Mailbag: Problem of the week: DNS Aging and Scavenging (getting the DNS record timestamp) with new Windows Server 2012 DNS cmdlets



AskPFEPlat is in the process of a transformation to the new Core Infrastructure and Security TechCommunity, and will be moving by the end of March 2019 to our new home at (hosted at Please bear with us while we are still under construction!

We will continue bringing you the same great content, from the same great contributors, on our new platform. Until then, you can access our new content on either as you do today, or at our new site Please feel free to update your bookmarks accordingly!

Why are we doing this? Simple really; we are looking to expand our team internally in order to provide you even more great content, as well as take on a more proactive role in the future with our readers (more to come on that later)! Since our team encompasses many more roles than Premier Field Engineers these days, we felt it was also time we reflected that initial expansion.

If you have never visited the TechCommunity site, it can be found at On the TechCommunity site, you will find numerous technical communities across many topics, which include discussion areas, along with blog content.

NOTE: In addition to the AskPFEPlat-to-Core Infrastructure and Security transformation, Premier Field Engineers from all technology areas will be working together to expand the TechCommunity site even further, joining together in the technology agnostic Premier Field Engineering TechCommunity (along with Core Infrastructure and Security), which can be found at!

As always, thank you for continuing to read the Core Infrastructure and Security (AskPFEPlat) blog, and we look forward to providing you more great content well into the future!


Greg here with a quick post where the new DNS PowerShell cmdlets in AD made a task much easier.


Many of our customers use Microsoft DNS and a feature of Microsoft DNS is the ability to remove stale records. By default this feature is disabled and some people never enable it, and others disable it believing it has deleted something it should not. Then years later they find they have 1000s of stale records and want to clean up this situation. The problem with our traditional cmd line tool DNSCMD is that it does not output the timestamp in a friendly readable format. There are other blog posts out there with scripts that sometimes work and sometimes we go onsite to help. Now we have a PowerShell cmdlet that will easily get this information for you. You do not need a Windows Server 2012 DC or DNS server you just need a Windows 8 or Windows Server 2012 machine with the new DNS cmdlets.



That one liner will output all of the A records from a zone called demo.local and give us a file we can easily put in Excel to review these records.

This does not look pretty in a blog post so I have attached the file if you are interested in the output.



If you are not familiar with DNS aging and scavenging we have plenty of documentation around this.

Windows Server 2012 DNS PowerShell cmdlets