Update DNS Server setting on Multiple Servers with powershell

Had to update the DNS server settings on a few servers (80+).
Because I had a mix 23/28/28r2/12 servers decided wmi was the path forward + powershell.

issues with when doing contains, until I performed a convert to string [String]

Stumped by the String setting for a little while was trying .tostring()

Script in 3 parts:

1. check all the servers to see if hard code to old DC
2. Update the DHCP server options on all authorised DHCP servers
3. Purge any scope with setting for old DC to use the server option

Btw: some servers dont reply correctly to WMI so... prepared to check manually (and maybe fix wmi)

#StartHere :)
$OUName= 'OU=Servers,DC=KoolKids'
$TheComputers = Get-ADComputer -filter * -searchbase $OUName
$results = @()

Foreach ($server in $TheComputers) {
if(Test-Connection $server.name -Count 1 -quiet){
            $NICs = Get-WMIObject Win32_NetworkAdapterConfiguration -computername $server.name| where{$_.IPEnabled -eq “TRUE”} 
                Foreach($NIC in $NICs) {
                $FTW=$NIC.DNSServerSearchOrder
                $FTW =[String]$FTW
               # write-host $FTW
                If ($FTW.contains("10.10.3.1")) {
                                       $results += New-Object PSObject -Property @{
                                       Server = $server.name
                                       DNS = $FTW
                                          }
                            #update the DNS Server for this NIC
                            $DNSServers = "172.18.0.10","172.18.0.11"
                            $NIC.SetDNSServerSearchOrder($DNSServers)
                    }
                }
        }
    }
#set the default server scope options to correct setting
 foreach ($dhcpserver in Get-DhcpServerInDC){
 if(Test-Connection $dhcpserver.DNSName  -Count 1 -Quiet){
            #Remarked out so that all active DHCP servers get updated!
            #If ($FTW.contains("10.10.3.1")) { 
             $FixScope=[System.Net.Dns]::GetHostAddresses($dhcpserver.DNSName).IPAddressToString, "172.18.0.10", "172.18.0.11"
             Set-DhcpServerv4OptionValue -ComputerName $dhcpserver.DNSName -OptionId 6 -Value $FixScope
            #}
        }
 }

 #clear out the scope options
 # WARNING SERVER OPTIONS MUST HAVE a SETTING OR BAD THINGS HAPPEN
  foreach ($dhcpserver in Get-DhcpServerInDC){
             foreach ($TheScope in (Get-dhcpserverv4scope -computername $dhcpserver.DnsName)){
                     $target=$null
                     $Target=Get-DhcpServerv4OptionValue -ComputerName $dhcpserver.DNSName -OptionId 6 -ScopeId $TheScope.ScopeId -ErrorAction SilentlyContinue
                     $Target=[String]$target.Value
                      If ($Target.contains("10.10.3.1")) {
                      Remove-DhcpServerv4OptionValue -ComputerName $dhcpserver.DNSName -OptionId 6 -ScopeId $TheScope.ScopeId 
                      }
        }
 }

Troubleshooting Server unable to look up internal FDQN "result too large", unable to RDP to server, but can browse and read eventlogs

 nslookup internaldomain.local

 Troubleshooting Server unable to look up internal FDQN "result too large", unable to RDP to server, but can browse and read eventlogs

Quick answer: port exhaustion, kb out there to fix this stuff.

nslookup

 internalserver.internaldomain.local can't find internaldomain.local: unspecified error

1. clear dns servers

2. added dns servers in Core Data centre

3. tried different dns servers in nslookup

3a. tried local dns server

4. modified host file with internal.local to server

fail

Check firewall (disable)

netsh advfirewall set allprofiles state off

result:

ok

Check Group Policy

Gpupdate /force

result:

Updating Policy...User Policy update has completed successfully.Computer policy could not be updated successfully. The following errors were encountered:The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

check time

w32tm /query /peers

more nslookup

set debug

internaldomain.local

result

-------------

truncated answer

connect failed: result too large

-------------

check server's services

net stop dnscache

net start dnscache

net stop workstation

net start netlogon

Check Ports!

netstat -a -n

problem located - port exhaustion !!! 10000's of time_wait

----Hotfix Time---- (with bonus hotfix)

Windows6.1-KB2553549-v3-x64

Windows6.1-KB2264080-x64

there is a better rollup available(windows6.1-kb2775511-x64) but my server is not SP1. 

enjoy.

Trusted Domain Authentication issues

Intermittently we had servers that were unable to authenticate to the secondary domain - noobs
It seem that when the PDC2 was restarted the problem was fixed. I believe the servers switched to back to using PDC1 or another DC and were happy.

The trust was verified, etc but I think this was done on PDC1, started to annoy me... so had a look around.

On PDC1 there is a noobs.domainname secondary zone

On PDC2 Primary DNS is itself Secondary DNS being PDC1

On pdc2  was unable to resolve noobs.domainname
ping noobs.domainname
Ping request could not find host noobs.domainname

nltest /SC_Verify:noobs.domainname
Flags: 80Trusted DC NameTrusted DC Connection Status Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
Trust Verification Status = 1311 0x51f
ERROR_NO_LOGON_SERVERS


[FIX] On Pdc2 Added a conditional forwarder for  noobs.domainname  to pdc1

nltest /SC_Verify:noobs.domainname
Flags: b0 HAS_IP  HAS_TIMESERV
Trusted DC Name \\ExternalPDC.noobs.domainname
Trusted DC Connection Status Status = 0 0x0 NERR_
SuccessTrust Verification Status = 0 0x0 NERR_Success