Tuesday, September 26, 2006

Enumerating the devices registered via ActiveSync on all mailboxes on a server via a script

There are a bunch of tools around to get information about devices that are in use via Active sync such as the ActiveSync administration tool and also this method of using the logs that was blogged about on the Exchange Team blog. But if your after another method of enumerating all the devices in all mailboxes on a server here's something that might help out.

The script works by using WebDAV and the Exadmin virtual directory (which means you won’t need full rights to everybody’s mailbox to run this script just delegated Exchange administration rights). To work out what path to use the script first queries for the default recipient policy in a domain and retrieves the default SMTP address within that policy. This is used to build the path for the Exadmin virtual directory. Another ADSI query then queries for all mailboxes on a server and then feeds the name of these mailboxes into a function those queries for the ActiveSync folder within each mailbox. The script first searches the non_ipm_subtree of a mailbox to see if the Microsoft-Server-ActiveSync exists on that mailbox. If the folder is found another query is then done to enumerate the folders under that Microsoft-Server-ActiveSync folder. This will usually be PocketPC or Smartphone depending on the type of devices being used a search of any folders that are found is done which should then find a folder for each device that has been registered. Finally a search of the device folder is done to show the Sync files that are listed under that folder and what dates they where last modified. All the information that the searches recovered is then put together into a HTML table which is then written to a file located in the c:\temp folder called asreport.htm

To run the script it takes one command line parameter which is the name of the server you want to run it against (eg cscript showasyncv2.vbs servername). By default the script isn’t using SSL which may mean you need to adjust the following line if you are using SSL on the ExAdmin Directory

Eg change

falias = "http://" & servername & "/exadmin/admin/" & dpDefaultpolicy & "/mbx/"

to

falias = "https://" & servername & "/exadmin/admin/" & dpDefaultpolicy & "/mbx/"

I’ve put a downloadable copy of the script here the code itself looks like


servername = wscript.arguments(0)
set shell = createobject("wscript.shell")
strValueName =
"HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias"
minTimeOffset = shell.regread(strValueName)
toffset = datediff("h",DateAdd("n", minTimeOffset, now()),now())

report = "<table border=""1"" width=""100%"">" & vbcrlf
report = report & " <tr>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font
color=""#FFFFFF"">DisplayName</font></b></td>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font
color=""#FFFFFF"">Email Address</font></b></td>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font
color=""#FFFFFF"">Device Type</font></b></td>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font
color=""#FFFFFF"">Device ID</font></b></td>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font
color=""#FFFFFF"">FolderSync</font></b></td>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font
color=""#FFFFFF"">ContactSync</font></b></td>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font
color=""#FFFFFF"">CalendarSync</font></b></td>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font
color=""#FFFFFF"">autdstate.xml</font></b></td>" & vbcrlf
report = report & "</tr>" & vbcrlf
set req = createobject("microsoft.xmlhttp")
set com = createobject("ADODB.Command")
set conn = createobject("ADODB.Connection")
Set iAdRootDSE = GetObject("LDAP://RootDSE")
strNameingContext = iAdRootDSE.Get("configurationNamingContext")
strDefaultNamingContext = iAdRootDSE.Get("defaultNamingContext")
Conn.Provider = "ADsDSOObject"
Conn.Open "ADs Provider"
polQuery = "<LDAP://" & strNameingContext &
">;(&(objectCategory=msExchRecipientPolicy)(cn=Default
Policy));distinguishedName,gatewayProxy;subtree"
svcQuery = "<LDAP://" & strNameingContext &
">;(&(objectCategory=msExchExchangeServer)(cn=" & Servername &
"));cn,name,legacyExchangeDN;subtree"
Com.ActiveConnection = Conn
Com.CommandText = polQuery
Set plRs = Com.Execute
while not plRs.eof
for each adrobj in plrs.fields("gatewayProxy").value
if instr(adrobj,"SMTP:") then dpDefaultpolicy = replace(adrobj,"SMTP:@","")
next
plrs.movenext
wend
wscript.echo dpDefaultpolicy
Com.CommandText = svcQuery
Set Rs = Com.Execute
while not rs.eof
GALQueryFilter = "(&(&(&(& (mailnickname=*)(!msExchHideFromAddressLists=TRUE)(|
(&(objectCategory=person)(objectClass=user)(msExchHomeServerName=" &
rs.fields("legacyExchangeDN") & ")) )))))"
strQuery = "<LDAP://" & strDefaultNamingContext & ">;" & GALQueryFilter &
";displayname,mail,distinguishedName,mailnickname,proxyaddresses;subtree"
com.Properties("Page Size") = 100
Com.CommandText = strQuery
Set Rs1 = Com.Execute
while not Rs1.eof
falias = "http://" & servername & "/exadmin/admin/" & dpDefaultpolicy & "/mbx/"
for each paddress in rs1.fields("proxyaddresses").value
if instr(paddress,"SMTP:") then falias = falias & replace(paddress,"SMTP:","") &
"/non_ipm_subtree"
next
wscript.echo falias
SerachAsync(falias)
rs1.movenext
wend
rs.movenext
wend
rs.close
set conn = nothing
set com = nothing
report = report & "</table>" & vbcrlf
Set fso = CreateObject("Scripting.FileSystemObject")
set wfile = fso.opentextfile("c:\temp\asreport.htm",2,true)
wfile.write report
wfile.close
set wfile = nothing
set fso = nothing

wscript.echo "Done"

sub SerachAsync(furl)
strQuery = "<?xml version=""1.0""?><D:searchrequest xmlns:D = ""DAV:"" >"
strQuery = strQuery & "<D:sql>SELECT
""http://schemas.microsoft.com/mapi/proptag/x3001001E"""
strQuery = strQuery & " FROM scope('shallow traversal of """
strQuery = strQuery & furl & """') Where ""DAV:ishidden"" = False AND
""DAV:isfolder"" = True AND "
strQuery = strQuery & """http://schemas.microsoft.com/mapi/proptag/x3001001E"" =
'Microsoft-Server-ActiveSync'</D:sql></D:searchrequest>"
req.open "SEARCH", furl, false
req.setrequestheader "Content-Type", "text/xml"
req.setRequestHeader "Translate","f"
on error resume next
req.send strQuery
if err.number <> 0 then wscript.echo err.description
on error goto 0
If req.status >= 500 Then
ElseIf req.status = 207 Then
set oResponseDoc = req.responseXML
set oNodeList = oResponseDoc.getElementsByTagName("d:x3001001E")
if oNodeList.length <> 0 then
wscript.echo "Active-Sync Folder Exists"
displayAyncSub(furl & "/Microsoft-Server-ActiveSync")
else
wscript.echo "No Active-Sync Folder"
end if
Else
End If

end sub

sub displayAyncSub(furl)

