Share via

Intune: changing client DNS servers with Administrative Template \Network\DNS Client\DNS servers\IP addresses

Jérémie 20 Reputation points
2024-01-09T07:43:17.6266667+00:00

Hi,

Intune question. Not an expert and I'm at a loss here. I'm in a migration phase and need to change the DNS servers from what is being pushed by DHCP to something else for a set of Windows clients.

I found this in Administrative Templates which looks great: \Network\DNS Client\DNS servers\IP addresses: (Device)

The comment says: "Defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP. To use this policy setting, click Enabled, and then enter a space-delimited list of IP addresses in the available field. To use this policy setting, you must enter at least one IP address. If you enable this policy setting, the list of DNS servers is applied to all network connections used by computers that receive this policy setting. If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied list of DNS servers, if configured." which looks like it's going to do exactly what I need. AMDX policy: DNS_NameServer

It does change the registry key it's apparently meant to (Ordinateur\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\NameServer =1.1.1.3) on the test clients but if I do an ipconfig or nslookup I'm seeing that the DNS server is unchanged.

Any idea? Clients are all fully patched Windows 11 (Business 23H2). M365 Licence is Business premium.

Thanks in advance for your help!

J.

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
Microsoft Security | Intune | Configuration
Microsoft Security | Intune | Configuration Manager | Other
Microsoft Security | Intune | Other
0 comments
Accepted answer
  1. Simon Ren-MSFT 40,346 Reputation points Microsoft External Staff
    2024-01-12T08:15:04.6866667+00:00

    Hi,

    Thanks very much for your feedback and sharing. We're glad that the issue is gone now. It's
    appreciated that you could click "Accept Answer" to the helpful reply, this will help other users
    to search for useful information more quickly. Here's a short summary for the problem.
    Problem/Symptom:
    Intune Administrative Template \Network\DNS Client\DNS servers\IP addresses does change below
    registry key on the test clients, but the DNS server is not really changed.
    (Ordinateur\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
    NT\DNSClient\NameServer =1.1.1.3)
    Solution/Workaround:
    Use below PowerShell method to change the DNS server on the clients.
    PowerShell

    Reference:
    https://askaresh.com/2023/08/24/microsoft-intune-add-additional-dns-client-servers-across-the-managed-devices/
    Thanks again for your time. Have a nice day!
    Best regards,
    Simon

    If the response is helpful, please click "Accept Answer" and upvote it. Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Simon Ren-MSFT 40,346 Reputation points Microsoft External Staff
    2024-01-10T09:09:19.5766667+00:00

    Hi,

    Thank you for posting in Microsoft Q&A forum.

    1,Have you restarted the test clients to have a try. For some scenarios, for example VMs, VMs continue to use their current DNS settings until they are restarted. Restart the VMs that are connected to the virtual network, so they are assigned the new DNS server settings.

    2,You can also try below steps in the guides. Similar issue to yours and is solved using Script method.

    Under both situations (CSP & ADMX templates), the report says the policy is applied successfully. However, there is no visible impact on the operating system’s TCP-IP properties. I am optimistic that using the Scripts method and PowerShell can achieve the same results in Intune.

    Microsoft Intune – Add additional DNS Client Servers across the managed devices

    GPO – PowerShell – Intune – Add additional DNS Client Servers across the enterprise

    Thanks for your time. Have a nice day!

    Best regards,

    Simon

    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments
  2. Jérémie 20 Reputation points
    2024-01-11T17:07:28.97+00:00

    Hi Simon,

    Yes, I've restarted the (physical) machines a bunch of times.

    From what I'm reading, it's confirming that the Administrative template just doesn't work. I don't quite get why it's there then...

    And yes, the script works. I hope it's ok if I put it here in case someone else needs it:
    https://askaresh.com/2023/08/24/microsoft-intune-add-additional-dns-client-servers-across-the-managed-devices/

    10.1.0.254 & 10.1.0.255 are the DNS servers pushed by DHCP and 1.1.1.3 & 1.0.0.3 are the DNS servers we want to use

    $inet1=Get-DnsClient  | Get-DnsClientServerAddress | where{$_.ServerAddresses -contains "10.1.0.254" -or $_.ServerAddresses -contains "10.1.0.255"}
foreach($nic in $inet1){
    Set-DnsClientServerAddress -InterfaceIndex $nic.InterfaceIndex -ServerAddresses ("1.1.1.3","1.0.0.3")
}

    Thanks

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.