Check and change DNS on all the servers in the domain

Posted by robd on February 19, 2020
DNS, powershell / 1 Comment

Here’s a brilliant PowerShell scipt to check what the DNS servers are set as accross the domain then change it:


$allservers = @()
$domainpcs = Get-ADComputer -Filter * -Properties operatingsystem | where {$_.operatingsystem -like "*Server*"} | sort name
foreach ($pc in $domainpcs)
    if (Test-Connection $pc.DNSHostName -Quiet)
        $thisserver = $null
        $DNSsettings = $null

        $DNSsettings = Get-DnsClientServerAddress -CimSession $pc.DNSHostName | where {($_.AddressFamily -eq 2) -and ($_.InterfaceAlias -notlike "Loopback*") -and ($_.InterfaceAlias -notlike "isatap*") -and ($_.ServerAddresses -ne $null)} | select @{n='DNSServers';e={$_ | select -ExpandProperty serveraddresses}},InterfaceIndex
        $thisserver =  New-Object psobject -Property @{
                       Servername = $pc.Name
                       interfaceindex = $DNSsettings.interfaceindex[0]
                       DNSsetting1 = $DNSsettings.dnsservers[0]
                       DNSsetting2 = $DNSsettings.dnsservers[1]
                       DNSsetting3 = $DNSsettings.dnsservers[2]

        $allservers += $thisserver

foreach ($server in $allservers)


        $newdns1 = $null
        $newdns2 = $null
        $newdns3 = $null

        $needchange = $false

        write-host $server.Servername -ForegroundColor Green

       $newdns1 = $server.dnssetting1
        $newdns2 = $server.dnssetting2
        $newdns3 = $server.dnssetting3

       write-host $newdns1 -ForegroundColor Red
       write-host $newdns2 -ForegroundColor Red
       write-host $newdns3 -ForegroundColor Red


       Switch ($server.DNSsetting1)
           "" {$newdns1 = "";$needchange =$true}
           "" {$newdns1 = "";$needchange =$true}
           "" {$newdns1 = "";$needchange =$true}

       Switch ($server.dnssetting2)
           "" {$newdns2 = "";$needchange =$true}
           "" {$newdns2 = "";$needchange =$true}
           "" {$newdns2 = "";$needchange =$true}

       Switch ($server.dnssetting3)
           "" {$newdns3 = "";$needchange =$true}
           "" {$newdns3 = "";$needchange =$true}
           "" {$newdns3 = "";$needchange =$true}

       write-host $newdns1 -ForegroundColor Cyan
       write-host $newdns2 -ForegroundColor Cyan
       write-host $newdns3 -ForegroundColor Cyan

       if ($needchange)
           Set-DnsClientServerAddress -cimsession $server.servername -InterfaceIndex $server.interfaceindex -ServerAddresses ($newdns1,$newdns2,$newdns3)  -whatif


Tags: ,

Check DNS accross all your Domain Controllers

Posted by robd on November 22, 2019
Active Directory, DNS, powershell / 1 Comment

Handy bit of PowerShell my bestest ever friend wrote to check DNS accross domain controllers:


#do dns servers agree for dns
$results = $null
$results = @()
$DNSServers = Get-ADDomainController -Filter * 
$hostname = Read-Host('enter dns record to check')
foreach ($DNSServer in $DNSServers)
    $dnsrecord = Resolve-DnsName -Name $hostname -Server $DNSServer.HostName -Type A
    $result = New-Object psobject -Property @{
    dnsserver = $DNSServer.Name
    hostname = $dnsrecord.name
    IPAddress = $dnsrecord.ipaddress
    $results += $result

$results | select hostname,ipaddress,dnsserver | sort ipaddress


Tags: ,

Change the DNS from a list of Servers

Posted by robd on October 27, 2016
powershell / No Comments

Change the DNS from a list of servers:

#Change DNS for a list of servers

#Get the admin permissions
$LoginPassword = Get-Credential

#Get the list of computers from a text file
$computer = get-content C:\temp\servers.txt

#Get the DNS IP's using the get-wmiobject (using wmi as some servers dont have powershell installed) 
$NICs = Get-WMIObject Win32_NetworkAdapterConfiguration -computername $computer -Credential $LoginPassword |where{$_.IPEnabled -eq “TRUE”}

# for each server list the current setting
Foreach($NIC in $NICs) {
   Write-Host "DNS Servers before  change:"

   #Change the settings to this
   $DNSServers = "",""

   #After Change - Not tested
   Write-Host "DNS Servers after Change:"

Tags: ,

Get the DNS Addresses from a list of Servers

Posted by robd on October 27, 2016
powershell / No Comments

As per the title, find the DNS addresses from a text list of servers:

#Get the DNS for a List of Servers

#Get the admin permissions
$LoginPassword = Get-Credential

#Get the list of computers from a text file
$computer = get-content C:\temp\servers.txt

#Get the DNS IP's using the get-wmiobject (using wmi as some servers dont have powershell installed) 
$NICs = Get-WMIObject Win32_NetworkAdapterConfiguration -computername $computer -Credential $LoginPassword |where{$_.IPEnabled -eq “TRUE”}

# for each server list the current setting
Foreach($NIC in $NICs) {
   Write-Host "DNS Servers:"

Tags: ,

DNS for a subdomain

Posted by robd on May 08, 2014
DNS / No Comments

Hi All,

My company uses a sub domain for a satellite office, all works fine and replication takes places etc etc.

The problem I had was with DNS.  I’m based in Contoso.local and I cannot ping any device the sub-domain Sub.contoso.local without fully qualifying the domain.

