Set DNS servers via GPO Server 2012 R2

We are currently in the migration process of Windows Server 2003 Single Label DNS domain to Windows Server 2012 R2 domain. We are also migrating our Windows XP clients to Windows 7.  After successful migration of computer and server objects we had to transfer our DNS  Group policy object which we used to set our primary and secondary DNS servers.

Unfortunately this policy was valid only for Windows XP and Windows Server 2003 machines and it was located at:

Computer Configuration | Administrative Templates | Network |DNS Client | DNS Servers

dns servers

 

As you can see in the picture above, this setting is supported on Windows XP Professional only so it won’t work with Windows 7 or Windows Server 2008 and newer clients. Have in mind that Microsoft recommends using DHCP for setting up DNS servers, but since this option is not fully applicable in our environment we had to find another way to achieve this.

We have tried to set DNS servers using our .bat script syntax:

set address [name=]InterfaceName [source=]{dhcp | static [addr=]IPAddress [mask=]SubnetMask [gateway=]{none | DefaultGateway [[gwmetric=]GatewayMetric]}}

Unfortunately that didn’t work either so we’ve found another way to do this. Here’s the script that is working with Windows 7, Windows 8 and 8.1, Windows Server 2008/R2 and Windows Server 2012 R2.

@echo off
set dnsserver=192.168.1.1
set dnsserver2=192.168.1.2
for /f "tokens=1,2,3*" %%i in ('netsh interface show interface') do (
 if %%i EQU Enabled (
 rem echo change "%%l" : %dnsserver%
 netsh interface ipv4 set dnsserver name="%%l" static %dnsserver% both
 netsh interface ipv4 add dnsserver name="%%l" %dnsserver2% index=2
 )
)

You should change bold values with your DNS server addresses.

You should save this script as a .bat file and create a new Group Policy Object.

Define GPO to start this script at:

Computer configuration | Policies | Windows Settings | Scripts | Startup

dns servers

dns servers

There you go. Your clients should now receive DNS servers via Group policy.

In this way you are also able to define WINS server. Here’s another example of the script that includes WINS server.

@echo off
set dnsserver=192.168.1.1
set dnsserver2=192.168.1.2
set winsserver=192.168.1.3
for /f "tokens=1,2,3*" %%i in ('netsh interface show interface') do (
 if %%i EQU Enabled (
 rem echo change "%%l" : %dnsserver%
 netsh interface ipv4 set dnsserver name="%%l" static %dnsserver% both
 netsh interface ipv4 add dnsserver name="%%l" %dnsserver2% index=2
 netsh interface ipv4 set winsserver name="%%l" static %winsserver%
)
)

Feel free to leave your comments below.

You may also like...

26 Responses

  1. Leo says:

    Great. Thanks. How to modify the script if more than two dns?

  2. Nikolinjo says:

    We havent’ tried it, but you can try to add additional DNS servers like this:

    @echo off
    set dnsserver=192.168.1.1
    set dnsserver2=192.168.1.2
    set dnsserver3=192.168.1.3
    for /f “tokens=1,2,3*” %%i in (‘netsh interface show interface’) do (
    if %%i EQU Enabled (
    rem echo change “%%l” : %dnsserver%
    netsh interface ipv4 set dnsserver name=”%%l” static %dnsserver% both
    netsh interface ipv4 add dnsserver name=”%%l” %dnsserver2% index=2
    netsh interface ipv4 add dnsserver name=”%%l” %dnsserver3% index=3
    )
    )

    With index value you specify the position of the added DNS server in the list of DNS servers for the interface.
    Please let me know if it worked for you.
    Regards.

  3. Leo says:

    Thanks a lot, I will try later

  4. Leo says:

    It worked. But I got a pop-up message “The configured DNS server is incorrect or does not exist.” How to get rid of it?

  5. Nikolinjo says:

    Can you please provide a screenshot.
    All DNS servers that you have specified are configured and online?

  6. Leo says:

    Forget about the pop-up message. However, the login script can only work for those who has admin right account. Any other way this can be fixed?

  7. Nikolinjo says:

    If you deploy it via Group Policy it will run normally under user permissions.

  8. Mtedross says:

    How to modify the script to apply it to just one interface. Basically applying script to 1st interface, which in most cases in the wired connection, and exclude the wireless interface, which always comes after the wired interface.

  9. NS says:

    Hi nikolinjo,

    We have deployed this DNS script to put the DNS servers, however now we need to remove them but unable to run the removal script. What changes i need to do in the script to remove then DNS ?

  10. Nikolinjo says:

    Hi NS,

    have you tried to remove the script from GPO containter and navigating to:
    Computer Configuration | Administrative Templates | Network | DNS Client | DNS Servers

    Set this setting to Disabled and see if it helps.

    Regards,
    Nik

  11. NS says:

    Thanks Niko but this setting will not work since it only supports Windows XP.
    Do you have any other suggestion, if there is any script ?

  12. Rob says:

    Nikolinjo, this looks like exactly what I need. I’m migrating users from domain1 to domain2 (in phases), and have already migrated all IP space from domain1 to domain2’s DHCP (which are different). Now, within the same DHCP scope, I have domain2 FQDN along with domain1 FQDN clients. I can’t use 2012’s DHCP policy, since checking the condition of FQDN doesn’t allow any option changes (i.e. applying DNS settings for each domain). I’m going to try this (via GPO) to apply changes based on the FQDN suffix. Fingers crossed!

  13. Dean says:

    Hi Nikolinjo,

    I’ve put in my parameters for this script, but it’s failing to run. When I try to run the batch file via command prompt, I get the error: “1 was unexpected at this time.”

    Any ideas? I really need this working. Thanks!

    • Nik says:

      Can you post script changes you have made. You can fake ip addresses.

      • Dean says:

        @echo off
        set dnsserver=xxx.xxx.xxx.xx
        set dnsserver2=xxx.xxx.xxx.xx
        set dnsserver3=xxx.xxx.xx.xx
        for /f “tokens=1,2,3*” %%i in (‘netsh interface show interface’) do (
        if %%i EQU Enabled (
        rem echo change “%%l” : %dnsserver%
        netsh interface ipv4 set dnsserver name=”%%l” static %dnsserver% both
        netsh interface ipv4 add dnsserver name=”%%l” %dnsserver2% index=2
        netsh interface ipv4 add dnsserver name=”%%l” %dnsserver3% index=3
        )
        )

        I think I may have found the issue. From some reason, notepad can paste different double quotes. Some are straight the others are curved. That’s the only difference I could see.

        Also, it tells me I need to run under elevated permissions. I need this to apply to users who won’t have local admin rights on any given workstation. Will the script still run via GPO?

  14. Nik says:

    It’s a startup script, so it is under Computer Configuration.
    Please read the article again:
    Computer Configuration | Administrative Templates | Network |DNS Client | DNS Servers

  15. Israel R. says:

    Hi Nik. I have the same problem, the GPO does not apply to clients with W7 applies only copying the file locally and running as administrator. Any idea??
    Thank you

  16. Nik says:

    Can you run gpresult /R on one of the Win7 machines to see if the policy has actually been applied?

  17. Nikica says:

    Hmm, then you did something wrong 🙁 I can’t help you if I don’t see the policy in place. 🙁

  18. Muhammed says:

    I have applied same setting and it is not working. Please advise

  19. Muhammed says:

    I figured out and its working now. I want to set it back to DHCP when user shutdown the computer, could you please suggest what changes need to done in this script for this.

Leave a Reply

Your email address will not be published. Required fields are marked *

1 × 4 =