Link to home
Create AccountLog in
Avatar of jnordeng
jnordeng

asked on

Powershell or GPO - which works best to update the Primary & Secondary DNS server on Member Servers

We recently migrated our FSMO roles to new Windows 2016 servers and would like to demote our Windows 2008 R2 Servers.  The question is our member servers on their NIC's point to the existing Windows 2008 R2 servers for DNS.  These are static since these are member servers.  Member servers are running Windows 2008 R2, Windows 2012 R2 and Windows 2016.

What is the best way to update the DNS on the NIC's to the new DC's?  I would image that this should be more than a manual process.  All I've been finding are the recommendations to use DHCP which doesn't' work on statically assigned IP's and info on Member Servers.

Thanks in advance.
Avatar of Robert
Robert
Flag of United States of America image

If I remember correctly the setting for GPO will not work on a server OS. (it may have changed in recent version though)
Last time I did this was via PowerShell script but I would also make sure you do a verification that it applies correctly.
I have seen cases where the script updates the value but it didn't actually apply on a few of the machines.
It also depends on how many servers your talking about a few hundred obviously do a script but if it is only 20 or so just update the settings manually. 
Avatar of jnordeng
jnordeng

ASKER

Thanks for your input, yeah, we have hundreds.  I found this and ran manually on one system via powershell, worked, so now just figuring out how to deploy.

Set-DNSClientServerAddress –interfaceIndex 12 –ServerAddresses (“10.0.0.1”,”10.0.0.2”)

Thanks

If you have a list of the servers then you could do a remote execution of the command.
Using Invoke-command you could iterate through the list of servers and run the command.
Just be aware the interfaceindex may not always be 12.
$servers = get-content -path "c:\temp\serverlist.txt"
$Log = "C:\temp\log.txt"
 ForEach ($server in $servers) { 
$server
    Try {
        $error.Clear()
        Invoke-Command -ComputerName $computer -ScriptBlock {
           Set-DNSClientServerAddress –interfaceIndex 12 –ServerAddresses (“10.0.0.1”,”10.0.0.2”)
        }
        if ($error.Count -gt 0) {
            $ERRMSG = "Server: " + $server + " ERROR " + $error[0]
            Add-content $log $ERRMSG
        }
    }
    Catch {
        Add-content $log $server + " Was not available" 
    }
   

Open in new window



 
How about just re-IP'ing the new DCs so that they have the same IPs as the old DCs? Then you don't have to worry about changing DHCP options or your static hosts.

If for some reason you can't do that, then scripting using PowerShell Remoting would be my choice.
Thanks in advance for your comments.  We're going to try to push the simple powershell script via Blade Logic.  Currently it's just a matter of getting the job setup correctly in BladeLogic to push out.
ASKER CERTIFIED SOLUTION
Avatar of jnordeng
jnordeng

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer