Avatar of jnordeng
jnordeng
 asked on

Powershell or GPO - which works best to update the Primary & Secondary DNS server on Member Servers

We recently migrated our FSMO roles to new Windows 2016 servers and would like to demote our Windows 2008 R2 Servers.  The question is our member servers on their NIC's point to the existing Windows 2008 R2 servers for DNS.  These are static since these are member servers.  Member servers are running Windows 2008 R2, Windows 2012 R2 and Windows 2016.

What is the best way to update the DNS on the NIC's to the new DC's?  I would image that this should be more than a manual process.  All I've been finding are the recommendations to use DHCP which doesn't' work on statically assigned IP's and info on Member Servers.

Thanks in advance.
PowershellDNSActive Directory

Avatar of undefined
Last Comment
jnordeng

8/22/2022 - Mon
Robert

If I remember correctly the setting for GPO will not work on a server OS. (it may have changed in recent version though)
Last time I did this was via PowerShell script but I would also make sure you do a verification that it applies correctly.
I have seen cases where the script updates the value but it didn't actually apply on a few of the machines.
It also depends on how many servers your talking about a few hundred obviously do a script but if it is only 20 or so just update the settings manually. 
jnordeng

ASKER
Thanks for your input, yeah, we have hundreds.  I found this and ran manually on one system via powershell, worked, so now just figuring out how to deploy.

Set-DNSClientServerAddress –interfaceIndex 12 –ServerAddresses (“10.0.0.1”,”10.0.0.2”)

Thanks

Robert

If you have a list of the servers then you could do a remote execution of the command.
Using Invoke-command you could iterate through the list of servers and run the command.
Just be aware the interfaceindex may not always be 12.
$servers = get-content -path "c:\temp\serverlist.txt"
$Log = "C:\temp\log.txt"
 ForEach ($server in $servers) { 
$server
    Try {
        $error.Clear()
        Invoke-Command -ComputerName $computer -ScriptBlock {
           Set-DNSClientServerAddress –interfaceIndex 12 –ServerAddresses (“10.0.0.1”,”10.0.0.2”)
        }
        if ($error.Count -gt 0) {
            $ERRMSG = "Server: " + $server + " ERROR " + $error[0]
            Add-content $log $ERRMSG
        }
    }
    Catch {
        Add-content $log $server + " Was not available" 
    }
   

Open in new window



 
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
footech

How about just re-IP'ing the new DCs so that they have the same IPs as the old DCs? Then you don't have to worry about changing DHCP options or your static hosts.

If for some reason you can't do that, then scripting using PowerShell Remoting would be my choice.
jnordeng

ASKER
Thanks in advance for your comments.  We're going to try to push the simple powershell script via Blade Logic.  Currently it's just a matter of getting the job setup correctly in BladeLogic to push out.
ASKER CERTIFIED SOLUTION
jnordeng

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question