SCCM Configuration Item \ Baseline Powershell script issues

Benjamin Hagen 121 Reputation points
2022-10-27T20:54:14.883+00:00

I found a PowerShell Script that uses the SCCM Configuration Items and Baselines to ensure DNS is set correctly. This script is awesome however it allow allows you to set to DNS servers. I need to set 4. I am not sure what I am doing wrong any help would be appreciated.

URL for the original: https://social.technet.microsoft.com/wiki/contents/articles/20527.central-management-of-dns-configuration-compliance-and-updates.aspx

DIscovery:

CheckDNSConfiguration_v1.0.ps1

input : n/a

output : none (logs)

Version 1.0

Changelog : n/a

MALEK Ahmed - 15 / 04 / 2013

Main

$server1 = "x.x.x.x"

$server2 = "y.y.y.y"

$server3 = "c.c.c.c"

$server4 = "a.a.a.a"

$IPList = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName .

$i = 0

$nicwithdnscount = 0

$conformity = "Not Compliant"

if ($IPList.Count -ne $null)

{

while ($i -ne $IPList.Count)

{

try{

if ($IPList[$i].DNSServerSearchOrder[0] -ne $null)

{

$nicwithdnscount = $nicwithdnscount + 4

}

if (($IPList[$i].DNSServerSearchOrder[0] -ne $null) -AND ($IPList[$i].DNSServerSearchOrder[1] -ne $null) -AND ($IPList[$i].DNSServerSearchOrder[2] -And ($IPList[$i].DNSServerSearchOrder[3]))

{

if (($IPList[$i].DNSServerSearchOrder[0] -eq $server1) -AND ($IPList[$i].DNSServerSearchOrder[1] -eq $server2) -AND ($IPList[$i].DNSSearchOrder[2] -eq $server3) -AND ($IPList[$i].DNSSearchOrder[3] -eq $server4))

{

$conformity = "Compliant"

}

else

{

$conformity = "Not Compliant"

}

}

}

catch

{

}

$i = $i + 1

if ($nicwithdnscount -ne 1)

{

$conformity = "Not Compliant"

}

}

}

else

{

try{

if ($IPList.DNSServerSearchOrder[0] -ne $null)

{

$nicwithdnscount = $nicwithdnscount + 1

}

if (($IPList.DNSServerSearchOrder[0] -ne $null) -AND ($IPList.DNSServerSearchOrder[1] -ne $null) -AND ($IPList.DNSServerSearchOrder[2] -ne $null) -AND ($IPList.DNSServerSearchOrder[3] -ne $null))

{

if (($IPList.DNSServerSearchOrder[0] -eq $server1) -AND ($IPList.DNSServerSearchOrder[1] -eq $server2) -AND ($IPList.DNSServerSearchOrder[2] -eq $server3) -AND ($IPList.DNSServerSearchOrder[3] -eq $server4))

{

$conformity = "Compliant"

}

else

{

$conformity = "Not Compliant"

}

}

}

catch

{

}

}

Return $conformity

Remediation script

RemediationDNSConfiguration_v1.0.ps1

input : n/a

output : none (logs)

Version 1.0

Changelog : n/a

MALEK Ahmed - 26 / 04 / 2013

--------Main

$server1 = "x.x.x.x"

$server2 = "y.y.y.y"

$server3 = "c.c.c.c"

$server4 = "a.a.a.a"

$IPList = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName .

$i = 0

$nicwithdnscount = 0

$conformity = "Not Compliant"

if ($IPList.Count -ne $null)

{

while ($i -ne $IPList.Count)

{

try{

if ($IPList[$i].DNSServerSearchOrder[0] -ne $null)

{

$nicwithdnscount = $nicwithdnscount + 1

}

if (($IPList[$i].DNSServerSearchOrder[4] -eq $null))

{

if (($IPList[$i].DNSServerSearchOrder[0] -ne $null) -AND ($IPList[$i].DNSServerSearchOrder[1] -ne $null) -AND ($IPList[$i].DNSServerSearchOrder[2] -ne $null) -AND ($IPList[$i].DNSServerSearchOrder[3] -ne $null))