strQuery = "<?xml version=""1.0""?><D:searchrequest xmlns:D = ""DAV:"" >"
strQuery = strQuery & "<D:sql>SELECT
""http://schemas.microsoft.com/mapi/proptag/x3001001E"""
strQuery = strQuery & " FROM scope('shallow traversal of """
strQuery = strQuery & furl & """') Where ""DAV:ishidden"" = False AND
""DAV:isfolder"" = True</D:sql></D:searchrequest>"
req.open "SEARCH", furl, false
req.setrequestheader "Content-Type", "text/xml"
req.setRequestHeader "Translate","f"
on error resume next
req.send strQuery
if err.number <> 0 then wscript.echo err.description
on error goto 0
If req.status >= 500 Then
ElseIf req.status = 207 Then
set oResponseDoc = req.responseXML
set oNodeList = oResponseDoc.getElementsByTagName("d:x3001001E")
for each node in oNodeList
call displaydeviceSub(furl & "/" & node.text,node.text)
next
Else
End If
end sub

sub displaydeviceSub(furl,fname)

strQuery = "<?xml version=""1.0""?><D:searchrequest xmlns:D = ""DAV:"" >"
strQuery = strQuery & "<D:sql>SELECT
""http://schemas.microsoft.com/mapi/proptag/x3001001E"""
strQuery = strQuery & " FROM scope('shallow traversal of """
strQuery = strQuery & furl & """') Where ""DAV:ishidden"" = False AND
""DAV:isfolder"" = True</D:sql></D:searchrequest>"
req.open "SEARCH", furl, false
req.setrequestheader "Content-Type", "text/xml"
req.setRequestHeader "Translate","f"
on error resume next
req.send strQuery
if err.number <> 0 then wscript.echo err.description
on error goto 0
If req.status >= 500 Then
ElseIf req.status = 207 Then
set oResponseDoc = req.responseXML
set oNodeList = oResponseDoc.getElementsByTagName("d:x3001001E")
for each node in oNodeList
report = report & "<tr>" & vbcrlf
report = report & "<td align=""center"">" & rs1.fields("displayname") &
"&nbsp;</td>" & vbcrlf
report = report & "<td align=""center"">" & rs1.fields("mail") & "&nbsp;</td>" &
vbcrlf
report = report & "<td align=""center"">" & fname & "&nbsp;</td>" & vbcrlf
report = report & "<td align=""center"">" & node.text & "&nbsp;</td>" & vbcrlf
report = report & finditems(furl & "/" & node.text)
report = report & "</tr>" & vbcrlf
next
Else
End If
end sub

function finditems(furl)

hascalsyc = 0
hasfolsyc = 0
hasconsyc = 0
hasautd = 0
rback = ""
strQuery = "<?xml version=""1.0""?><D:searchrequest xmlns:D = ""DAV:"" >"
strQuery = strQuery & "<D:sql>SELECT ""DAV:displayname"",
""DAV:getlastmodified"""
strQuery = strQuery & " FROM scope('shallow traversal of """
strQuery = strQuery & furl & """') Where ""DAV:isfolder"" =
False</D:sql></D:searchrequest>"
req.open "SEARCH", furl, false
req.setrequestheader "Content-Type", "text/xml"
req.setRequestHeader "Translate","f"
on error resume next
req.send strQuery
if err.number <> 0 then wscript.echo err.description
on error goto 0
rem wscript.echo req.responsetext
If req.status >= 500 Then
ElseIf req.status = 207 Then
set oResponseDoc = req.responseXML
set oNodeList = oResponseDoc.getElementsByTagName("a:displayname")
set oNodemodlist = oResponseDoc.getElementsByTagName("a:getlastmodified")
wscript.echo oNodeList.length
for i = 1 to oNodeList.length
set onode = oNodeList.nextNode
set onode1 = oNodemodlist.nextNode
select case lcase(onode.text)
case "calendarsyncfile" hascalsyc = 1
hascalsycval = DateAdd("h",toffset,(left(replace(replace(onode1.text,"T","
"),"Z",""),19)))
case "foldersyncfile" hasfolsyc = 1
hasfolsycval = DateAdd("h",toffset,(left(replace(replace(onode1.text,"T","
"),"Z",""),19)))
case "contactssyncfile" hasconsyc = 1
hasconsycval = DateAdd("h",toffset,(left(replace(replace(onode1.text,"T","
"),"Z",""),19)))
case "autdstate.xml" hasautd = 1
hasautdval = DateAdd("h",toffset,(left(replace(replace(onode1.text,"T","
"),"Z",""),19)))
end select
next
Else
End If
wscript.echo hasfolsyc
if hasfolsyc = 1 then
rback = rback & "<td align=""center"">" & hasfolsycval & "&nbsp;</td>" & vbcrlf
else
rback = rback & "<td align=""center"">No&nbsp;</td>" & vbcrlf
end if
if hasconsyc = 1 then
rback = rback & "<td align=""center"">" & hasconsycval & "&nbsp;</td>" & vbcrlf
else
rback = rback & "<td align=""center"">No&nbsp;</td>" & vbcrlf
end if
if hascalsyc <> 0 then
rback = rback & "<td align=""center"">" & hascalsycval & "&nbsp;</td>" & vbcrlf
else
rback = rback & "<td align=""center"">No&nbsp;</td>" & vbcrlf
end if
if hasautd <> 0 then
rback = rback & "<td align=""center"">" & hasautdval & "&nbsp;</td>" & vbcrlf
else
rback = rback & "<td align=""center"">No&nbsp;</td>" & vbcrlf
end if
finditems = rback
end function

Wednesday, September 20, 2006

Doing a RBL or MultiRBL check in a Powershell script

[Updated Script to work with RC2 of powershell]

A couple of weeks ago I blogged this script that allowed DNS operations like MX , PTR and SPF queries from a powershell script based on a C# class from Peter Bromberg. Since then I’ve added some more functionality to the code to give the ability to look up DNS RBL lists. A lot of people use DNSBL’s as a way of fighting SPAM but every now and again you may find a legitimate server that has been blacklisted on one of the many lists around for some reason. Wikipedia has a great entry that describes what RBL’s are and how they work essentially they are just another DNS zone that you query using a normal DNS A record lookup. So for example say you want to look up the IP address 192.168.8.2 to see if this is listed in the RBL list from SpamHaus you basically need to first reverse the IP address bytes to 2.8.168.192 and append the name of the RBL list you want to search which in this case would be sbl.spamhaus.org. So you then do an A record lookup on 2.8.168.192. sbl.spamhaus.org. If the record is listed in the RBL then the server will return back if not you will get a normal no record response. So putting this in a script was fairly easy I already had some code that did the IP address reversal so it was just a matter of appending the RBL name you wanted to lookup and then adding some code to process the response. One of the little cool things I like about Powershell is being able to easily change the text color of the text you’re returning in a command window using the –foregroudcolor parameter with write-host.

Going a little bit further is that usually you will use more then one RBL list on your server or possibly you want to search all active RBL’s like those services provided at sites such as http://www.dnsstuff.com/ and http://www.robtex.com/rbls.html . To do this I’ve added in some code that will read a list of RBL’s from a text file and then run though and test a certain IP addresss against each RBL in the file. You can seed the text file using any of the URL’s I previously method by just cutting and pasting the list they use into a normal text file.

The last bit of functionality I added to the script was the STMP telnet test from my other post. So what I did was add an option where you can put in a domain name you want to test and the script will then go out and find all the MX records for that domain and then test each one to see if it will accept email for that domain.

