Howard Enos
8d975c1b44
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:
Clients (structured MSP docs under clients/<name>/docs/):
- anaise (NEW) - 13 files
- cascades-tucson - 47 files merged (existing had only reports/)
- dataforth - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa (NEW) - 22 files, multi-site (camden, river)
- kittle (NEW) - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template - 13-file scaffold for new clients
MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/ - clean_printer_ports, win11_upgrade,
screenconnect-toolbox-commands
Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
no other credentials found
Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
(identical duplicates of msp-audit-scripts versions)
Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)
Session log: session-logs/2026-04-16-howard-client-docs-import.md
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
124 lines
4.7 KiB
PowerShell
124 lines
4.7 KiB
PowerShell
#Requires -RunAsAdministrator
|
|
<#
|
|
.SYNOPSIS
|
|
Phase 2.1: DNS cleanup on CS-SERVER.
|
|
.DESCRIPTION
|
|
Removes stale DNS records, fixes DomainDnsZones/ForestDnsZones,
|
|
enables scavenging, and creates reverse lookup zones.
|
|
Run on CS-SERVER via ScreenConnect.
|
|
#>
|
|
|
|
Import-Module DnsServer -ErrorAction Stop
|
|
Import-Module ActiveDirectory -ErrorAction Stop
|
|
|
|
$Zone = "cascades.local"
|
|
|
|
Write-Host "=== Phase 2.1: DNS Cleanup ===" -ForegroundColor Cyan
|
|
Write-Host ""
|
|
|
|
# --- Remove stale A records ---
|
|
Write-Host "--- Removing stale A records ---" -ForegroundColor Yellow
|
|
|
|
$staleRecords = @(
|
|
@{ Name = "@"; IP = "192.168.0.5" }
|
|
@{ Name = "@"; IP = "192.168.2.59" }
|
|
@{ Name = "CRYSTAL-PC"; IP = "192.168.5.115" }
|
|
@{ Name = "CS-QB"; IP = "192.168.5.29" }
|
|
@{ Name = "DESKTOP-1ISF081"; IP = "192.168.5.30" }
|
|
@{ Name = "DomainDnsZones"; IP = "192.168.0.5" }
|
|
@{ Name = "DomainDnsZones"; IP = "192.168.2.59" }
|
|
@{ Name = "ForestDnsZones"; IP = "192.168.0.5" }
|
|
@{ Name = "ForestDnsZones"; IP = "192.168.2.59" }
|
|
)
|
|
|
|
foreach ($rec in $staleRecords) {
|
|
try {
|
|
Remove-DnsServerResourceRecord -ZoneName $Zone -RRType "A" -Name $rec.Name -RecordData $rec.IP -Force -ErrorAction Stop
|
|
Write-Host " [OK] Removed $($rec.Name) -> $($rec.IP)" -ForegroundColor Green
|
|
}
|
|
catch {
|
|
Write-Host " [SKIP] $($rec.Name) -> $($rec.IP) not found or already removed" -ForegroundColor DarkGray
|
|
}
|
|
}
|
|
|
|
# --- Fix DomainDnsZones/ForestDnsZones ---
|
|
Write-Host "`n--- Fixing DomainDnsZones/ForestDnsZones ---" -ForegroundColor Yellow
|
|
|
|
try {
|
|
Add-DnsServerResourceRecordA -ZoneName $Zone -Name "DomainDnsZones" -IPv4Address "192.168.2.254" -ErrorAction Stop
|
|
Write-Host " [OK] Added DomainDnsZones -> 192.168.2.254" -ForegroundColor Green
|
|
}
|
|
catch {
|
|
Write-Host " [SKIP] DomainDnsZones -> 192.168.2.254 already exists" -ForegroundColor DarkGray
|
|
}
|
|
|
|
try {
|
|
Add-DnsServerResourceRecordA -ZoneName $Zone -Name "ForestDnsZones" -IPv4Address "192.168.2.254" -ErrorAction Stop
|
|
Write-Host " [OK] Added ForestDnsZones -> 192.168.2.254" -ForegroundColor Green
|
|
}
|
|
catch {
|
|
Write-Host " [SKIP] ForestDnsZones -> 192.168.2.254 already exists" -ForegroundColor DarkGray
|
|
}
|
|
|
|
# --- Enable scavenging ---
|
|
Write-Host "`n--- Enabling DNS Scavenging ---" -ForegroundColor Yellow
|
|
|
|
try {
|
|
Set-DnsServerScavenging -ScavengingState $true -ScavengingInterval 7.00:00:00 -ErrorAction Stop
|
|
Write-Host " [OK] Server-level scavenging enabled (7-day interval)" -ForegroundColor Green
|
|
}
|
|
catch {
|
|
Write-Host " [ERROR] Failed to enable scavenging: $_" -ForegroundColor Red
|
|
}
|
|
|
|
try {
|
|
Set-DnsServerZoneAging -Name $Zone -Aging $true -ErrorAction Stop
|
|
Write-Host " [OK] Zone aging enabled on $Zone" -ForegroundColor Green
|
|
}
|
|
catch {
|
|
Write-Host " [ERROR] Failed to enable zone aging: $_" -ForegroundColor Red
|
|
}
|
|
|
|
# --- Create reverse lookup zones ---
|
|
Write-Host "`n--- Creating Reverse Lookup Zones ---" -ForegroundColor Yellow
|
|
|
|
# 192.168.0.0/22 - covers 192.168.0.x through 192.168.3.x
|
|
# /22 means we need individual /24 reverse zones for each subnet
|
|
$reverseSubnets = @("192.168.0.0/24", "192.168.1.0/24", "192.168.2.0/24", "192.168.3.0/24")
|
|
foreach ($subnet in $reverseSubnets) {
|
|
try {
|
|
Add-DnsServerPrimaryZone -NetworkId $subnet -ReplicationScope "Domain" -DynamicUpdate "Secure" -ErrorAction Stop
|
|
Write-Host " [OK] Created reverse zone for $subnet" -ForegroundColor Green
|
|
}
|
|
catch {
|
|
Write-Host " [SKIP] Reverse zone for $subnet already exists or failed: $_" -ForegroundColor DarkGray
|
|
}
|
|
}
|
|
|
|
# 10.0.20.0/24 - INTERNAL VLAN
|
|
try {
|
|
Add-DnsServerPrimaryZone -NetworkId "10.0.20.0/24" -ReplicationScope "Domain" -DynamicUpdate "Secure" -ErrorAction Stop
|
|
Write-Host " [OK] Created reverse zone for 10.0.20.0/24" -ForegroundColor Green
|
|
}
|
|
catch {
|
|
Write-Host " [SKIP] Reverse zone for 10.0.20.0/24 already exists or failed: $_" -ForegroundColor DarkGray
|
|
}
|
|
|
|
# --- Verify ---
|
|
Write-Host "`n--- Verification ---" -ForegroundColor Yellow
|
|
|
|
Write-Host "`nCurrent A records for zone root:" -ForegroundColor Cyan
|
|
Get-DnsServerResourceRecord -ZoneName $Zone -Name "@" -RRType "A" | Format-Table -AutoSize
|
|
|
|
Write-Host "DomainDnsZones records:" -ForegroundColor Cyan
|
|
Get-DnsServerResourceRecord -ZoneName $Zone -Name "DomainDnsZones" -RRType "A" | Format-Table -AutoSize
|
|
|
|
Write-Host "ForestDnsZones records:" -ForegroundColor Cyan
|
|
Get-DnsServerResourceRecord -ZoneName $Zone -Name "ForestDnsZones" -RRType "A" | Format-Table -AutoSize
|
|
|
|
Write-Host "Reverse lookup zones:" -ForegroundColor Cyan
|
|
Get-DnsServerZone | Where-Object { $_.IsReverseLookupZone } | Format-Table ZoneName, ZoneType, DynamicUpdate -AutoSize
|
|
|
|
Write-Host "`n=== DNS Cleanup Complete ===" -ForegroundColor Cyan
|
|
Write-Host "Next: Run phase2-ad-setup.ps1" -ForegroundColor Green
|