{

if (($IPList[$i].DNSServerSearchOrder[0] -eq $server1) -AND ($IPList[$i].DNSServerSearchOrder[1] -eq $server2) -AND ($IPList[$i].DNSServerSearchOrder[2] -eq $server3) -AND ($IPList[$i].DNSServerSearchOrder[3] -eq $server4))

{

$conformity = "Compliant"

}

else

{

$conformity = "Not Compliant"

}

}

}

}

catch

{

}

$i = $i + 1

if ($nicwithdnscount -ne 1)

{

$conformity = "Not Compliant"

}

}

}

else

{

try{

if ($IPList.DNSServerSearchOrder[0] -ne $null)

{

$nicwithdnscount = $nicwithdnscount + 1

}

if (($IPList.DNSServerSearchOrder[4] -eq $null))

{

if (($IPList.DNSServerSearchOrder[0] -ne $null) -AND ($IPList.DNSServerSearchOrder[1] -ne $null) -AND ($IPList.DNSServerSearchOrder[2] -ne $null) -AND ($IPList.DNSServerSearchOrder[3] -ne $null))

{

if (($IPList.DNSServerSearchOrder[0] -eq $server1) -AND ($IPList.DNSServerSearchOrder[1] -eq $server2) -AND ($IPList.DNSServerSearchOrder[2] -eq $server3) -AND ($IPList.DNSServerSearchOrder[3] -eq $server4))

{

$conformity = "Compliant"

}

else

{

$conformity = "Not Compliant"

}

}

}

}

catch

{

}

}

$i = 0

if (($conformity -eq "Not Compliant") -AND ($nicwithdnscount -eq 1))

{

if ($IPList.Count -ne $null)

{

while ($i -ne $IPList.Count)

{

try{

if ($IPList[$i].DNSServerSearchOrder[0] -ne $null)

{

$arrDNSServers = $server1, $server2, $server3, $server4

$IPList[$i].SetDNSServerSearchOrder($arrDNSServers)

}

}

catch

{

}

$i = $i + 1

}

}

else

{

try{

if ($IPList.DNSServerSearchOrder[0] -ne $null)

{

$arrDNSServers = $server1, $server2, $server3, $server4

$IPList.SetDNSServerSearchOrder($arrDNSServers)

}

}

catch

{

}

}

}

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,430 questions
Microsoft Configuration Manager
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Rich Matheisen 45,416 Reputation points
    2022-10-31T02:22:49.243+00:00

    Those scripts sure go through a lot of unnecessary work!

    #  
    #   DISCOVERY  
    #  
      
    $MandatoryDNSServers = "x.x.x.x","y.y.y.y","1.1.1.1","2.2.2.2"  
      
    # Get all all IPEnabled NICs on local machine  
    [array]$IPLists = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName .  
    ForEach ($IPList in $IPLists){  
        $res = [PSCustomObject]@{  
            Description = $IPList.Description  
            Index       = $IPList.Index  
            Conformity  = "Not Compliant"  
        }  
        if ( $IPList.DNSServerSearchOrder.Count -gt 0){                                 # if the DNSDerverSearchOrder is populated  
            if ($MandatoryDNSServers.Count -gt $IPList.DNSServerSearchOrder.Count -OR   # and the number of mandatory servers is greater than the number of DNS servers on this NIC  
                $null -eq $IPList.DNSServerSearchOrder[0]){                             # or the first DNS server is empty  
                    return $res                                                         # return "Not Compliant"  
            }  
        }  
        else{  
            $AllGood = $true  
            $dnsservers = $IPList.DNSServerSearchOrder                                  # get the list of DNS servers from the NIC  
            for ($i=0; $i -le $MandatoryDNSServers.GetUpperBound(0); $i++){  
                if ($MandatoryDNSServers[$i] -ne $dnsservers[$i]){                      # compare 2 lists by postion (with $MandatoryDNSServers controlling the loop)  
                    $AllGood = $false  
                    break                                                               # stop loop if a no-match is found  
                }  
            }  
            if ($AllGood){  
                $res.Conformity = "Compliant"  
            }  
            return $res  
        }  
    }  
    

    The remediation can take the output of the discovery script and set the search order like this:

    #  
    #   REMEDIATION  
    #  
    # Takes the Interface Index as a parameter  
    param(  
        [int]$Index  
    )  
    $MandatoryDNSServers = "x.x.x.x","y.y.y.y","1.1.1.1","2.2.2.2"  
    Set-DnsClientServerAddress -ServerAddresses $MandatoryDNSServers -InterfaceIndex $Index  
    

    I'm not familiar with SCCM, so if you have to run the discovery followed by remediation to correct non-compliant NICs then in the remediation part don't return the PSCustomObject. Just use it set the DNS servers if the "Conformity" property is ""Not Compliant" and take the Interface Index from the "Index" property.