To use these three functions run the code as follows

To Do a RBL check for example of sbl.spamhaus.org on the ipaddress 192.168.1.56

C:\dnsutilv2.ps1 RBL 192.168.1.56 sbl.spamhaus.org

To do a multi RBL check on a list of RBL providers in a text file called rbllist.txt (see download for a example text file)

C:\dnsutilv2.ps1 MULTIRBL 192.168.1.56 c:\rbllist.txt

To do a SMTP telnet test on all MX records in a domain use

C:\dnsutilv2.ps1 SMTPTEST domainname.com

I’ve put a downloadable copy of the code here the code itself looks like.

param([String] $dnsqtype = $(throw "Please specify the DNS Query
Type"),[String] $IpParam = $(throw "Please specify the IPaddress"),[string] $RBLlist)

function readResponse {

while($stream.DataAvailable)
{
$read = $stream.Read($buffer, 0, 1024)
write-host -n -foregroundcolor cyan ($encoding.GetString($buffer, 0, $read))
""
}
}

function Smtptest([string] $remoteHost){

$port = 25
$socket = new-object System.Net.Sockets.TcpClient($remoteHost, $port)
if($socket -eq $null) { return; }

$stream = $socket.GetStream()
$writer = new-object System.IO.StreamWriter($stream)
$buffer = new-object System.Byte[] 1024
$encoding = new-object System.Text.AsciiEncoding
readResponse($stream)
$command = "HELO "+ $domain
write-host -foregroundcolor DarkGreen $command
""
$writer.WriteLine($command)
$writer.Flush()
start-sleep -m 500
readResponse($stream)
$command = "MAIL FROM: <smtpcheck@" + $IpParam + ">"
write-host -foregroundcolor DarkGreen $command
""
$writer.WriteLine($command)
$writer.Flush()
start-sleep -m 500
readResponse($stream)
$command = "RCPT TO: <postmaster@" + $IpParam + ">"
write-host -foregroundcolor DarkGreen $command
""
$writer.WriteLine($command)
$writer.Flush()
start-sleep -m 500
readResponse($stream)
$command = "QUIT"
write-host -foregroundcolor DarkGreen $command
""
$writer.WriteLine($command)
$writer.Flush()
start-sleep -m 500
readResponse($stream)
## Close the streams
$writer.Close()
$stream.Close()

}

function Compile-Csharp ([string] $code, [Array]$References) {

# Get an instance of the CSharp code provider
$cp = New-Object Microsoft.CSharp.CSharpCodeProvider

$refs = New-Object Collections.ArrayList
$refs.AddRange( @("${framework}System.dll",
#"${PsHome}\System.Management.Automation.dll",
#"${PsHome}\Microsoft.PowerShell.ConsoleHost.dll",
"${framework}System.Windows.Forms.dll",
"${framework}System.Data.dll",
"${framework}System.Drawing.dll",
"${framework}System.XML.dll"))
if ($References.Count -ge 1) {
$refs.AddRange($References)
}

# Build up a compiler params object...
$cpar = New-Object System.CodeDom.Compiler.CompilerParameters
$cpar.GenerateInMemory = $true
$cpar.GenerateExecutable = $false
$cpar.IncludeDebugInformation = $false
$cpar.CompilerOptions = "/target:library"
$cpar.ReferencedAssemblies.AddRange($refs)
$cr = $cp.CompileAssemblyFromSource($cpar, $code)

if ( $cr.Errors.Count) {
$codeLines = $code.Split("`n");
foreach ($ce in $cr.Errors) {
write-host "Error: $($codeLines[$($ce.Line - 1)])"
$ce | out-default
}
Throw "INVALID DATA: Errors encountered while compiling code"
}
}

$code = @'
namespace PAB.DnsUtils
{
using System;
using System.Collections;
using System.ComponentModel;
using System.Runtime.InteropServices;
public class Dns
{
public Dns()
{
}

[DllImport("Dnsapi", EntryPoint="DnsQuery_W", CharSet=CharSet.Unicode,
SetLastError=true, ExactSpelling=true)]
private static extern Int32 DnsQuery([MarshalAs(UnmanagedType.VBByRefStr)]ref
string sName, QueryTypes wType, QueryOptions options, UInt32 aipServers, ref
IntPtr ppQueryResults, UInt32 pReserved);
[DllImport("Dnsapi", CharSet=CharSet.Auto, SetLastError=true)]
private static extern void DnsRecordListFree(IntPtr pRecordList, int FreeType);


public enum ErrorReturnCode
{
DNS_ERROR_RCODE_NO_ERROR = 0,
DNS_ERROR_RCODE_FORMAT_ERROR = 9001,
DNS_ERROR_RCODE_SERVER_FAILURE = 9002,
DNS_ERROR_RCODE_NAME_ERROR = 9003,
DNS_ERROR_RCODE_NOT_IMPLEMENTED = 9004,
DNS_ERROR_RCODE_REFUSED = 9005,
DNS_ERROR_RCODE_YXDOMAIN = 9006,
DNS_ERROR_RCODE_YXRRSET = 9007,
DNS_ERROR_RCODE_NXRRSET = 9008,
DNS_ERROR_RCODE_NOTAUTH = 9009,
DNS_ERROR_RCODE_NOTZONE = 9010,
DNS_ERROR_RCODE_BADSIG = 9016,
DNS_ERROR_RCODE_BADKEY = 9017,
DNS_ERROR_RCODE_BADTIME = 9018
}

private enum QueryOptions
{
DNS_QUERY_ACCEPT_TRUNCATED_RESPONSE = 1,
DNS_QUERY_BYPASS_CACHE = 8,
DNS_QUERY_DONT_RESET_TTL_VALUES = 0x100000,
DNS_QUERY_NO_HOSTS_FILE = 0x40,
DNS_QUERY_NO_LOCAL_NAME = 0x20,
DNS_QUERY_NO_NETBT = 0x80,
DNS_QUERY_NO_RECURSION = 4,
DNS_QUERY_NO_WIRE_QUERY = 0x10,
DNS_QUERY_RESERVED = -16777216,
DNS_QUERY_RETURN_MESSAGE = 0x200,
DNS_QUERY_STANDARD = 0,
DNS_QUERY_TREAT_AS_FQDN = 0x1000,
DNS_QUERY_USE_TCP_ONLY = 2,
DNS_QUERY_WIRE_ONLY = 0x100
}

public enum QueryTypes
{
DNS_TYPE_A = 1,
DNS_TYPE_CNAME = 5,
DNS_TYPE_MX = 15,
DNS_TYPE_TEXT = 16,
DNS_TYPE_SRV = 33,
DNS_TYPE_PTR = 12

}

[StructLayout(LayoutKind.Explicit)]
private struct DnsRecord
{
[FieldOffset(0)]
public IntPtr pNext;
[FieldOffset(4)]
public string pName;
[FieldOffset(8)]
public short wType;
[FieldOffset(10)]
public short wDataLength;
[FieldOffset(12)]
public uint flags;
[FieldOffset(16)]
public uint dwTtl;
[FieldOffset(20)]
public uint dwReserved;

// below is a partial list of the unionized members for this struct

// for DNS_TYPE_A records
[FieldOffset(24)]
public uint a_IpAddress;

// for DNS_TYPE_ PTR, CNAME, NS, MB, MD, MF, MG, MR records
[FieldOffset(24)]
public IntPtr ptr_pNameHost;

// for DNS_TXT_ DATA, HINFO, ISDN, TXT, X25 records
[FieldOffset(24)]
public uint data_dwStringCount;
[FieldOffset(28)]
public IntPtr data_pStringArray;

// for DNS_TYPE_MX records
[FieldOffset(24)]
public IntPtr mx_pNameExchange;
[FieldOffset(28)]
public short mx_wPreference;
[FieldOffset(30)]
public short mx_Pad;

// for DNS_TYPE_SRV records
[FieldOffset(24)]
public IntPtr srv_pNameTarget;
[FieldOffset(28)]
public short srv_wPriority;
[FieldOffset(30)]
public short srv_wWeight;
[FieldOffset(32)]
public short srv_wPort;
[FieldOffset(34)]
public short srv_Pad;

}

public static string[] GetRecords(string domain, string dnsqtype)
{
IntPtr ptr1 = IntPtr.Zero ;
IntPtr ptr2 = IntPtr.Zero ;
DnsRecord rec;
Dns.QueryTypes qtype = QueryTypes.DNS_TYPE_PTR;
switch(dnsqtype){
case "MX":
qtype = QueryTypes.DNS_TYPE_MX;
break;
case "PTR":
qtype = QueryTypes.DNS_TYPE_PTR;
break;
case "SPF":
qtype = QueryTypes.DNS_TYPE_TEXT;
break;
case "A":
qtype = QueryTypes.DNS_TYPE_A;
break;
case "RBL":
qtype = QueryTypes.DNS_TYPE_A;
break;
case "MULTIRBL":
qtype = QueryTypes.DNS_TYPE_A;
break;
case "SMTPTEST":
qtype = QueryTypes.DNS_TYPE_MX;
break;

}

if(Environment.OSVersion.Platform != PlatformID.Win32NT)
{
throw new NotSupportedException();
}

ArrayList list1 = new ArrayList();
int num1 = DnsQuery(ref domain, qtype,
QueryOptions.DNS_QUERY_USE_TCP_ONLY|QueryOptions.DNS_QUERY_BYPASS_CACHE, 0, ref
ptr1, 0);
if (num1 != 0)
{
if (num1 == 9003)
{
String[] emErrormessage = new string[1];
emErrormessage.SetValue("No Record Found",0);
return emErrormessage;
}
else
{
String[] emErrormessage = new string[1];
emErrormessage.SetValue("Error During Query Error Number " + num1 , 0);
return emErrormessage;
}
}
for (ptr2 = ptr1; !ptr2.Equals(IntPtr.Zero); ptr2 = rec.pNext)
{
rec = (DnsRecord) Marshal.PtrToStructure(ptr2, typeof(DnsRecord));
if (rec.wType == (short)qtype)
{
string text1 = String.Empty;
switch(qtype)
{
case Dns.QueryTypes.DNS_TYPE_A:
System.Net.IPAddress ip = new System.Net.IPAddress(rec.a_IpAddress);
text1 = ip.ToString();
break;
case Dns.QueryTypes.DNS_TYPE_CNAME:
text1 = Marshal.PtrToStringAuto(rec.ptr_pNameHost);
break;
case Dns.QueryTypes.DNS_TYPE_MX:
text1 = Marshal.PtrToStringAuto(rec.mx_pNameExchange);
if (dnsqtype == "MX") {
string[] mxalookup =
PAB.DnsUtils.Dns.GetRecords(Marshal.PtrToStringAuto(rec.mx_pNameExchange), "A");
text1 = text1 + " : " + rec.mx_wPreference.ToString() + " : " ;
foreach (string st in mxalookup)
{
text1 = text1 + st.ToString() + " ";
}}
break;
case Dns.QueryTypes.DNS_TYPE_SRV:
text1 = Marshal.PtrToStringAuto(rec.srv_pNameTarget);
break;
case Dns.QueryTypes.DNS_TYPE_PTR:
text1 = Marshal.PtrToStringAuto(rec.ptr_pNameHost);
break;
case Dns.QueryTypes.DNS_TYPE_TEXT:
if (Marshal.PtrToStringAuto(rec.data_pStringArray).ToLower().IndexOf("v=spf") ==
0)
{
text1 = Marshal.PtrToStringAuto(rec.data_pStringArray);
}
break;
default:
continue;
}
list1.Add(text1);
}
}

DnsRecordListFree(ptr2, 0);
return (string[]) list1.ToArray(typeof(string));
}
}
}

'@
Compile-Csharp $code

switch ($dnsqtype.ToUpper()){
PTR {$ipIpaddressSplit = $IpParam.Split(".")
$revipaddress = $ipIpaddressSplit.GetValue(3) + "." +
$ipIpaddressSplit.GetValue(2) + "." + $ipIpaddressSplit.GetValue(1) + "." +
$ipIpaddressSplit.GetValue(0) + ".in-addr.arpa"
$qrQueryresults =
[PAB.DnsUtils.DNS]::GetRecords($revipaddress,$dnsqtype.ToUpper())
""
foreach ($qresult in $qrQueryresults) {
$qresult
}
""}
RBL {$ipIpaddressSplit = $IpParam.Split(".")
$revipaddress = $ipIpaddressSplit.GetValue(3) + "." +
$ipIpaddressSplit.GetValue(2) + "." + $ipIpaddressSplit.GetValue(1) + "." +
$ipIpaddressSplit.GetValue(0) + "." + $RBLlist
$qrQueryresults =
[PAB.DnsUtils.DNS]::GetRecords($revipaddress,$dnsqtype.ToUpper())
if ($dnsqtype.ToUpper() -eq "RBL"){
foreach ($qresult in $qrQueryresults) {
$qresultprn = $qresultprn + " " + $qresult}
if ($qresultprn -eq " No Record Found"){
write-host -foregroundcolor DarkGreen "Not Listed"
}
else{
write-host -foregroundcolor Red "Listed : " + $qresultprn
}

}

}
MULTIRBL {
""
$Rblprovders = Get-Content $RBLlist
Foreach ($rblprov in $Rblprovders){
$ipIpaddressSplit = $IpParam.Split(".")
$revipaddress = $ipIpaddressSplit.GetValue(3) + "." +
$ipIpaddressSplit.GetValue(2) + "." + $ipIpaddressSplit.GetValue(1) + "." +
$ipIpaddressSplit.GetValue(0) + "." + $rblprov
$qrQueryresults =
[PAB.DnsUtils.DNS]::GetRecords($revipaddress,$dnsqtype.ToUpper())
$qresultprn = ""
foreach ($qresult in $qrQueryresults) {
$qresultprn = $qresultprn + " " + $qresult
if ($qresultprn -eq " No Record Found"){
write-host -foregroundcolor DarkGreen $rblprov " : Not Listed"
}
else{
write-host -foregroundcolor Red $rblprov " : Listed : " $qresultprn
}
}
}
}
SMTPTEST {
$revipaddress = $IpParam
$qrQueryresults =
[PAB.DnsUtils.DNS]::GetRecords($revipaddress,$dnsqtype.ToUpper())
""
foreach ($qresult in $qrQueryresults) {
write-host "SMTP Test for Host " + $qresult
""
smtptest($qresult)
}
}

default {$revipaddress = $IpParam
$qrQueryresults =
[PAB.DnsUtils.DNS]::GetRecords($revipaddress,$dnsqtype.ToUpper())
""
foreach ($qresult in $qrQueryresults) {
$qresult
}
""
}
}

