Adding a secondary zone needs to be done on each DNS server within the AD domain individually, which if you have a lot of DNS servers could be a lot of work. Add to that the more servers you're working with, the more chance of a mistake being made on one of them.
To get around this I wanted to script a way to create a secondary zone on all the DNS servers at once.
The first step is getting a list of the DNS servers on the domain. You could manually create and maintain a list of servers, but I prefer to assume things will change and get the script to allow for this. To generate a list of DNS servers I use the following :
$dnserversldap = [ADSI]"LDAP://ou=Domain Controllers,dc=mydomain,dc=co,dc=uk"
$objsearcher = new-object system.directoryservices.directorysearcher
$objsearcher.searchroot = $dnserversldap
$objsearcher.filter = "(objectcategory=computer)"
$proplist = "name","cn","lastlogon"
foreach ($i in $proplist){$objsearcher.PropertiesToLoad.add($i)}
$results = $objsearcher.findall()
$serverlist = $results.properties.cn
Note, I'm assuming in this example that all DNS servers are also AD DC's and therefore appear in the Domain Controllers OU, if that's not the case for you then you'd need to adjust it accordingly.
$serverlist now contains a list of DNS servers to work with.
From there I can simply use foreach to work through the list, and call the AddDnsServerSecondaryZone cmdlet to add the required secondary as follows :
foreach ($dnsserver in $serverlist)
{
Add-DnsServerSecondaryZone -Name $domain -ZoneFile $zonefile -MasterServers $ipaddr -ComputerName $dnsserver
}
Since I want this to be runnable at a PowerShell prompt rather than have to edit the script each time, I add the following at the beginning :
$domain=$args[0]
$ipaddr=$args[1]
$zonefile=$domain + ".dns"
which reads in the domain and IP Address arguments passed to the script, and then generates the
You can download the completed script, which includes logging and error trapping, from
No comments:
Post a Comment