    1 person found this answer helpful.

  2. AllenLiu-MSFT 41,691 Reputation points Microsoft Vendor
    2022-10-28T02:44:30.047+00:00

    Hi, @Benjamin Hagen

    Thank you for posting in Microsoft Q&A forum.

    You may try to run discovery script and remediation script Separately to see if the script can run correctly.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  3. AllenLiu-MSFT 41,691 Reputation points Microsoft Vendor
    2022-10-28T08:26:17.867+00:00

    Hi, @Benjamin Hagen

    I modified the discovery script, it doesn't have a syntax wrong now:

    $server1 = "x.x.x.x"  
      
    $server2 = "y.y.y.y"  
      
    $server3 = "1.1.1.1"  
      
    $server4 = "2.2.2.2"  
      
    $IPList = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName .  
      
      
    $i = 0  
      
    $nicwithdnscount = 0  
      
    $conformity = "Not Compliant"  
      
    if ($IPList.Count -ne $null)  
      
    {  
      
    while ($i -ne $IPList.Count)  
      
    {  
      
    try{  
      
    if ($IPList[$i].DNSServerSearchOrder[0] -ne $null)  
      
    {  
      
    $nicwithdnscount = $nicwithdnscount + 1  
      
    }  
      
     if (($IPList[$i].DNSServerSearchOrder[0] -ne $null) -AND ($IPList[$i].DNSServerSearchOrder[1] -ne $null) -AND ($IPList[$i].DNSServerSearchOrder[2] -ne $null) -AND ($IPList[$i].DNSServerSearchOrder[3] -ne $null))  
      
    {  
      
    if (($IPList[$i].DNSServerSearchOrder[0] -eq $server1) -AND ($IPList[$i].DNSServerSearchOrder[1] -eq $server2) -AND ($IPList[$i].DNSServerSearchOrder[2] -eq $server3) -AND ($IPList[$i].DNSServerSearchOrder[3] -eq $server4))  
      
    {  
      
    $conformity = "Compliant"  
      
    }  
      
    else  
      
    {  
      
    $conformity = "Not Compliant"  
      
    }  
      
    }  
      
    }  
      
    catch  
      
    {  
      
    }  
      
    $i = $i + 1  
      
    if ($nicwithdnscount -ne 1)  
      
    {  
      
    $conformity = "Not Compliant"  
      
    }  
      
    }  
      
    }  
      
    else  
      
    {  
      
    try{  
      
    if ($IPList.DNSServerSearchOrder[0] -ne $null)  
      
    {  
      
    $nicwithdnscount = $nicwithdnscount + 1  
      
    }  
      
    if (($IPList.DNSServerSearchOrder[0] -ne $null) -AND ($IPList.DNSServerSearchOrder[1] -ne $null) -AND ($IPList[$i].DNSServerSearchOrder[2] -ne $null) -AND ($IPList[$i].DNSServerSearchOrder[3] -ne $null))  
      
    {  
      
    if (($IPList.DNSServerSearchOrder[0] -eq $server1) -AND ($IPList.DNSServerSearchOrder[1] -eq $server2) -AND ($IPList[$i].DNSServerSearchOrder[2] -eq $server3) -AND ($IPList[$i].DNSServerSearchOrder[3] -eq $server4))  
      
    {  
      
    $conformity = "Compliant"  
      
    }  
      
    else  
      
    {  
      
    $conformity = "Not Compliant"  
      
    }  
      
    }  
      
    }  
      
    catch  
      
    {  
      
    }  
      
    }  
      
    Return $conformity  
    

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".