0

Windows Server 2016.

All Servers in domain obtain IP address automatically and DNS addresses are set manually:

Primary DNS 172.16.0.1

Secondary DNS 172.16.0.2

I created a 3rd DC (172.16.0.3), and moved FSMO roles.

I want to change the primary DNS on all servers (about 50) to the new DC 172.16.0.3.

I created a batch file with the following script:

@echo off
set dnsserver=172.16.0.3
set dnsserver2=172.16.0.1
for /f "tokens=1,2,3*" %%i in ('netsh interface show interface') do (
 if %%i EQU Enabled (
 rem echo change "%%l" : %dnsserver%
 netsh interface ipv4 set dnsserver name="%%l" static %dnsserver% both
 netsh interface ipv4 add dnsserver name="%%l" %dnsserver2% index=2
 )
)

Then I created a GPO and linked it to the domain.

Computer configuration | Policies | Windows Settings | Scripts | (Startup\Shutdown) | Choose Startup In Scripts properties, I added the batch file.

In Security Filtering for this Group Policy I keep the Authenticated Users, add Domain Admins Group and some servers to test it. (Note: Authenticated Users includes all groups and users and computers, so the adding servers and Domain Admins is unnecessary).

I logon to these servers run gpupdate /force but with no luck, GP is not applying the script.

I need to change the DNS IPs on all servers with no restart or logon.

Note: Script is correct, I run it manual as admin and it changes the DNS IPS.

Improve this question
3
  • Copy the script to a local folder and specify the local folder location in the GPO.
    – Greg Askew
    Nov 10 at 18:36
  • Thanks for your reply Greg. I already did that, batch file is on my desktop in DC3 and I'm locating it in the scripts properties to this GPO
    – Mrc89
    Nov 10 at 18:42
  • 1
    Why not set DNS via DHCP? I know linux has been annoying about this in recent years, but Windows will still use whatever server the DHCP lease tells it to by default.
    – Joel Coel
    Nov 10 at 22:05

3 Answers 3

Reset to default
1

You don't need to use a script, you can use the settings in the group policy itself to do this.Computer Configuration > Policies > Administrative Templates > Network > DNS Client gpo

But usually the dns servers are send when a client asks for an ip to the dhcp server, so check there also (DHCP options)

Improve this answer
6
  • FYI I believe this has a side effect of not updating the DNS Servers as shown in ipconfig. Probably a good idea to WMI filter this on server OS.
    – Greg Askew
    Nov 20 at 12:34
  • WMI Filter is the worst idea ever. That can cause a lot of performance issues. It configures the dns client. If you want to dynamic update the dns there is also a GPO setting
    – Turdie
    Nov 20 at 12:37
  • They are linking the policy to the top of the domain, in a policy that applies to all users and computers. It would be irresponsible and potentially dangerous to not filter it for member servers only.
    – Greg Askew
    Nov 20 at 12:44
  • Yes but using security groups and not WMI. Microsoft also doesn't recommend WMI Filtering. You don't want to know how many logon performance issues I have seen because of the WMI Filtering in GPO's
    – Turdie
    Nov 20 at 12:49
  • Adding a new group doesn't work for the no restart requirements though. Win32_OS producttype is fine for WMI filters on servers. It's been used forever to distinguish workstation or server and issues are rare.
    – Greg Askew
    Nov 20 at 12:58
0

A script can be configured to run at the start of the computer and also immediately.

Please check if your GPO works as configured (at start time). If so, and you want the script to be executed immediately, you should program it as a scheduled task to be executed "at task creation / modification"

Improve this answer
-1

changing DNS via group policy dosen't work well, it won’t be changed unless the server is restarted. I tried many scenarios (User configuration, windows configuration, policies, scheduled either a script in powershell or a batch file but it doesn't go well). So I found on github a powershell script linked to a csv file (to fill servers name only there)and once you run this script it asks you to locate the csv file (Name of Servers) and it did the job easily.

Improve this answer
1
  • Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.
    – Community Bot
    2 days ago

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .