Search This Blog

Tuesday, August 18, 2015

Finding a DNS Zone Creation Date

Not SCOM related, but this is pretty much the only place I dump things I need to remember, and maybe you'll find it useful.

Was in my Windows Server DNS console this morning and I noticed some odd domains listed. I don't remember seeing them before and wanted to see when they were created, to make sure folks weren't randomly adding new zones.

  • Fire up adsiedit.msc on a domain controller.
  • Choose Connect to
  • Under Connection Point, choose Select or type a Distinguished Name or Naming Context
  • Enter DC=DomainDnsZones,DC=<second level DNS>,DC=<top level DNS>
    • E.G. dc=DomainDnsZones,DC=contoso,DC=corp
  • Next, select CN=MicrosoftDNS
  • In the right hand pane, look for the zone in question, reverse or forward
  • Right-click on the folder and select Properties
  • Browse to the whenCreated properties to find out when the zone was added to the system


  1. This comment has been removed by the author.

  2. If someone created and empty zone it's hidden and can't be retrieved from ADSIedit. The solution is a PowerShell command. In below example "" is your DNS zone.

    get-adobject ((Get-DnsServerZone -Name -Properties *