How to find and update DNS server search order using SCCM Configmgr

If you are using SCCM Configmgr in your environment, you can accomplish lot manual /administrative tasks using Configmgr using deployment/compliance method.

Recently I was working on task to update the DNS records (Primary DNS server IP ) for lot of servers as servers use static IP and is required to change it on all where needed.

As there was change in network segment for DNS server ,the IP of the DNS server changed from Class B to Class A.

How do I update the old DNS server record with the new one on all the servers ? Before you use any method (scripting or Configmgr) ,you need to know the list of servers that are using the OLD DNS record and validate and then perform the change .

Since our infra is using Configmgr to manage workstations and servers ,I can use configmgr to pull report that using OLD DNS server record , create a collection for these servers ,deploy a script to update with DNS server record ,monitor the report if the change is successfully executed or not .

Before you generate report, you need to find out which SQL views store information about DNS server details. Network adaptor information is stored in v_GS_NETWORK_ADAPTER_CONFIGUR view.

The information that we are looking for is , DNSServerSearchOrder0 which is not enabled by default in the hardware inventory class.

You need to enable it by going to client settings-> hardware inventory –>set classes ,search with network ,you will see network adaptor configuration ,select DNS server search order .

After you enable this ,clients that are deployed with this client agent settings will download the policies and send the updated inventory during the next scheduled inventory cycle.

After this is done, you are good to generate report to see the servers that are using OLD DNS record.

Here is SQL query to check for DNS Server search order:

select sys.name0,os.Caption0,DNSServerSearchOrder0 from v_R_System sys

join v_GS_NETWORK_ADAPTER_CONFIGUR NAC on NAc.ResourceID=sys.ResourceID

join v_GS_OPERATING_SYSTEM os on os.ResourceID=sys.ResourceID

where OS.Caption0 like '%server%'

and nac.IPEnabled0='1'

and nac.DNSServerSearchOrder0 like '%OLD DNS SERVER IP%'

From the above query ,you will get servers with their primary DNS and secondary DNS server records .Create a new collection ,add these machines to the collection.

Now we have list of servers to update with new DNS server record but we do not have package to deploy to the collection.

To update the DNS server records ,you can either use powershell or VBscript .If you are running any server 2003 ,PowerShell is not good option for you ,so you might have to use vbscript.

I am posting both VBscript and PowerShell for your feasibility.

In my case, I need to update Primary DNS record (new IP) and keep secondary DNS server record as it is without any change.

VBscript:

on error resume next

strComputer = "."

Const FullDNSRegistrationEnabled = True

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colNetCards = objWMIService.ExecQuery ("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")

FOR EACH objNetCard in colNetCards

arrDNSServers = Array("DNS server IP1","DNS Server IP2")

errEnable = objNetCard.SetDNSServerSearchOrder(arrDNSServers)

objNetCard.SetDynamicDNSRegistration FullDNSRegistrationEnabled

next

If you have primary and secondary DNS ,replace the IP address accordingly in the above script.

Powershell:

$NICs = Get-WMIObject Win32_NetworkAdapterConfiguration | Where-Object {$_.IPEnabled -eq "True"}

Foreach($NIC in $NICs) {

$DNSServers = “DNS server IP1"," DNS server IP2”

$NIC.SetDNSServerSearchOrder($DNSServers)

$NIC.SetDynamicDNSRegistration(“TRUE”)

}

When you deploy the powershell script ,focus on the command line you use .If you have enabled the execution of powershell to bypass in client agent settings ,you can simply use the command line as scriptname.ps1 and deploy it else you will have to use command line to bypass the execution of powershell script.

PowerShell.exe -ExecutionPolicy Bypass -File "scriptname.ps1"

Create a package using above scripts and deploy to the collection ,monitor the results.

For results , wait for the next hardware inventory cycle and fix the issue where it didn’t go through.