Doing a SMTP telnet test with a Powershell script

One of the array of diagnostic tests you may find yourself doing when you’re trying to fix a problem sending and receiving messages to a domain is to do a telnet on Port 25 to a mail server you maybe having a problem with and then trying to run though manually issuing the SMTP commands to send a message to this server so you can see what the responses are. A description of this process can be found in this KB there is also a great tool called SMTPDiag which will run this type of test and more. If you want to do the same thing from a Powershell script well your in luck because the .Net framework makes this process pretty easy. Lee Holmes posted this great script for replacing the missing Telnet on Vista. What I’ve done is rework this script so instead of being an interactive telnet script it’s a script that connects to port 25 on a mail server and then runs through issuing Mail FROM and RCPT TO commands and shows the responses back to the command-line. The script itself takes three command line parameters which are the DNS or IP of the server you want to test and a domainname for the domain you want to test to see if the server will receive email for and a domainname to test a send from( The script doesn’t actually send a message as it quits after the RCPT TO command). To run the script you need to use something like

C:\tnetsmtp.ps1 server.com.au recipeintdomain.com sendingdomain.com

(9/10/2006 Updated input parameters thanks to Hector)

I’ve put a downloadable copy of the code here the script itself looks like.

#param([String] $remoteHost =$(throw "Please specify the Target Server"),[String] $domain = $(throw "Please specify the #recipient Domain"),[String] $sendingdomain = $(throw "Please specify the Sending Domain"))

param([String] $remoteHost,[String] $domain, [String] $sendingdomain)


if ($remotehost -eq "" -or $domain -eq "" -or $sendingdomain -eq "") {"Please specify the Target Server, recipient domain and sending domain"
return; }


function readResponse {

while($stream.DataAvailable)
{
$read = $stream.Read($buffer, 0, 1024)
write-host -n -foregroundcolor cyan ($encoding.GetString($buffer, 0, $read))
""
}
}

$port = 25
$socket = new-object System.Net.Sockets.TcpClient($remoteHost, $port)
if($socket -eq $null) { return; }

$stream = $socket.GetStream()
$writer = new-object System.IO.StreamWriter($stream)
$buffer = new-object System.Byte[] 1024
$encoding = new-object System.Text.AsciiEncoding
readResponse($stream)
$command = "HELO "+ $domain
write-host -foregroundcolor DarkGreen $command
""
$writer.WriteLine($command)
$writer.Flush()
start-sleep -m 500
readResponse($stream)
$command = "MAIL FROM: "
write-host -foregroundcolor DarkGreen $command
""
$writer.WriteLine($command)
$writer.Flush()
start-sleep -m 500
readResponse($stream)
$command = "RCPT TO: "
write-host -foregroundcolor DarkGreen $command
""
$writer.WriteLine($command)
$writer.Flush()
start-sleep -m 500
readResponse($stream)
$command = "QUIT"
write-host -foregroundcolor DarkGreen $command
""
$writer.WriteLine($command)
$writer.Flush()
start-sleep -m 500
readResponse($stream)
## Close the streams
$writer.Close()
$stream.Close()

Thursday, September 14, 2006

Get a Quick Status of IMF perf counters with Powershell (Exchange 2003)

Sometimes a quick way to check how effective your IMF gateway SCL configuration is s to look at the IMF performance counters which tell you how many messages are being assigned certain SCL levels. This can also give you a little insight into how all those spammers are going about trying to crack the algorithms the IMF uses to determine the SCL of a message. To show the perfmon counters for IMF with powershell you can use the Win32_PerfRawData_MSExchangeUCF_MSExchangeIntelligentMessageFilter WMI class via the get-wmiobject cmdlet. The following is a very simple script that shows formatted in a table the number of message that have been received and assigned a specific SCL as well as the total number of message processed by the IMF and the total number that the Gateway action has been performed on. To run the script it takes on command line parameter which is the name of the server you wish to run it against eg

C:\imfperf.ps1 servername

I’ve put a downloadable copy of the code here the code itself looks like



param([String] $servername = $(throw "Please specify the Servername"))
$WmiNamespace = "ROOT\CIMV2"
$filter = "Name='_total'"
$Qresults = get-wmiobject -class Win32_PerfRawData_MSExchangeUCF_MSExchangeIntelligentMessageFilter -Namespace $WmiNamespace -ComputerName $servername -filter $filter
$format = @{Expression = {$_.TotalMessagesAssignedanSCLRatingof0};Label = "0"},@{Expression = {$_.TotalMessagesAssignedanSCLRatingof1};Label = "1"},@{Expression = {$_.TotalMessagesAssignedanSCLRatingof2};Label = "2"},
@{Expression = {$_.TotalMessagesAssignedanSCLRatingof3};Label = "3"},@{Expression = {$_.TotalMessagesAssignedanSCLRatingof4};Label = "4"},@{Expression = {$_.TotalMessagesAssignedanSCLRatingof5};Label = "5"},
@{Expression = {$_.TotalMessagesAssignedanSCLRatingof6};Label = "6"},@{Expression = {$_.TotalMessagesAssignedanSCLRatingof7};Label = "7"},@{Expression = {$_.TotalMessagesAssignedanSCLRatingof8};Label = "8"},
@{Expression = {$_.TotalMessagesAssignedanSCLRatingof9};Label = "9"},@{Expression = {$_.TotalUCEMessagesActedUpon};Label = "#Gate-Blk"},@{Expression = {$_.TotalMessagesScannedforUCE};Label = "Total"}
$Qresults | format-table $format

Wednesday, September 13, 2006

Showing the Path to a public folder based on the Email address

This was another one from the mailbag this week somebody asked if it was possible to display the path to a public folder based on the SMTP address. There are a few approaches you could take for this one method is to use ADSI and WMI to do this. On exchange 2003 the Exchange_PublicFolder WMI class can be used to display a lot of information about public folders on an Exchange server (such as folder path etc). But one thing that isn’t stored is the smtp email address assigned to that folder these are stored on the AD object for that folder stored in the Microsoft Exchange System Objects container. So if you want to find the path to a folder using the WMI Exchange_Public folder class from a SMTP address you first want to use ADSI to query the Proxyaddresses AD attribute to find the AD object for that public folder. Then you can use one of two attributes to find the folder using a WMI query the first attribute you could use is the legacyExchangeDN which should correspond to the TargetAddress property in WMI. The other property you could use is objectguid which after you transpose it correctly should match the adproxypath in WMI. The one I chose to use was the ADproxypath (for reasons that may or may not become clear later).

