DNS dynamicupdate with powershell

greg-heywood · May 19, 2015, 5:01am

Hello,

First post, hopefully I will do it right

I have a test environment on my workstation, running VMware Workstation. I have a DC (Window Server 2012 R2), a client machine (Windows 8.1), and a few servers (Window Server 2012 R2). I want to be able to build some VM’s running Window Server, and configure them via DSC. Before doing anything without DSC though, I was planning on connecting remotely and configuring by doing something like this:

#configure
$computername = $(read-host "Enter computer name")
$ipaddress = $(read-host "Enter IP address")
$prefix= $(read-host "Enter IP prefix (ie, 24)")
$dns =  $(read-host "Enter DNS server address")
Invoke-command -computername $computername -credential $(get-credential) -scriptblock {
	Get-netIPinterface -addressfamily IPv4 -DHCP enabled -connectionstate Connected | 
	Net-netipaddress -Ipaddress $ipaddress -prefixlength $prefix -addressfamily IPv4 ; 
	Set-dnsclientserveraddress -serveraddress $dns ;
	Register-dnsclient
	} -indisconnectedsession

My problem isn’t the code, I main problem is that I can’t run an “invoke-command” to the newly built VM because I can only see them via IP. They are getting a DHCP request, but they are not authorised for DNS (because they are not in the domain). I know the DHCP lease is there because I can run:

{get-dhcpserverv4lease -scopeID 10.10.10.0 | select hostname, IPaddress, Leaseexpirytime -last 1 | ft -AutoSize}

and see the lease. But the DNS update is “pending”.

So, using powershell, how do I disable Secure Only updates on the DNS server? And/or, is there a better way of doing this? I can see the settings, but can’t figure out how to modify it.

Get-DnsServer  | select * -Expand serverzone | select dynamicupdate

donj · May 19, 2015, 5:20am

Read up on “Secrets of PowerShell Remoting.” You can remote in using the IP address, if you add the IP address to your local TrustedHosts list, and specify a credential when connecting. That’ll get you in to configure it initially, and then you can take it out of TrustedHosts once it’s in your domain.

DNS isn’t really the issue. Without being in the same domain as the target, you’d have to mangle with TrustedHosts anyway. Active Directory is the thing.

With that said, I’m not sure I would disabled Secure Only updates on DNS. Secure Only is a Good Thing, and strictly to get into the VM to configure it, you don’t need DNS anyway. Just use the IP address. Push a config to them that gets them in the domain, or that configures them to pull a config from a pull server - neither of those operations depends on AD.

greg-heywood · May 19, 2015, 5:24am

Super. That sounds like a much better and more scalable approach, I will give it a go. Thanks Don!

daniel-krebs · May 19, 2015, 5:30am

Hi Greg,

You can configure your DHCP server if Windows to register the DNS entries for the clients. The zones needs to be configured for secure updates for this to work.

http://blogs.technet.com/b/stdqry/archive/2012/04/03/dhcp-server-in-dcs-and-dns-registrations.aspx

We have configured DNS registration via the DHCP server for our backup network at work.

Regards
Daniel

greg-heywood · May 21, 2015, 5:46pm

Thanks Daniel. That could be a good way for me to tackle it in production.

Topic		Replies	Views
Update DNS record on DC for non domain computer PowerShell Help	1	147	May 16, 2024
Cannot use Invoke-VMScript to configure IP Address PowerShell Help	2	298	May 16, 2024
Install Windows Update Standalone Installer remotely PowerShell Help	6	417	May 16, 2024
Updating DNS records via PowerShell PowerShell Help	5	10269	May 16, 2024
Change DNS setttings of remote PC's PowerShell Help	7	1166	May 16, 2024

DNS dynamicupdate with powershell

Related topics