Those scripts sure go through a lot of unnecessary work!
#
# DISCOVERY
#
$MandatoryDNSServers = "x.x.x.x","y.y.y.y","1.1.1.1","2.2.2.2"
# Get all all IPEnabled NICs on local machine
[array]$IPLists = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName .
ForEach ($IPList in $IPLists){
$res = [PSCustomObject]@{
Description = $IPList.Description
Index = $IPList.Index
Conformity = "Not Compliant"
}
if ( $IPList.DNSServerSearchOrder.Count -gt 0){ # if the DNSDerverSearchOrder is populated
if ($MandatoryDNSServers.Count -gt $IPList.DNSServerSearchOrder.Count -OR # and the number of mandatory servers is greater than the number of DNS servers on this NIC
$null -eq $IPList.DNSServerSearchOrder[0]){ # or the first DNS server is empty
return $res # return "Not Compliant"
}
}
else{
$AllGood = $true
$dnsservers = $IPList.DNSServerSearchOrder # get the list of DNS servers from the NIC
for ($i=0; $i -le $MandatoryDNSServers.GetUpperBound(0); $i++){
if ($MandatoryDNSServers[$i] -ne $dnsservers[$i]){ # compare 2 lists by postion (with $MandatoryDNSServers controlling the loop)
$AllGood = $false
break # stop loop if a no-match is found
}
}
if ($AllGood){
$res.Conformity = "Compliant"
}
return $res
}
}
The remediation can take the output of the discovery script and set the search order like this:
#
# REMEDIATION
#
# Takes the Interface Index as a parameter
param(
[int]$Index
)
$MandatoryDNSServers = "x.x.x.x","y.y.y.y","1.1.1.1","2.2.2.2"
Set-DnsClientServerAddress -ServerAddresses $MandatoryDNSServers -InterfaceIndex $Index
I'm not familiar with SCCM, so if you have to run the discovery followed by remediation to correct non-compliant NICs then in the remediation part don't return the PSCustomObject. Just use it set the DNS servers if the "Conformity" property is ""Not Compliant" and take the Interface Index from the "Index" property.