You have two types of zones, the forest and domain DNS zones.
To get Forest DNS zones that are not protected from additional deletion, you can use the following PS command (change the -Searchbase to your forest in both commands):
FOREST:
Get-ADObject -Filter 'ObjectClass -like "dnszone"' -SearchScope Subtree -SearchBase "DC=ForestDnsZones,DC=domain,DC=com" -properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $False} | Select name,protectedfromaccidentaldeletion | out-gridview
To set protection use the following command:
Get-ADObject -Filter 'ObjectClass -like "dnszone"' -SearchScope Subtree -SearchBase "DC=ForestDnsZones,DC=domain,DC=com" -properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $False} | Set-ADObject –ProtectedFromAccidentalDeletion $true
DOMAIN:
To get Domain DNS zones that are not protected from additional deletion, you can use the following PS command (change the -Searchbase to your domain in both commands):
Get-ADObject -Filter 'ObjectClass -like "dnszone"' -SearchScope Subtree -SearchBase "DC=DomainDnsZones,DC=subdomain,DC=domain,DC=com" -properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $False} | Select name,protectedfromaccidentaldeletion | out-gridview
To set protection use the following command:
Get-ADObject -Filter 'ObjectClass -like "dnszone"' -SearchScope Subtree -SearchBase "DC=DomainDnsZones,DC=subdomain,DC=domain,DC=com" -properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $False} | Set-ADObject –ProtectedFromAccidentalDeletion $true
No comments:
Post a Comment