DNS dynamicupdate with powershell

This topic contains 4 replies, has 3 voices, and was last updated by Profile photo of Greg Heywood Greg Heywood 1 year, 5 months ago.

  • Author
  • #25410
    Profile photo of Greg Heywood
    Greg Heywood


    First post, hopefully I will do it right 🙂

    I have a test environment on my workstation, running VMware Workstation. I have a DC (Window Server 2012 R2), a client machine (Windows 8.1), and a few servers (Window Server 2012 R2). I want to be able to build some VM's running Window Server, and configure them via DSC. Before doing anything without DSC though, I was planning on connecting remotely and configuring by doing something like this:

    $computername = $(read-host "Enter computer name")
    $ipaddress = $(read-host "Enter IP address")
    $prefix= $(read-host "Enter IP prefix (ie, 24)")
    $dns =  $(read-host "Enter DNS server address")
    Invoke-command -computername $computername -credential $(get-credential) -scriptblock {
    	Get-netIPinterface -addressfamily IPv4 -DHCP enabled -connectionstate Connected | 
    	Net-netipaddress -Ipaddress $ipaddress -prefixlength $prefix -addressfamily IPv4 ; 
    	Set-dnsclientserveraddress -serveraddress $dns ;
    	} -indisconnectedsession

    My problem isn't the code, I main problem is that I can't run an "invoke-command" to the newly built VM because I can only see them via IP. They are getting a DHCP request, but they are not authorised for DNS (because they are not in the domain). I know the DHCP lease is there because I can run:

    {get-dhcpserverv4lease -scopeID | select hostname, IPaddress, Leaseexpirytime -last 1 | ft -AutoSize}

    and see the lease. But the DNS update is "pending".

    So, using powershell, how do I disable Secure Only updates on the DNS server? And/or, is there a better way of doing this? I can see the settings, but can't figure out how to modify it.

    Get-DnsServer  | select * -Expand serverzone | select dynamicupdate     
  • #25413
    Profile photo of Don Jones
    Don Jones

    Read up on "Secrets of PowerShell Remoting." You can remote in using the IP address, if you add the IP address to your local TrustedHosts list, and specify a credential when connecting. That'll get you in to configure it initially, and then you can take it out of TrustedHosts once it's in your domain.

    DNS isn't really the issue. Without being in the same domain as the target, you'd have to mangle with TrustedHosts anyway. Active Directory is the thing.

    With that said, I'm not sure I *would* disabled Secure Only updates on DNS. Secure Only is a Good Thing, and strictly to get into the VM to configure it, you don't need DNS anyway. Just use the IP address. Push a config to them that gets them in the domain, or that configures them to pull a config from a pull server – neither of those operations depends on AD.

  • #25414
    Profile photo of Greg Heywood
    Greg Heywood

    Super. That sounds like a much better and more scalable approach, I will give it a go. Thanks Don!

  • #25417
    Profile photo of Daniel Krebs
    Daniel Krebs

    Hi Greg,

    You can configure your DHCP server if Windows to register the DNS entries for the clients. The zones needs to be configured for secure updates for this to work.


    We have configured DNS registration via the DHCP server for our backup network at work.


  • #25561
    Profile photo of Greg Heywood
    Greg Heywood

    Thanks Daniel. That could be a good way for me to tackle it in production.

You must be logged in to reply to this topic.