PowerShell :: Mange Best Practice Analyzer

I use the Best Practice Analyzer (BPA) as a quick overview on status and compliance.

However, some “Errors” are really false positives, which just bugs me a lot.

In this post I’ll dig into the ‘false’ DNS error, where it complains about using “loopback” as first entry.


Get-BpaModel in PowerShell

Lets start by finding the ModelID of the BPA which we need to look into

Get-BpaModel | select Name,ID | ft
Microsoft DNS Server Configuration Analysis    Model Microsoft/Windows/DNSServer



Ok, so armed with the above knowledge I went to Invoke-BpaModel with the ID like so:
Invoke-BpaModel -ModelId Microsoft/Windows/DNSServer


It didn’t go exactly as I had hoped, as we got about no usefull information, or did we? We did run a BPA scan on the DNSServer, so we just have to go to next step:


By using Get-BpaResult we can get the information from the Invoke-BpaModel we just ran.

At first I just ran this to get information

Get-BpaResult -ModelId Microsoft/Windows/DNSServer

..but several pages later and a lot of results with the Severity of Information and I figured I had to sort it some by filtering out any Information results.

Get-BpaResult -ModelId Microsoft/Windows/DNSServer | where {$_.Severity -ne "Information"}


As you can see if you click the above image, it returned 2 results. One with Severity Error and one with Warning.

About the Error and Warnings:

The two results are complaining about the same thing and it is badly formulated. It says I need loopback to be specified in my Network adapter but not as first one. When we say loopback we normally Refer to “”, but this badly worded warning means any IP referring to our Server. So, whats up with that? It stems from a best practice to have at least 2 DNS servers where the first DNS entry on each server, shoul point to the other one and the second entry to itself.

Anyway. I can’t comply with this best practice, as I only have this one DNS in this environment, and I don’t want to look at these errors anymore.

Excluding results.

As it turns out I cant exclude a single result using PowerShell, so I have to use the BPA GUI for the first step


What I can do though, is exclude all results with severity of Information by issuing the following command

Get-BPAResult -ModelId Microsoft/Windows/DNSServer | Where { $_.Severity -eq "Information"} | Set-BPAResult -Exclude $true
But why would I want to do that you might ask?

I would like to do it because the many informations were covering up an important warning farthest Down, but for some reason it wont Work.


Source: http://technet.microsoft.com/en-us/library/hh831400.aspx#BKMK_formats

Posted in Best Practice, Powershell, Server 2012, Troubleshooting

Leave a Reply