries

■ 0x10 Logs notifications

■ 0x20 Logs updates

■ 0xFE Logs non-query

■ 0x100 Logs question transactions

Continued

Trang 22

■ 0x200 Logs answers

■ 0x1000 Logs send packets

■ 0x2000 Logs receive packets

■ 0x4000 Logs UDP packets

■ 0x8000 Logs TCP packets

■ 0xFFFF Logs all packets

■ 0x10000 Logs Active Directory write transactions

■ 0x20000 Logs Active Directory update transactions

■ 0x1000000 Logs full packets

■ 0x80000000 Logs write-through transactions/maxcachesize Specifies the maximum allowable size of the DNS server’s

cache

/maxcachettl [0x0-0xFFFFFFFF| Specifies the time in seconds that a record is maintained in 0x15180] the cache The default setting is 0x15180 (86,400 seconds)

/maxnegativecachettl [0x1- Specifies the time in seconds that an entry causing a

nega-0xFFFFFFFF|0x384] tive answer to a query remains in the cache The default

setting is 0x384 (900 seconds)

/namecheckflag [0|1|2|3] Specifies which character standard is to be used for allowing

DNS names The default value is 3

■ 0 Uses ANSI characters that comply with IETFRequests For Comment (RFCs)

■ 1 Uses ANSI characters that do not necessarilycomply with IETF RFCs

■ 2 Uses multibyte UTF8 characters

■ 3 Uses all characters/norecursion [0|1] Specifies whether or not a DNS server will perform recursive

name resolution The default value is 0

/recursionretry [0x1- Specifies the time in seconds that the server will wait before 0xFFFFFFFF|0x3] trying again to contact a remote server The default value is

0x3 (3 seconds)

/recursiontimeout [0x1- Specifies the time in seconds that a DNS server will wait

0xFFFFFFFF|0xF] before discontinuing attempts to contact a remote server

The default value is 0xF (15 seconds)

Continued

Trang 23

/roundrobin [0|1] Specifies how host records are retuned when multiple host

records exist for the same name The default value is 1./rpcprotocol [0x0|0x1|0x2| Specifies the protocol that RPC will use when making a new 0x4|0xFFFFFFFF] connection from the DNS server The default value is

value is 0x0, which will disable scavenging

/secureresponses [0|1] Specifies whether or not DNS filters the records that are in

the cache The default value is 0

■ 0 Saves all responses to name queries to a cache

■ 1 Saves only the records that belong to the same DNS subtree to a cache

/sendport Specifies the port number that DNS will use to send

[0x0-0xFFFFFFFF|0x0] recursive queries The default value of 0x0 specifies a

random port

/strictfileparsing [0|1] Specifies the behavior of the DNS server when it encounters

an error while loading the zone data The default value is 0

■ 0 Continues to load even if the server encounters

an erroneous record, the error is recorded in the DNS log

■ 1 Stops loading and records the error in the DNS log

/updateoptions RecordValue Specifies that dynamic updates are prohibited for specific

record types Multiple records can be prohibited by using thehexadecimal sum of their individual values

■ 0x0 Does not restrict any record types

■ 0x1 Excludes Start of Authority (SOA ) records

■ 0x2 Excludes name server (NS ) records

■ 0x4 Excludes delegation NS records

Trang 24

■ 0x8 Excludes server host records

■ 0x100 On secure dynamic update, excludes SOArecords

■ 0x200 On secure dynamic update, excludes root

NS records

■ 0x30F On standard dynamic update, excludes

NS, SOA, and server host records; for securedynamic update, excludes root NS and SOA records

■ 0x400 On secure dynamic update, excludes egation NS records

del-■ 0x800 On secure dynamic update, excludesserver host records

■ 0x1000000 Excludes DS records

■ 0x80000000 Disables DNS dynamic update/writeauthorityns [0|1] Specifies when the DNS server will write NS records in the

authority section of a response The default value is 0

■ 0 Writes NS records in the Authority section ofreferrals only

■ 1 Writes NS records in the Authority section ofall successful authoritative responses

