By Bryan Keadle

If you’re using Dynamic DNS for a DNS zone, you might notice that you’ll have many old, obsolete records (that is, eDirectory objects) hanging around for no good reason, in fact, are just additional objects that need to be syncronized among your replicas. Here’s a tip for cleaning out these objects en masse for a cleaner, leaner NDS Tree.

Quick: how many *VALID* DNS entries do you have in your Dynamic DNS Zone? If you go to ConsoleOne, open your zone, you’ll get a count of the objects in the zone, like this:


But how many of those are actually “valid”? That is, actually have an IP address pointer to the DNS name?

In reviewing my primary DNS zone entries through the DNS/DHCP Manager, I noticed *many* records that had no associated IP address, and thus produces a long list to have to browse through when managing my DNS:


(Notice the entries that are expanded, yet nothing below them.)

This would be a very tedious process to not only expand each of the objects to see whether its “valid”, but also to manually delete each object…you can’t multi-select here.

I wanted a way to keep these objects cleaned up, scheduled to run automatically on a weekly basis which would not only provide me a leaner list to browse through when managing my DNS objects, but also reduce the number of NDS objects that need to be syncronized within my tree.

Whenever I need to do anything en masse like this, and particularly on a schedule thus requiring a scriptable solution, I turn to one of my favorite tool sets, JRB Software. If you don’t already have JRB Software in your toolbox for doing most anything Netware/eDir related en masse, you’re probably spending more time than you need to when doing mass updates to your tree! This is a perfect example.

Here’s a single command using JRB’s getname.exe that will find all DNS objects that don’t have an associated IP Address (dnip:rr attribute) and create an output file listing these found objects:

getname .*.ZONE_DOMAIN_COM.OU.O  /o="dnip:dns rrset" /na /f=dnip:rr /a=%%login_name /yd /j /l=none,ddnsclean.lst,nowrap

I can now use the list file generated, ddnsclean.lst, as the input file for JRB’s delobj.exe utility to actually delete these found, invalid objects:

delobj @ddnsclean.lst /f/v/l=none,deleted.log,append

Having done these steps for my DNS zone, I reduced my object count from 816 objects, to 446 valid objects! That’s gotta be better for my tree syncronization. :-)

For your convenience, I have included my script file for download which is a nice “wrapper” front end to this task as I’ve explained it here. Review the contents of the file, and enter your variables to fit your environment:

set CX=OU.O
set JRBPATH=x:\jrb\jrb32
set LOG=X:\LOGS\DDNSClean.log

ZONE: Zone name (NDS container containing your DNS objects)
CX: Context where your zone exists. In this example, the full path to the “NDS Zone container” would be: .DNS_ZONE_NAME.OU.O
JRBPATH: location of your JRB32 utility files
LOG: filename (and path) specifying where you want the logging to occur

SYNTAX: NWDDNSClean (param1)

if any parameter is included on the command line, you will be able to view the list file of objects to be deleted, and prompted whether to continue to delete the objects remaining in the list file after you have finished editing the list file


0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
By: bkeadle
Nov 13, 2006
1:23 pm
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Sentinel Supported Troubleshooting Workflow