For example if I ping a server1 on the subdomain using

"Ping Server1"

DNS cannot route the command where as if I type

"Ping Server1.sub.contose.local"

it works fine.

I’ve checked DNS on Contoso.local and there are conditional forwarders to Sub.contoso.local:


So how can I get around this??  The answer is to add a DNS Suffix locally or to all the domain devices via group policy:

Group policy:

Computer Policy > Policies > Administrative Templates > Network/DNS Client > DNS Suffix Search List.


Then GPUPDATE /force your client and run IPCONFIG /ALL and you should see:




Tags: , , , , , ,

Lync 2010 Authentication Issue

Posted by robd on September 04, 2013
Lync 2010 / 2 Comments

So a while back we had  quite a setup issue with Lync 2010 where two users couldn’t connect at a remote site couldn’t connect to Lync 2010, the setup:

Two Domains:

Domain one (BohemianGrove.co.uk): Contains the Lync and Exchange Servers also the Linked mailboxes (disabled),

Domain two (Corp.co.uk): Contains the users who connect to Outlook and Lync via linked mailboxes (we use the SID Mapping Tool to map the SID of a disabled user account).

External: connects via an edge server which works great.

The two users who can’t connect are getting the error:

 "cannot sign in because the server is temporarily unavailable"

So to trouble shoot I installed Snooper on the Lync 2010 server, which is a tool to debug connection issues.  The results were thus:

LogType: diagnostic
Severity: error
Text: The authentication authority is unavailable. Check connectivity to the KDC (Kerberos) or Domain Controller (NTLM).
SIP-Start-Line: REGISTER sip:DOMAIN1.com SIP/2.0


LogType: security
Text: Failed to validate user credentials
Result-Code: 0x80090311
SIP-Start-Line: REGISTER sip:DOMAIN1.com SIP/2.0

Well that’s odd as everyone else can authenticate without issue, so I replicated the users and tried to connect from the same site and ran into exactly the same issue.  Very odd.

I ran NSLOOKUP produces:

Default Server:  dc10.Corp.co.uk

> set type=srv
> _sipinternaltls._tcp.corp.co.uk
Server:  dc10.corp.co.uk


Non-authoritative answer:

_sipinternaltls._tcp.corp.co.uk  SRV service location:
          priority       = 0
          weight         = 0
          port           = 5061
          svr hostname   = lyc01.BohemianGrove.co.uk


Well that looks fine. So at this point I was stuck.

So after some thought I decided to track the logon process via our firewalls, i.e. what does the client do when it tries to connect.  Note – you could do this with wire shark or similar.

Well what was interesting here was the client on the Corp.co.uk domain was connecting to the Lync server on the BohemianGrove.co.uk domain without issue but when the Lync 2010 server tried to authenticate the user on the Corp.co.uk domain it was referencing a domain controller hundreds of miles away that clearly seemed to have some issues with DNS and site connections hence the authentication problems.

Great I though, I’ll sort out the authentication and we should be good to go!!

Well no not quite, when a server tried to authenticate against another domain, Windows finds the closest domain controller by using DNS and SRV resource records, if these records are not correct or incorrectly configured the returning authentication server could be potentially any domain controller in the Corp.co.uk domain.  So how do we fix this?

Well firstly, make sure DNS is up to scratch.  In my case I made full use of Active Directory Conditional Forwarders i.e. set up a conditional forwarder that says – if you receive any requests for corp.co.uk then forward them to this IP and vice versa.

Secondly and this is important too, rename the sites in Active Directory Sites and Services in both domains so they match this will allow DNS responses across domains and hence authentication to take place on the correct Domain Controller.

Lastly I rebooted Lync and the servers and the everything worked as it should!!

Here’s the article I gathered most of my information from, its brilliant: http://blogs.technet.com/b/askds/archive/2008/09/24/domain-locator-across-a-forest-trust.aspx

Tags: , , ,

DHCP, DNS and DCPROMO issues

Posted by robd on May 07, 2013
DCPROMO, DHCP, DNS / No Comments

Today was an interesting, over the bank holiday I demoted an old 2003 domain controller, let’s call it Server1.

All went to plan, changed the IP address of the DNS on the network card and ran DCPROMO, nexting through all the options.

Reboot, ran a few tests:

DCDIAG on all the remaining domain controllers,
REPADMIN /REPLSUMMARY to test replication,
Logged onto a few PC’s to check they could authenticate ok.


Well that all seemed fine and all the results were great.

Tuesday comes round and I turn up to bedlam!!

Around 20 or 30 machines were referencing Server1 for DNS and since the dcpromo the DNS server only had Active Directory integrated DNS running meaning users couldn’t get to a host of sites!!

The question was though, why on earth were they referencing Server1?

To try and resolve I did the normal client side:

 Rebooted the client,
IPCONFIG /Release,
Changed the settings in the registry:  HKLM/CCS/Services/TCP/Parameters

But no matter what I did the DNS server reverted back.

So after some thought I logged onto Sercver1 and checked DHCP because as you know DHCP assigns DNS and the default gateway etc to clients.

The service was enabled which worried me slightly and the Scopes were disabled but more importantly the Server options were all referencing the wrong server!!  So I quickly changed the options then disabled the DHCP service.

Rebooted the clients and Bam, everything was back up and running as it should.

For some strange reason the clients were using the  wrong DHCP server along with its incorrect settings.

So I urge you if you have this problem check all your DHCP server first!!

Tags: , , , , , , ,