My notes, things I have learned, and documentation I have created.

While we are on the subject of flushing DNS cache, here is how you do it in MacOS.

dscacheutil -flushcache

I have run into this issue a few times, and decided that I needed to document this since I keep forgetting the procedure. I have had a situation where I have checked and double check my DNS modifications and no matter what I do the changes do not seem to have taken effect on some Windows clients. Well, it turns, as it usually does, that it just takes a simple command to resolve the name properly:

ipconfig /flushdns

I know this works on Windows 7, Windows 2003, and Windows 2008.

Another useful option if registerdns. If you change the IP address of a server and need it to update in your Windows DNS use:

ipconfig /registerdns

If pinging from a Windows client, you may need to flush your client DNS cache to recognize the address change.

I needed an easy way to “Allow access” under “Network Access Permission” in the “Dial-in” tab of the “Active Directory Users and Computers” console for several users in a Windows 2003/2008 ADS environment.

At first, I approached this task from a scripting angle. I developed a VBscript that would worked in my test environments, but not in production. I am still not sure why, but I have not had to time to look into it further. I suspect it has to do with some policy restrictions or permissions. I know the script was working, because I could see that the “msNAPllowDialin” ADS attribute was being modified. However, when I opened up “Active Directory Users and Computers,” the change was not reflected. Also, I was still not able to use our VPN that requires the attribute be enabled.

Being short on time, I looked for a powershell command, or some other command line solution. It was then that I rediscovered the netsh command. I had used this command in the past, but did not document anything about it. I want to get something posted on it, because it is a tremendously powerful command and one that every seasoned Windows administrator should know about. In my case, this command helped solve my issue quickly. I used the following command syntax to choose “Allow access” on the “Network Access Permission” radio button:

netsh RAS set user name=username dialin=PERMIT

The netsh command has many options. Among them, I found that looked pretty interesting (netsh dump). It creates a script of your current settings. There is another option, netsh exec, that you can use to execute a netsh script like the the “netsh dump” creates. These could be incredible useful. There are several other options. You can find help and syntax for all the options by entering a “?” when you need more information. For example, “netsh ?” or “netsh set ?”, etc. You can add to question mark to any level to find more information. Very useful command. I wish I had written down what I used it for before.