Active Directory

How to check if all domain controllers using correct DNS settings

Last Updated: January 28, 2024
0 360

An essential component of the Active Directory subsystem is DNS. Active Directory won’t function properly without DNS. When client computers are authenticated, when GPO settings are applied to users and machines, and other processes, DNS is necessary. The TCP/IP property of the network card must be set up on the domain controllers to use the proper DNS settings. For instance, if an Active Directory domain has four domain controllers, and if each domain controller is performing the DNS server role, then the DNS TCP/IP property settings must be specified to use the DNS server IP of each other domain controller in order to prevent resolution failures.

For the purpose of sharing security tokens and replicating changes, the domain controllers link to one another. The domain controllers must first identify their replication partner by making a query to the nearby DNS server before the modifications can be replicated. A domain controller needs DNS to do many additional tasks. This article offers a PowerShell script that can be used to determine how many DNS servers are set up on a domain controller’s TCP/IP property. However, it does not verify that the domain controller is utilizing the right DNS server IP address.

What is the purpose of this PowerShell script?

The following tasks are carried out by the DNS PowerShell script that is included in this article:

  • Collects all domain controllers listed in the C:TempDCServers.TXT text file.
  • Utilizes the Win32_NetworkAdapterConfiguration class to gather Network Card information from the target domain controller.
  • The domain controller must have at least two DNS servers setup, according to the PowerShell script. It reports the domain controller name and DNS server IP defined in the report file if it discovers a domain controller configured with just one IP Address.
  • This script uses Windows normal PowerShell and WMI Class to acquire data and report back to the report file, therefore no extra PowerShell module is needed for it to work.

This PowerShell script when run will provide a CSV report. You may find the report file at C:TempDCDNSReport.CSV. Before running the script, you must enter the domain controller names one per line in the C:TempDCServers.TXT file.

$GDCList="C:\Temp\DCServers.TXT"
$DCDNSREport = "C:\Temp\DCDNSReport.CSV"
$ThisString="Domain Controller,Connection,Command Status, Network Adapter Description, IP Address,Subnet,Default Gateway,DNS Servers,Final Status"
Add-Content $DCDNSREport $ThisString
$AnyGap = "No"
Foreach ($ItemName in Get-Content "$GDCList")
{
$nwINFO = Get-WmiObject -ComputerName $ItemName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPAddress -ne $null }
foreach ($NIC in $nwINFO)
{
$nwServerName = $NIC.DNSHostName
$nwDescrip = $NIC.Description
$nwIPADDR = $NIC.IPAddress
$nwSUBNET = $NIC.IpSubnet
$nwGateWay = $NIC.DefaultIPGateway
$nwMacADD = $NIC.MACAddress
$nwDNS = $NIC.DNSServerSearchOrder
$FinalStatus="Ok"
IF ($NwDNS.Count -lt 2)
{
$FinStatus ="Not enough DNS Servers have been configured on this domain controller."
$AnyGap = "Yes"
}
$FinalSTR = $ItemName+","+$DCConError+","+$ComConError+","+$nwDescrip+","+$nwIPADDR+","+$nwSUBNET+","+$nwGateWay+","+'"'+$NWDNS+'"'+","+$FinStatus
Add-Content "$TestCSVFile" $FinalSTR
}
}
IF ($AnyGap -eq "Yes")
{
$TestText = "Some Domain Controllers have not been configured with enough DNS Servers in the TCP/IP property of the network card. Please check FinalStatus column of the output and check which Domain Controller required updating with DNS configuration. It is recommended to configure domain controllers with at least 2 DNS Servers."
}

So, that’s all in this blog. I will meet you soon with next stuff. Have a nice day!!!

Guys please don’t forget to like and share the post. Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them.

You can also share the feedback on below windows techno email id.

If you have any questions, feel free to contact us onadmin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

As you found this post useful...

Follow us on social media!

Was this article helpful?
YesNo
Last Updated: January 28, 2024
0 360
Photo of Vipan Kumar

Vipan Kumar

He is an Active Directory Consultant. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@windowstechno.com Please subscribe our Facebook page as well website for latest article.

Leave a Reply

Back to top button