To run this script it takes 2 command line parameters the first is an Exchange servername which will be used to make the WMI query.(this should be an Exchange server where there is an instance of the public folder you are looking for). And the second is the SMTP address of the folder you are looking for. Eg cscript showfoldv1.vbs servername emailaddress@domain.com

I put a downloadable copy of the code here the script itself looks like


Email = "smtp:" & wscript.arguments(1)
ExchangeServer = wscript.arguments(0)
Set rootDSE = GetObject("LDAP://RootDSE")
domainContainer = rootDSE.Get("defaultNamingContext")
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADSDSOObject"
conn.Open "ADs Provider"
LDAPStr = "<LDAP://" & DomainContainer & ">;(&(objectCategory=publicfolder)(proxyAddresses="
& email & "));adspath,objectguid;subtree"
Set rs = conn.Execute(LDAPStr)
If rs.RecordCount = 1 Then
wscript.echo
FindPublicFolderWMI(transposeGuid(ConvertObjectGuidToString(rs.fields("objectguid"))))
End If

Function ConvertObjectGuidToString(ByVal arrRawObjectGUID)
Dim i, strByte
Dim arrObjectGUID(15)
For i = 1 To LenB(arrRawObjectGUID)
strByte = Hex(AscB(MidB(arrRawObjectGUID, i, 1)))
If Len(strByte) = 1 Then strByte = "0" & strByte
arrObjectGUID(i - 1) = strByte
Next
ConvertObjectGuidToString = Join(arrObjectGUID, "")
End Function

Function transposeGuid(guid)
transposeGuid = "{" & mid(guid,7,2) & mid(guid,5,2) & mid(guid,3,2) _
& mid(guid,1,2) & "-" & mid(guid,11,2) & mid(guid,9,2) _
& "-" & mid(guid,15,2) & mid(guid,13,2) & "-" & mid(guid,17,4) _
& "-" & mid(guid,21,12) & "}"
end function

Function FindPublicFolderWMI(AdproxyPath)

Const cWMINameSpace = "root/MicrosoftExchangeV2"
Const cWMIInstance = "Exchange_PublicFolder"
strWinMgmts = "winmgmts:{impersonationLevel=impersonate}!//"& _
ExchangeServer &"/"&cWMINameSpace
Set objWMIServices = GetObject(strWinMgmts)
Set objPubInstances = objWMIServices.ExecQuery ("Select * From
Exchange_PublicFolder Where adproxyPath='" & AdproxyPath & "'")
For Each objExchange_PublicFolder in objPubInstances
path = objExchange_PublicFolder.Path
Next
FindPublicFolderWMI = path
End function

Reporting on the number of Users, Contacts and Groups in a OU and sub OU’s

Somebody asked how to do this last week and I’ve had a few other question’s lately on reporting based on Sub Ou’s so I thought I’d put together a sample to show one method of doing this. The method I’ve used is to create a data-shape of all the objects with a Ou and its Sub Ou’s and then relate this information to an enumeration of the OU tree.

What this script does is takes the name of the OU where you want to start the query at as a command-line parameter. It then does an ADSI query to find the distinguished name of the first OU that matches the text entered. It then does 3 separate subtree queries of all the Users, contacts and group objects that are located under the root OU. To group the information that is returned this is where the ADO datashaping provider is used. The information is then stored temporary in a multi dimensional array and then used to finally build a HTM report called “c:\temp\report.htm” which has a table that shows the OU Name, Description, Path and the number of users, groups and contacts within each OU.

The script takes one command-line parameter which is the name of the OU you want to run it against eg to run the script “cscript.exe lobjectsv2.vbs OUname”. I’ve also created a provision to let the script be run against the entire Active Directory domain instead of just and OU branch to do this instead of using the name of the OU as a command-line parameter use rootdse as the command-line parameter eg “cscript lobjectsv2.vbs rootdse”

I’ve put a downloadable copy of the code here the script looks like


queryou = wscript.arguments(0)
report = "<table border=""1"" width=""100%"">" & vbcrlf
report = report & " <tr>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font color=""#FFFFFF"">OU
Name</font></b></td>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font color=""#FFFFFF"">OU
Description</font></b></td>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font color=""#FFFFFF"">OU
Path</font></b></td>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font color=""#FFFFFF"">#
Users</font></b></td>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font color=""#FFFFFF"">#
Contacts</font></b></td>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font color=""#FFFFFF"">#
Groups</font></b></td>" & vbcrlf
report = report & "</tr>" & vbcrlf
set conn = createobject("ADODB.Connection")
set com = createobject("ADODB.Command")
Set iAdRootDSE = GetObject("LDAP://RootDSE")
strNameingContext = iAdRootDSE.Get("defaultNamingContext")
Conn.Provider = "ADsDSOObject"
Conn.Open "ADs Provider"
ouQuery = "<LDAP://" & ou & strNameingContext & ">;(&(objectCategory=organizationalUnit)(ou="
& queryou & "));description,name,distinguishedName;subtree"
Com.ActiveConnection = Conn
Com.CommandText = ouQuery
Set ouRs = Com.Execute
if ouRs.recordcount = 0 and queryou <> "rootdse" Then
wscript.echo "Cant find Ou"
Else
If queryou = "rootdse" Then
ou = strNameingContext
Else
ou = ouRs.fields("distinguishedName")
End if
Wscript.echo "Users under " & ou
wscript.echo
uarray = ReportonOU("user")
Wscript.echo
Wscript.echo "Contacts under " & ou
wscript.echo
carray = ReportonOU("contact")
garray = ReportonOU("group")

For uic = LBound(uarray,3) To UBound(uarray,4)
report = report & "<tr>" & vbcrlf
report = report & "<td align=""center"">" & uarray(1,1,1,uic) & "&nbsp;</td>" &
vbcrlf
report = report & "<td align=""center"">" & uarray(1,1,0,uic) & "&nbsp;</td>" &
vbcrlf
report = report & "<td align=""center"">" & uarray(1,0,0,uic) & "&nbsp;</td>" &
vbcrlf
report = report & "<td align=""center"">" & uarray(0,0,0,uic) & "&nbsp;</td>" &
vbcrlf
report = report & "<td align=""center"">" & carray(0,0,0,uic) & "&nbsp;</td>" &
vbcrlf
report = report & "<td align=""center"">" & garray(0,0,0,uic) & "&nbsp;</td>" &
vbcrlf
report = report & "</tr>" & vbcrlf
Next
report = report & "</table>" & vbcrlf
Set fso = CreateObject("Scripting.FileSystemObject")
set wfile = fso.opentextfile("c:\temp\report.htm",2,true)
wfile.write report
wfile.close
set wfile = nothing
set fso = nothing
End If


function ReportonOU(objecttype)

set conn1 = createobject("ADODB.Connection")
strConnString = "Data Provider=NONE; Provider=MSDataShape"
conn1.Open strConnString
set objParentRS = createobject("adodb.recordset")
set objChildRS = createobject("adodb.recordset")
strSQL = "SHAPE APPEND" & _
" NEW adVarChar(255) AS SOADDisplayName, " & _
" NEW adVarChar(255) AS SOADDescription, " & _
" NEW adVarChar(255) AS SOADDN, " & _
" ((SHAPE APPEND " & _
" NEW adVarChar(255) AS MOADDisplayName, " & _
" NEW adVarChar(255) AS MOADDN " & ")" & _
" RELATE SOADDN TO MOADDN) AS rsSOMO "
objParentRS.LockType = 3
objParentRS.Open strSQL, conn1

adsiQuery = "<LDAP://" & ou &
">;(objectCategory=organizationalUnit);description,name,distinguishedName;subtree"
Com.ActiveConnection = Conn
Com.CommandText = adsiQuery
Set Rs = Com.Execute
While Not Rs.EOF
objParentRS.addnew
objParentRS("SOADDisplayName") = rs.fields("name")
If Not IsNull(rs.fields("description").value) then
For Each val In rs.fields("description").value
objParentRS("SOADDescription") = val
Next
Else
objParentRS("SOADDescription") = " "
End if
objParentRS("SOADDN") = LCase(rs.fields("distinguishedName"))
objParentRS.update
rs.movenext
Wend

