Solved

Update DNS record for not Domain Computer

Posted on 2013-01-30
5
641 Views
Last Modified: 2013-03-12
Hello,
  Inventory:
       A - domain controller
       B - not Domain computer
       VPN software
     

Task
Run powershell.exe on B computer. Connect to Domain network and update DNS record with new IP of B computer.

How i am trying to do this.
    Using Powershell script converted to exe using PS2EXE
     user John added to DNSAdmins  group
     On DC created PowerShell Session Microsoft.Powershell and added John user to it with full permissions

Problem
     When i start powershell.exe script i receive this ERROR message:
"[DC.domain.com] Connecting to remote server failed with the following error message: The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination , most commonly IIS or WinRm. If the destination is the WinRM service , run the following command on the destination to analyze and configure the WinRM service: "winrm quick config"


winrm quickonfig is set on DC.domain.com

PowerShell Script
#Password for remote login
$password = ConvertTo-SecureString -AsPlainText "password" -Force
$credentials = new-object -TypeName System.Management.Automation.PSCredential -argumentlist "domain.com\John",$password

#VPN software location
$vpn = "C:\Program Files\ShrewSoft\VPN Client\"
Set-Location $vpn

#start VPN software
.\ipsecc.exe -r "vpn.pcf"

Start-Sleep -s 30

#Get IP address of the ShrewSoft VPN adapter
Get-WmiObject Win32_NetworkAdapterConfiguration| Where {$_.DNSDomain -eq “domain.com” -and $_.ServiceName -eq "vnet"} | select IPAddress > C:\info.txt
$adapter = Get-Content  -Path C:\info.txt | Select-Object -Last 1
$adapter = $adapter.Substring(0,15)
 
#new IP address
$ip = $adapter
$ip = $ip -replace "{", ""
$ip = $ip -replace "}", ""

#get hostname
$hostname = "$env:computername"

#DNS server info
$DNSServer = "DC.domain.com"
$DNSZone = "domain.com"
    
#Start PSSession to DNS server
New-PSSession -UseSSL -ComputerName $DNSServer -ConfigurationName Microsoft.Powershell -Credential $credentials
$session = Get-PSSession

#DNS record name
$recordName = $hostname 

#DNS record type
$recordType = "A" 

#IP from Shrew Soft VPN adapter to create a new DNS record
$recordAddress = $ip 
 
  # Now we execute DELETE command  
Invoke-Command -Session $session `
 {param($DNSServer,$DNSZone,$recordName,$recordType) dnscmd $DNSServer /RecordDelete $DNSZone $recordName $recordType /f}  -ArgumentList $DNSServer,$DNSZone,$recordName,$recordType
 
  # Now we execute ADD command 
Invoke-Command -Session $session `
 {param($DNSServer,$DNSZone,$recordName,$recordType,$recordAddress) dnscmd $DNSServer /RecordAdd $DNSZone $recordName $recordType $recordAddress}  -ArgumentList $DNSServer,$DNSZone,$recordName,$recordType,$recordAddress

#EXIT and REMOVE PSSession
Exit-PSSession 
Remove-PSSession $session

Open in new window


Question
Do I need to set more permissions to John user ?
Why this script does not work?
How can i make it work ?

Thanks,
  Tadas
0
Comment
Question by:thinkbot
  • 3
  • 2
5 Comments
 
LVL 40

Expert Comment

by:footech
ID: 38837704
Did you just run "winrm quickconfig" on the server or did you run "Enable-PSRemoting"?  They are different.
I don't use PS-Remoting with workgroup members, but I've read some about it.  I think you will want to modify the TrustedHosts list on the non-domain machine.  You may want to reference the following links:
http://blogs.msdn.com/b/wmi/archive/2009/07/24/powershell-remoting-between-two-workgroup-machines.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2012/07/24/an-introduction-to-powershell-remoting-part-two-configuring-powershell-remoting.aspx
0
 
LVL 40

Expert Comment

by:footech
ID: 38841718
Actually, thinking about this a bit more, the error message "The client cannot connect to the destination specified in the request" refers specifically to being able to contact the WinRM service on the machine.  You would see the error in the following circumstances:
 - firewall is blocking traffic (Windows Remote Management (HTTP-In) rule should be enabled)
 - WinRM service is not started
 - DNS info is incorrect (i.e. trying to reach the wrong IP) - are you querying a DNS server that has the right info?

Also, I'm not sure about the error when not set, but you must have a password set on the workgroup computer.

If the error was more about authentication, it would read something like, "The WinRM client cannot process the request."
0
 

Accepted Solution

by:
thinkbot earned 0 total points
ID: 38842714
Thank you for your help, but i decided to go with another solution. I added John user to domain administrator group and now i can update dns record using "get-wmiobject".  SO the code look like this now:
 #VPN software location
$vpn = "C:\Program Files\ShrewSoft\VPN Client\"
Set-Location $vpn

#start VPN software
.\ipsecc.exe -r "login.pcf"


#autologin
$password = ConvertTo-SecureString -AsPlainText "password" -Force
$credentials = new-object -TypeName System.Management.Automation.PSCredential -argumentlist "domain.com\John",$password


Start-Sleep -s 30

Get-WmiObject Win32_NetworkAdapterConfiguration| Where {$_.DNSDomain -eq “domain.com” -and $_.ServiceName -eq "vnet"} | select IPAddress > C:\info.txt
$adapter = Get-Content  -Path C:\info.txt | Select-Object -Last 1
$adapter = $adapter.Substring(0,15)
 
#new IP address
$ip = $adapter
$ip = $ip -replace "{", ""
$ip = $ip -replace "}", ""

#get hostname and add domain.com because the computer do not belong to domain controler group

$hostname = $env:computername + "domain.com"

#Get information
$dns = Get-WmiObject -ComputerName dc.domain.com -Namespace "root\MicrosoftDNS" -Class MicrosoftDNS_AType -Filter "OwnerName = '$hostname'" -Credential $credentials
#modify host dns record
$modifiedDNS = $dns.Modify($dns.TTL, $ip)

Open in new window


I convert this code to exe and now it is working :)

Thank you @footech for help and suggestions.
0
 
LVL 40

Expert Comment

by:footech
ID: 38904350
Glad you have a solution.  You can accept your own comment as the solution and close the question.  :)
0
 

Author Closing Comment

by:thinkbot
ID: 38976837
Solved
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question