Script to Change Permissions on DNS Records

Question

Script to Change Permissions on DNS Records

SethRoberts-0739 31

I've found myself in a situation where some computers in our environment are not able to update their records in DNS when their IP address changes. This is primarily due to DHCP servers creating the record on their behalf when the DHCP server issues or renews leases. Needless to say, PowerShell isn't my strength. I need to find a way to add an ACL for the computer object to have modify rights of its DNS record. Scripting this seems like the fastest and most reliable way to accomplish this. I would very much appreciate any help the PowerShell experts can provide.
Best,
Seth

Accepted answer

1 additional answer

Your answer

Answer 1

Anonymous

Hi，

Please see if this works for you. Set $ComputerNames to your actual computer names.

$ComputerNames = "computer1","computer2","computer3"  
foreach($ComputerName in $ComputerNames){  
    $DNSServer = (Get-ADDomain).PDCEmulator   
    $ZoneNames = Get-DnsServerZone -ComputerName $DNSServer  
    $DNSRecord = foreach($ZoneName in $ZoneNames ){  
        Get-DnsServerResourceRecord -ComputerName $DNSServer -ZoneName $ZoneName.ZoneName | Where-Object {$_.hostname -eq $ComputerName}  
    }  
    $ADcomputer = Get-ADComputer -Identity $ComputerName  
    $SID = New-Object System.Security.Principal.SecurityIdentifier $ADcomputer.SID.Value  
    Push-Location -Path AD:\  
    $ACL = Get-Acl -Path $DNSRecord.DistinguishedName  
    $ACE = New-Object System.DirectoryServices.ActiveDirectoryAccessRule $SID, "GenericAll", "Allow"  
    $ACL.AddAccessRule($ACE)  
    $ACL | Set-Acl -Path $DNSRecord.DistinguishedName  
    Pop-Location  
}

Best Regards,
Ian Xue

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

SethRoberts-0739 31 Reputation points

2021-04-14T18:42:29.173+00:00

Thank you so much for your help! I tested it and it works well. The only thing I made a change to was the variable for computer names to $ComputerNames = get-content -path c:\temp\computers.txt

Thanks again for your time and expertise!
Seth
Linden, Jonas 0 Reputation points

2023-05-10T08:01:29.84+00:00

I know this an old post, but is it possible to change the permission on the zone not on the objects in the zone. I want to enable specific users to be able to create DNS records in a specific zone.
Henry 0 Reputation points

2024-04-26T16:17:34.8033333+00:00

Get-Acl -Path $DNSRecord.DistinguishedName is not returning aything

Answer 2

Mohamed SAKHO 126

Hello,

Thank you very much!This helped me IMMENSELY!
But I just want to know if it's possible to log it. and show me the record that not exist.
Thank you by advance

Share via

Script to Change Permissions on DNS Records

1 additional answer

Your answer