/xfrconnecttimeout Specifies the time in seconds that a primary DNS server will [0x0-0xFFFFFFFF|0x1E] wait for a zone transfer response from a secondary The

default value is 0x1E (30 seconds)

Table A.41dnscmd /config Zone Level Parameters

Zone Option Switch Function

/aging Specifies whether or not scavenging is enabled for the specified

zone

/allownsrecordsautocreation Forces an override on the DNS server’s NS record autocreation

setting for the specified zone

/allowupdate Specifies whether or not the specified zone will accept

dynamic updates for the specified zone

/forwarderslave Forces an override on the DNS server /isslave setting for the

specified zone

Continued

Trang 25

Table A.41dnscmd /config Zone Level Parameters

Zone Option Switch Function

/forwardertimeout Specifies how many seconds the specified zone waits for a

for-warder to respond before contacting another for the specified zone

/norefreshinterval Specifies the time interval during which no refreshes can be

made to dynamically created records for the specified zone./refreshinterval Specifies the time interval during which refreshes are allowed

to dynamically created records for the specified zone

/securesecondaries Specifies which secondary servers are allowed to receive

updates from the master for the specified zone

dnscmd /createbuiltindirectorypartitions

The dnscmd /createbuiltindirectorypartitions command is used to create a DNS application directory

partition and uses the following syntax:

dnscmd [ServerName] /createbuiltindirectorypartitions [/forest]

/forest Creates a DNS directory partition in the specified forest

/alldomains Creates a DNS directory partition in all domains in the forest

dnscmd /createdirectorypartition

The dnscmd /createdirectorypartition command is used to create an additional DNS application

directory partition and uses the following syntax:

dnscmd [ServerName] /createdirectorypartition FQDNofDP

The FQDNofDP placeholder specifies the FQDN of the DNS application partition.

dnscmd /deletedirectorypartition

The dnscmd /deletedirectorypartition command is used to delete a DNS application directory

parti-tion and uses the following syntax:

dnscmd [ServerName] /deletedirectorypartition FQDNofDP

Trang 26

dnscmd /directorypartitioninfo

The dnscmd /directorypartitioninfo command is used to display information about a DNS

applica-tion directory partiapplica-tion and uses the following syntax:

dnscmd [ServerName] /directorypartitioninfo FQDNofDP [/detail]

Table A.43 details the parameters associated with the dnscmd /directorypartitioninfo command.

Table A.43dnscmd /directorypartitioninfo Parameters

Switch Function

FQDNofDP Specifies the DNS application partition FQDN

/detail Displays all information about the partition

dnscmd /enlistdirectorypartition

The dnscmd /enlistdirectorypartition command is used to add the specified DNS server to a DNS

application directory partition replica set and uses the following syntax:

dnscmd [ServerName] /enlistdirectorypartition FQDNofDP

dnscmd /enumdirectorypartitions

The dnscmd /enumdirectorypartitions command is used to list information about the DNS

applica-tion partiapplica-tions on a specified server and uses theand uses the following syntax:

dnscmd [ServerName] /enumdirectorypartitions [/custom]

The /custom parameter specifies that only user created application partitions are to be listed.

dnscmd /enumrecords

The dnscmd /enumrecords command is used to list resource records in a specified DNS zone and

dnscmd [ServerName] /enumrecords ZoneName NodeName [/type RRType RRData]

[/authority] [/glue] [/additional] [/node |/child |/startchild ChildName]

[/continue |/detail]

Table A.44 details the parameters associated with the dnscmd /enumrecords command.

Trang 27

Table A.44dnscmd /enumrecords Parameters

ZoneName Specifies the zone name

NodeName Specifies the node name

/type RRType RRData Specifies the type of record and type of data

/authority Specifies to include authoritative data

/glue Specifies to include glue data

/additional Specifies to include all information is to be included in the output./node Lists only records of the specified node

/child Lists only records of the specified child

/startchild ChildName Lists records starting at the specified child

/continue Specifies to display only the record and data type

/detail Specifies to display all information about a record

dnscmd /enumzones

The dnscmd /enumzones command is used to list zones that exist on a specified server and uses

Table A.45 details the parameters associated with the dnscmd /enumzones command.

