Get-DnssecStatusForVerifiedDomain
This cmdlet is available only in the cloud-based service.
Use the Get-DnssecStatusForVerifiedDomain cmdlet to view information about Domain Name System Security (DNSSEC) for accepted domains in Exchange Online.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.
Syntax
Get-DnssecStatusForVerifiedDomain
[-DomainName] <String>
[-Confirm]
[-SkipDnsValidation]
[-SkipMtaStsValidation]
[-SkipMxValidation]
[-WhatIf]
[<CommonParameters>]
Description
For more information about debugging, enabling, and disabling SMTP DANE with DNSSEC, see How SMTP DANE works.
You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet.
Examples
Example 1
PS C:\> Get-DnssecStatusForVerifiedDomain -DomainName contoso.com
DnssecFeatureStatus : Enabled
ExpectedMxRecord : Microsoft.Exchange.Management.ProvisioningTasks.ExpectedMxRecordInfo
Errors : {}
Warnings : {}
DnsValidation : Microsoft.Exchange.Management.ProvisioningTasks.DnsValidationResult
MxValidation : Microsoft.Exchange.Management.ProvisioningTasks.MxValidationResult
MtaStsValidation : Microsoft.Exchange.Management.ProvisioningTasks.MtaStsValidationResult
This example shows the basic output of the cmdlet for the domain contoso.com.
Example 2
PS C:\> $result = Get-DnssecStatusForVerifiedDomain -DomainName contoso.com; $result; "DNSSEC feature"; $result.DnssecFeatureStatus; "DNSSEC validation"; $result.DnsValidation; "Expected MX record: [$($result.ExpectedMxRecord.Record)]"; "", "MX validation"; $result.MxValidation; "MTA-STS validation"; $result.MtaStsValidation
DnssecFeatureStatus : Enabled
ExpectedMxRecord : Microsoft.Exchange.Management.ProvisioningTasks.ExpectedMxRecordInfo
Errors : {}
Warnings : {}
DnsValidation : Microsoft.Exchange.Management.ProvisioningTasks.DnsValidationResult
MxValidation : Microsoft.Exchange.Management.ProvisioningTasks.MxValidationResult
MtaStsValidation : Microsoft.Exchange.Management.ProvisioningTasks.MtaStsValidationResult
DNSSEC feature
Value : Enabled
DNSSEC validation
DnssecSupport : Valid
Errors : {}
Warnings : {}
Expected MX record: [@ 60 IN MX 10 contoso-com.e-v1.mx.microsoft]
MX validation
Status : Valid
ActualMxRecords : {@ 60 IN MX 10 contoso-com.e-v1.mx.microsoft}
Errors : {}
Warnings : {}
MTA-STS validation
Status : Valid
MtaStsAvailable : False
MtaStsMode : Unavailable
Errors : {}
Warnings : {}
This example contains the output from Example 1 and readable values for the DnsValidation, MxValidation, and MtaStsValidation properties. This command confirms the following information:
- The DNSSEC-secured MX record is present in the domain.
- The priority of the MX record is 10.
- The MTA-STS Policy contains the DNSSEC-secured mail host (if MTA-STS present).
Parameters
-Confirm
This parameter is reserved for internal Microsoft use.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online |
-DomainName
The DomainName parameter specifies the accepted domain in the Exchange Online organization where you want to view information about DNSSEC (for example, contoso.com).
Type: | String |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online |
-SkipDnsValidation
The SkipDnsValidation switch specifies whether to skip the check for the DNSSEC-secured MX record in the domain. You don't need to specify a value with this switch.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online |
-SkipMtaStsValidation
The SkipMtaStsValidation switch specifies whether to skip the check for the DNSSEC-secured mail host in the MTA-STS Policy. You don't need to specify a value with this switch.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online |
-SkipMxValidation
The SkipMxValidation switch specifies whether to skip the check for the priority value 10 in the DNSSEC-secured MX record. You don't need to specify a value with this switch.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online |
-WhatIf
This parameter is reserved for internal Microsoft use.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online |