If objecttype = "group" then
objQuery = "<LDAP://" & ou &
">;(&(mailnickname=*)(|(objectCategory=group)));description,name,cn,distinguishedName;subtree"
Else
objQuery = "<LDAP://" & ou &
">;(&(mailnickname=*)(|(&(objectCategory=person)(objectClass=" & objecttype &
"))));description,name,cn,distinguishedName;subtree"
End if
Com.ActiveConnection = Conn
Com.CommandText = objQuery
Set Rs1 = Com.Execute
Set objChildRS = objParentRS("rsSOMO").Value
While Not Rs1.EOF
objChildRS.addnew
objChildRS("MOADDisplayName") = rs1.fields("name")
objChildRS("MOADDN") = Replace(LCase(rs1.fields("distinguishedName")),"cn=" &
LCase(rs1.fields("cn")) & ",","")
objChildRS.update
rs1.movenext
Wend
anum = cInt(objParentRS.recordcount)
reDim objcntarray(1,1,1,anum)
i = 0
objParentRS.MoveFirst
Do While Not objParentRS.EOF
Set objChildRS = objParentRS("rsSOMO").Value
wscript.echo objParentRS("SOADDisplayName") & " - " &
objParentRS("SOADDescription") & " : "& objChildRS.recordCount
objcntarray(1,1,1,i) = objParentRS("SOADDisplayName")
objcntarray(1,1,0,i) = objParentRS("SOADDescription")
objcntarray(1,0,0,i) = objParentRS("SOADDN")
objcntarray(0,0,0,i) = objChildRS.recordCount
objParentRS.movenext
i = i + 1
Loop
ReportonOU = objcntarray
objParentRS.close
objChildRS.close
rs.close
rs1.close
Set objParentRS = Nothing
Set objChildRS = Nothing
set conn1 = Nothing
Set Rs1 = Nothing
Set rs = Nothing

End function

Thursday, September 07, 2006

Powershell DNS Utility script for querying MX, PTR and SPF records

One thing as an email administrator that I find myself doing a lot is using nslookup to track down various problems with receiving and sending email. Whether its using it to look up a MX record , or to see if someone has a reverse DNS entry or maybe look at a SPF record if I’m looking at a sender ID issue. Now while I like nslookup I do find this utility a little cumbersome and slow to use at times so I started looking into seeing if I could automate this a little with a script. Doing this from a script isn’t the easiest thing in the world Peter Bromberg and Bill Jamieson came up with a great C# class for doing DNS queries which I’ve adapted and modified to do the particular things that I wanted. Because this class uses some Win32 API functions I’ve used Jeffrey Snovers method from here to make use of these functions in Powershell.

So the code is a compilation of bits and pieces from the sources above with some of my own touches. I’ve added an extra A record lookup for each of the hostnames that are returned from the MX query. I’ve also added some routines into to lookup and display SPF records. As well as including other routines to format the IP address correctly to perform reverse lookups.

The script can basically do 4 types of queries it takes 2 command line parameters the first is the type of query (A,MX,PTR,SPF) and second is the IP or hostname an example of running it is



I’ve put a downloadable copy of the code here the code itself looks like.

param([String] $dnsqtype = $(throw "Please specify the DNS Query Type"),[String] $IpParam = $(throw "Please specify the IPaddress"))

function Compile-Csharp ([string] $code, [Array]$References) {

# Get an instance of the CSharp code provider
$cp = New-Object Microsoft.CSharp.CSharpCodeProvider

$refs = New-Object Collections.ArrayList
$refs.AddRange( @("${framework}System.dll",
"${PsHome}\System.Management.Automation.dll",
"${PsHome}\Microsoft.PowerShell.ConsoleHost.dll",
"${framework}System.Windows.Forms.dll",
"${framework}System.Data.dll",
"${framework}System.Drawing.dll",
"${framework}System.XML.dll"))
if ($References.Count -ge 1) {
$refs.AddRange($References)
}

# Build up a compiler params object...
$cpar = New-Object System.CodeDom.Compiler.CompilerParameters
$cpar.GenerateInMemory = $true
$cpar.GenerateExecutable = $false
$cpar.IncludeDebugInformation = $false
$cpar.CompilerOptions = "/target:library"
$cpar.ReferencedAssemblies.AddRange($refs)
$cr = $cp.CompileAssemblyFromSource($cpar, $code)

if ( $cr.Errors.Count) {
$codeLines = $code.Split("`n");
foreach ($ce in $cr.Errors) {
write-host "Error: $($codeLines[$($ce.Line - 1)])"
$ce | out-default
}
Throw "INVALID DATA: Errors encountered while compiling code"
}
}

$code = @'
namespace PAB.DnsUtils
{
using System;
using System.Collections;
using System.ComponentModel;
using System.Runtime.InteropServices;
public class Dns
{
public Dns()
{
}

[DllImport("Dnsapi", EntryPoint="DnsQuery_W", CharSet=CharSet.Unicode, SetLastError=true, ExactSpelling=true)]
private static extern Int32 DnsQuery([MarshalAs(UnmanagedType.VBByRefStr)]ref string sName, QueryTypes wType, QueryOptions options, UInt32 aipServers, ref IntPtr ppQueryResults, UInt32 pReserved);
[DllImport("Dnsapi", CharSet=CharSet.Auto, SetLastError=true)]
private static extern void DnsRecordListFree(IntPtr pRecordList, int FreeType);

public enum ErrorReturnCode
{
DNS_ERROR_RCODE_NO_ERROR = 0,
DNS_ERROR_RCODE_FORMAT_ERROR = 9001,
DNS_ERROR_RCODE_SERVER_FAILURE = 9002,
DNS_ERROR_RCODE_NAME_ERROR = 9003,
DNS_ERROR_RCODE_NOT_IMPLEMENTED = 9004,
DNS_ERROR_RCODE_REFUSED = 9005,
DNS_ERROR_RCODE_YXDOMAIN = 9006,
DNS_ERROR_RCODE_YXRRSET = 9007,
DNS_ERROR_RCODE_NXRRSET = 9008,
DNS_ERROR_RCODE_NOTAUTH = 9009,
DNS_ERROR_RCODE_NOTZONE = 9010,
DNS_ERROR_RCODE_BADSIG = 9016,
DNS_ERROR_RCODE_BADKEY = 9017,
DNS_ERROR_RCODE_BADTIME = 9018
}