Table A.45dnscmd /enumzones Parameters

/primary Lists all standard primary or Active Directory integrated zones./secondary Lists all standard secondary zones

/forwarder Lists all zones that forward queries to another DNS server

/cache Lists all zones that are loaded into the cache

/auto-created Lists all zones that were automatically created during the DNS

server installation

/forward Lists all forward lookup zones

/reverse Lists all reverse lookup zones

Continued

Trang 28

Table A.45dnscmd /enumzones Parameters

/ds Lists all Active Directory integrated zones

/file Lists all zones that are not Active Directory integrated

/domaindirectorypartition Lists all zones that are stored in the domain directory partition./forestdirectorypartition Lists all zones that are stored in the forest DNS application

directory partitions

/customdirectorypartition Lists all zones that are stored in user created application

direc-tory partitions

/legacydirectorypartition Lists all zones that are stored in the domain directory partition

/directorypartition DPFQDN Lists all zones that are stored in the specified directory partition.

dnscmd /info

The dnscmd /info command is used to display the registry settings in the

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\

Parameters key and uses the following syntax:

dnscmd [ServerName] /info [Setting]

The settings that can be displayed are those listed under the dnscmd /config command in

Table A.40

dnscmd /nodedelete

The dnscmd /nodelete command is used to delete all records on a specified server and uses the

following syntax:

dnscmd [ServerName] /nodedelete ZoneName NodeName [/tree] [/f]

Table A.46 details the parameters associated with the dnscmd /nodelete command.

Table A.46dnscmd /nodelete Parameters

ZoneName Specifies the name of the zone

NodeName Specifies the name of the node

/tree Specifies to delete all child records

/f Specifies to not display confirmation during the process

dnscmd /recordadd

The dnscmd /recordadd command is used to add a record to the specified zone has the following

syntax:

Trang 29

dnscmd [ServerName] /recordadd ZoneName NodeName RRType RRData

Table A.47 details the parameters associated with the dnscmd /recordadd command.

Table A.47dnscmd /recordadd Parameters

RRType Specifies the type of record to add

RRData Specifies the record data

dnscmd /recorddelete

The dnscmd /recorddelete command is used to add a delete a record from the specified zone has

dnscmd ServerName /recorddelete ZoneName NodeName RRType RRData [/f]

Table A.48 details the parameters associated with the dnscmd /recorddelete command.

Table A.48dnscmd /recorddelete Parameters

Switch Function

RRType Specifies the type of record to delete

RRData Specifies the record data that is expected

/f Specifies to not display confirmation during the process

dnscmd /resetforwarders

The dnscmd /resetforwarders command is used to set the IP addresses to which the specified DNS

server will forward DNS queries and uses the following syntax:

dnscmd [ServerName] /resetforwarders [IPAddress]

[/timeout TimeOut] [/slave|/noslave]

Table A.49 details the parameters associated with the dnscmd /resetforwarders command.

Table A.49dnscmd /resetforwarders Parameters

Trang 30

Table A.49dnscmd /resetforwarders Parameters

/timeout TimeOut Specifies the time (seconds) that the DNS server waits for a response

from the forwarder

/slave Specifies that the DNS server to not perform its own iterative queries if

the forwarder fails to resolve the query

/noslave Specifies that the DNS server to perform its own iterative queries if the

forwarder fails to resolve the query

dnscmd /resetlistenaddresses

The dnscmd /resetlistenaddresses command is used to set the IP addresses on the specified server

that listens for DNS requests and uses the following syntax:

dnscmd [ServerName] /resetlistenaddresses [ListenAddress]

The ListenAddress placeholder specifies the IP address to listen to for DNS client requests.

dnscmd /startscavenging

The dnscmd /startscavenging command is used to immediately start scavenging on the specified

server and uses the following syntax:

dnscmd [ServerName] /startscavenging

dnscmd /statistics

The dnscmd /statistics command is used to display or clear statistics on the specified server and

dnscmd [ServerName] /statistics [StatID] [/clear]

Table A.50 details the parameters associated with the dnscmd /statistics command.

