Need a Script for updating DNS Host record

Satapathy, Aryasourav 1 Reputation point

We require a script which will update the DNS Host A Record (DNS hosted in On-Prem) using a service account remotely via azure PowerShell runbook.

We have a service account that has access only to onprem DNS records only. It can't login to DC servers where DNS is hosted. So we need to run a script from Azure runbook to update the DNS record remotely. How we can establish the connection using the service account sothat we can perform the task.

We already created a git hub query. Below is the link for it

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
607 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,879 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Shashi Shailaj 7,581 Reputation points Microsoft Employee

    @Satapathy, Aryasourav ,
    Apologies for the delayed response . Rather than directly trying to run a script from runbook , I would suggest to first check the same from on-premise running the script directly from any server while doing a non-interactive login using the service account credentials. If it runs directly then it should run from the runbook as well as long as the account is synced

    In your case you would need to provide the on-premise service account, rights to modify the DNS records. From what you have mentioned it seems that you only seem to have read rights on the DNS server. Service account cannot have ability to modify the DNS records if you do not provide the modify rights to the same.

    You can go to the DNS zone and provide the following permissions to the Service account on the DNS zone on any server. If you do not have rights to DNS server you would need to contact someone in your internal IT to get it done for your service account .


    If it requires granular filtering then you would need to go to Advanced mode and find out which specific permissions you would like to grant as per the security controls applied in your environment . Go to Advanced setting in the DNS zone properties and you can add the specific rights for your service account as required. Another way to get the service account the same rights to update and create a DNS record would be to get your service account added to DNSadmins group if your Active Directory security team approve the same.

    Once you have done that you can write a simple script to update the DNS record using the DNS cmdlets Set-DnsServerResourceRecord , Add-DnsServerResourceRecord etc. I am not sure of your specific requirements however I think with some tinkering you can use the cmdlets and others listed in the DNSServer section and build a script as per your requirement .

    Once that is done then you can setup a machine in your local on-premise environment and install the log analytics agent and deploy a hybrid runbook worker through azure automation. Please check the linked articles and this will help you with the same. In case the information in the post is helpful , please do accept the answer. If you have any other queries , do let us know.

    Thank you.

    0 comments No comments