private enum QueryOptions
{
DNS_QUERY_ACCEPT_TRUNCATED_RESPONSE = 1,
DNS_QUERY_BYPASS_CACHE = 8,
DNS_QUERY_DONT_RESET_TTL_VALUES = 0x100000,
DNS_QUERY_NO_HOSTS_FILE = 0x40,
DNS_QUERY_NO_LOCAL_NAME = 0x20,
DNS_QUERY_NO_NETBT = 0x80,
DNS_QUERY_NO_RECURSION = 4,
DNS_QUERY_NO_WIRE_QUERY = 0x10,
DNS_QUERY_RESERVED = -16777216,
DNS_QUERY_RETURN_MESSAGE = 0x200,
DNS_QUERY_STANDARD = 0,
DNS_QUERY_TREAT_AS_FQDN = 0x1000,
DNS_QUERY_USE_TCP_ONLY = 2,
DNS_QUERY_WIRE_ONLY = 0x100
}

public enum QueryTypes
{
DNS_TYPE_A = 1,
DNS_TYPE_CNAME = 5,
DNS_TYPE_MX = 15,
DNS_TYPE_TEXT = 16,
DNS_TYPE_SRV = 33,
DNS_TYPE_PTR = 12

}

[StructLayout(LayoutKind.Explicit)]
private struct DnsRecord
{
[FieldOffset(0)]
public IntPtr pNext;
[FieldOffset(4)]
public string pName;
[FieldOffset(8)]
public short wType;
[FieldOffset(10)]
public short wDataLength;
[FieldOffset(12)]
public uint flags;
[FieldOffset(16)]
public uint dwTtl;
[FieldOffset(20)]
public uint dwReserved;

// below is a partial list of the unionized members for this struct

// for DNS_TYPE_A records
[FieldOffset(24)]
public uint a_IpAddress;

// for DNS_TYPE_ PTR, CNAME, NS, MB, MD, MF, MG, MR records
[FieldOffset(24)]
public IntPtr ptr_pNameHost;

// for DNS_TXT_ DATA, HINFO, ISDN, TXT, X25 records
[FieldOffset(24)]
public uint data_dwStringCount;
[FieldOffset(28)]
public IntPtr data_pStringArray;

// for DNS_TYPE_MX records
[FieldOffset(24)]
public IntPtr mx_pNameExchange;
[FieldOffset(28)]
public short mx_wPreference;
[FieldOffset(30)]
public short mx_Pad;

// for DNS_TYPE_SRV records
[FieldOffset(24)]
public IntPtr srv_pNameTarget;
[FieldOffset(28)]
public short srv_wPriority;
[FieldOffset(30)]
public short srv_wWeight;
[FieldOffset(32)]
public short srv_wPort;
[FieldOffset(34)]
public short srv_Pad;

}

public static string[] GetRecords(string domain, string dnsqtype)
{
IntPtr ptr1 = IntPtr.Zero ;
IntPtr ptr2 = IntPtr.Zero ;
DnsRecord rec;
Dns.QueryTypes qtype = QueryTypes.DNS_TYPE_PTR;
switch(dnsqtype){
case "MX":
qtype = QueryTypes.DNS_TYPE_MX;
break;
case "PTR":
qtype = QueryTypes.DNS_TYPE_PTR;
break;
case "SPF":
qtype = QueryTypes.DNS_TYPE_TEXT;
break;
case "A":
qtype = QueryTypes.DNS_TYPE_A;
break;
}

if(Environment.OSVersion.Platform != PlatformID.Win32NT)
{
throw new NotSupportedException();
}

ArrayList list1 = new ArrayList();
int num1 = DnsQuery(ref domain, qtype, QueryOptions.DNS_QUERY_USE_TCP_ONLY|QueryOptions.DNS_QUERY_BYPASS_CACHE, 0, ref ptr1, 0);
if (num1 != 0)
{
if (num1 == 9003)
{
String[] emErrormessage = new string[1];
emErrormessage.SetValue("No Record Found",0);
return emErrormessage;
}
else
{
String[] emErrormessage = new string[1];
emErrormessage.SetValue("Error During Query Error Number " + num1 , 0);
return emErrormessage;
}
}
for (ptr2 = ptr1; !ptr2.Equals(IntPtr.Zero); ptr2 = rec.pNext)
{
rec = (DnsRecord) Marshal.PtrToStructure(ptr2, typeof(DnsRecord));
if (rec.wType == (short)qtype)
{
string text1 = String.Empty;
switch(qtype)
{
case Dns.QueryTypes.DNS_TYPE_A:
System.Net.IPAddress ip = new System.Net.IPAddress(rec.a_IpAddress);
text1 = ip.ToString();
break;
case Dns.QueryTypes.DNS_TYPE_CNAME:
text1 = Marshal.PtrToStringAuto(rec.ptr_pNameHost);
break;
case Dns.QueryTypes.DNS_TYPE_MX:
text1 = Marshal.PtrToStringAuto(rec.mx_pNameExchange);
string[] mxalookup = PAB.DnsUtils.Dns.GetRecords(Marshal.PtrToStringAuto(rec.mx_pNameExchange), "A");
text1 = text1 + " : " + rec.mx_wPreference.ToString() + " : " ;
foreach (string st in mxalookup)
{
text1 = text1 + st.ToString() + " ";
}

break;
case Dns.QueryTypes.DNS_TYPE_SRV:
text1 = Marshal.PtrToStringAuto(rec.srv_pNameTarget);
break;
case Dns.QueryTypes.DNS_TYPE_PTR:
text1 = Marshal.PtrToStringAuto(rec.ptr_pNameHost);
break;
case Dns.QueryTypes.DNS_TYPE_TEXT:
if (Marshal.PtrToStringAuto(rec.data_pStringArray).ToLower().IndexOf("v=spf") == 0)
{
text1 = Marshal.PtrToStringAuto(rec.data_pStringArray);
}
break;
default:
continue;
}
list1.Add(text1);
}
}

DnsRecordListFree(ptr2, 0);
return (string[]) list1.ToArray(typeof(string));
}
}
}

'@
if ($dnsqtype.ToUpper() -eq "PTR"){
$ipIpaddressSplit = $IpParam.Split(".")
if ($ipIpaddressSplit.length -eq 4){
$revipaddress = $ipIpaddressSplit.GetValue(3) + "." + $ipIpaddressSplit.GetValue(2) + "." + $ipIpaddressSplit.GetValue(1) + "." + $ipIpaddressSplit.GetValue(0) + ".in-addr.arpa"}
else
{"Error in IPaddress Format"
}
}
else {
$revipaddress = $IpParam
}
Compile-Csharp $code
$qrQueryresults = [PAB.DnsUtils.DNS]::GetRecords($revipaddress,$dnsqtype.ToUpper())
""
foreach ($qresult in $qrQueryresults) {
$qresult
}
""