Table A.50dnscmd /statistics Parameters

Trang 31

Table A.50dnscmd /statistics Parameters

dnscmd /unenlistdirectorypartition

The dnscmd /unenlistdirectorypartition command is used to remove the specified server from the

specified directory partition replica set and uses the following syntax:

dnscmd [ServerName] /unenlistdirectorypartition FQDNofDP

dnscmd /writebackfiles

The dnscmd /writebackfiles command is used to commit any changes being held in memory to

the zone file and uses theand uses the following syntax:

dnscmd [ServerName] /writebackfiles [ZoneName]

The ZoneName parameter specifies the zone to work with.

Trang 32

Table A.51dnscmd /zoneadd Parameters

Switch Function

ZoneName Specifies the zone that to create

ZoneType Specifies the type of zone to create

/dp FQDN Specifies the FQDN of the directory partition that the zone is to be created in./domain Specifies to create the zone on the domain directory partition

/enterprise Specifies to create the zone is on the enterprise directory partition

/legacy Specifies to create the zone on a legacy directory partition

dnscmd /zonechangedirectorypartition

The dnscmd /zonechangedirectorypartition command is used to change the directory partition the

specified zone resides on and uses the following syntax:

dnscmd [ServerName] /zonechangedirectorypartition [ZoneName]

ZoneName Specifies the current FQDN of the partition the zone resides in

NewPartitionName Specifies the FQDN of the partition to move the zone to

ZoneType Specifies the type of zone to move

dnscmd /zonedelete

The dnscmd /zonedelete command is used to delete the specified zone and uses the following

syntax:

dnscmd [ServerName] /zonedelete ZoneName [/dsdel] [/f]

Table A.53 details the parameters associated with the dnscmd /zonedelete command.

Table A.53dnscmd /zonedelete Parameters

Switch Function

ZoneName Specifies the FQDN of the zone to delete

/dsdel Specifies that the zone is to be deleted from Active Directory

/f Specifies the command to proceed without prompting

Trang 33

dnscmd /zoneexport

The dnscmd /zoneexport command is used to create a text file listing the resource records of the

specified zone and uses the following syntax:

dnscmd [ServerName] /zoneexport ZoneName ZoneExportFile

Table A.54 details the parameters associated with the dnscmd /zoneexport command.

Table A.54dnscmd /zoneexport Parameters

Switch Function

ZoneName Specifies the FQDN of the zone to list

ZoneExportFile Specifies the name of the file to create.

dnscmd /zoneinfo

The dnscmd /zoneinfo command is used to display settings from the HKEY_LOCAL

_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\Zones\Zone Name Registry key and uses the following syntax:

dnscmd [ServerName] /zoneinfo ZoneName [Setting]

The settings that can be displayed are those listed under the dnscmd /config command in

Table A.41

dnscmd /zonepause

The dnscmd /zonepause command is used to pause the specified zone and uses the following

syntax:

dnscmd [ServerName] /zonepause ZoneName

The ZoneName parameter specifies the zone to pause.

dnscmd /zoneprint

The dnscmd /zoneprint command is used to list the records in the specified zone and uses the

following syntax:

dnscmd [ServerName] /zoneprint ZoneName

The ZoneName parameter specifies the zone to list.

dnscmd /zoneresettype

The dnscmd /zoneresettype command is used to change the zone type of the specified zone and

dnscmd [ServerName] /zoneresettype ZoneName ZoneType

[/overwrite_mem|/overwrite_ds]

Trang 34

Table A.55 details the parameters associated with the dnscmd /zoneresettype command.

Table A.55dnscmd /zoneresettype Parameters

ZoneName Specifies the FQDN of the zone to change

ZoneType Specifies the zone type to create

/overwrite_mem Specifies that existing data is to be overwritten with data from Active

Định dạng
Số trang	74
Dung lượng	400,81 KB