Script to Change Permissions on DNS Records

Seth Roberts 31 Reputation points
2021-04-13T15:48:49.07+00:00

I've found myself in a situation where some computers in our environment are not able to update their records in DNS when their IP address changes. This is primarily due to DHCP servers creating the record on their behalf when the DHCP server issues or renews leases. Needless to say, PowerShell isn't my strength. I need to find a way to add an ACL for the computer object to have modify rights of its DNS record. Scripting this seems like the fastest and most reliable way to accomplish this. I would very much appreciate any help the PowerShell experts can provide.
Best,
Seth

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
925 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
4,618 questions
No comments
1 vote

Accepted answer
  1. Ian Xue (Shanghai Wicresoft Co., Ltd.) 18,351 Reputation points Microsoft Employee
    2021-04-14T07:57:47.297+00:00

    Hi,

    Please see if this works for you. Set $ComputerNames to your actual computer names.

    $ComputerNames = "computer1","computer2","computer3"  
    foreach($ComputerName in $ComputerNames){  
        $DNSServer = (Get-ADDomain).PDCEmulator   
        $ZoneNames = Get-DnsServerZone -ComputerName $DNSServer  
        $DNSRecord = foreach($ZoneName in $ZoneNames ){  
            Get-DnsServerResourceRecord -ComputerName $DNSServer -ZoneName $ZoneName.ZoneName | Where-Object {$_.hostname -eq $ComputerName}  
        }  
        $ADcomputer = Get-ADComputer -Identity $ComputerName  
        $SID = New-Object System.Security.Principal.SecurityIdentifier $ADcomputer.SID.Value  
        Push-Location -Path AD:\  
        $ACL = Get-Acl -Path $DNSRecord.DistinguishedName  
        $ACE = New-Object System.DirectoryServices.ActiveDirectoryAccessRule $SID, "GenericAll", "Allow"  
        $ACL.AddAccessRule($ACE)  
        $ACL | Set-Acl -Path $DNSRecord.DistinguishedName  
        Pop-Location  
    }  
    

    Best Regards,
    Ian Xue

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


1 additional answer

Sort by: Most helpful
  1. Mohamed SAKHO 96 Reputation points
    2021-10-11T14:42:15.4+00:00

    Hello,

    Thank you very much!This helped me IMMENSELY!
    But I just want to know if it's possible to log it. and show me the record that not exist.
    Thank you by advance

    No comments