Set DNS servers via GPO Server 2012 R2
We are currently in the migration process of Windows Server 2003 Single Label DNS domain to Windows Server 2012 R2 domain. We are also migrating our Windows XP clients to Windows 7. After successful migration of computer and server objects we had to transfer our DNS Group policy object which we used to set our primary and secondary DNS servers.
Unfortunately this policy was valid only for Windows XP and Windows Server 2003 machines and it was located at:
Computer Configuration | Administrative Templates | Network |DNS Client | DNS Servers
As you can see in the picture above, this setting is supported on Windows XP Professional only so it won’t work with Windows 7 or Windows Server 2008 and newer clients. Have in mind that Microsoft recommends using DHCP for setting up DNS servers, but since this option is not fully applicable in our environment we had to find another way to achieve this.
We have tried to set DNS servers using our .bat script syntax:
set address [name=]InterfaceName [source=]{dhcp | static [addr=]IPAddress [mask=]SubnetMask [gateway=]{none | DefaultGateway [[gwmetric=]GatewayMetric]}}
Unfortunately that didn’t work either so we’ve found another way to do this. Here’s the script that is working with Windows 7, Windows 8 and 8.1, Windows Server 2008/R2 and Windows Server 2012 R2.
@echo off
set dnsserver=192.168.1.1
set dnsserver2=192.168.1.2
for /f "tokens=1,2,3*" %%i in ('netsh interface show interface') do (
if %%i EQU Enabled (
rem echo change "%%l" : %dnsserver%
netsh interface ipv4 set dnsserver name="%%l" static %dnsserver% both
netsh interface ipv4 add dnsserver name="%%l" %dnsserver2% index=2
)
)
You should change bold values with your DNS server addresses.
You should save this script as a .bat file and create a new Group Policy Object.
Define GPO to start this script at:
Computer configuration | Policies | Windows Settings | Scripts | Startup
There you go. Your clients should now receive DNS servers via Group policy.
In this way you are also able to define WINS server. Here’s another example of the script that includes WINS server.
@echo off
set dnsserver=192.168.1.1
set dnsserver2=192.168.1.2
set winsserver=192.168.1.3
for /f "tokens=1,2,3*" %%i in ('netsh interface show interface') do (
if %%i EQU Enabled (
rem echo change "%%l" : %dnsserver%
netsh interface ipv4 set dnsserver name="%%l" static %dnsserver% both
netsh interface ipv4 add dnsserver name="%%l" %dnsserver2% index=2
netsh interface ipv4 set winsserver name="%%l" static %winsserver%
)
)
Feel free to leave your comments below.
Edit:
If you have the need to use 2 DNS and 2 WINS servers, our reader GILBERT has posted a modified script to achieve this:
@echo off set dnsserver=192.168.1.1 set dnsserver2=192.168.1.2 set winsserver=192.168.1.3 set winsserver2=192.168.1.4 for /f “tokens=1,2,3*” %%i in (‘netsh interface show interface’) do ( if %%i EQU Enabled ( rem echo change “%%l” : %dnsserver% netsh interface ipv4 set dnsserver name=”%%l” static %dnsserver% both netsh interface ipv4 add dnsserver name=”%%l” %dnsserver2% index=2 netsh interface ipv4 set winsserver name=”%%l” static %winsserver% netsh interface ipv4 add winsserver name=”%%l” %winsserver2% index=2 ) )
Great. Thanks. How to modify the script if more than two dns?
We havent’ tried it, but you can try to add additional DNS servers like this:
@echo off
set dnsserver=192.168.1.1
set dnsserver2=192.168.1.2
set dnsserver3=192.168.1.3
for /f “tokens=1,2,3*” %%i in (‘netsh interface show interface’) do (
if %%i EQU Enabled (
rem echo change “%%l” : %dnsserver%
netsh interface ipv4 set dnsserver name=”%%l” static %dnsserver% both
netsh interface ipv4 add dnsserver name=”%%l” %dnsserver2% index=2
netsh interface ipv4 add dnsserver name=”%%l” %dnsserver3% index=3
)
)
With index value you specify the position of the added DNS server in the list of DNS servers for the interface.
Please let me know if it worked for you.
Regards.
Thanks a lot, I will try later
It worked. But I got a pop-up message “The configured DNS server is incorrect or does not exist.” How to get rid of it?
Can you please provide a screenshot.
All DNS servers that you have specified are configured and online?
Forget about the pop-up message. However, the login script can only work for those who has admin right account. Any other way this can be fixed?
If you deploy it via Group Policy it will run normally under user permissions.
How to modify the script to apply it to just one interface. Basically applying script to 1st interface, which in most cases in the wired connection, and exclude the wireless interface, which always comes after the wired interface.
This script applies changes only to one interface.
It is applying the settings to all available interfaces. all the wireless network cards on all the laptops of the organization get both corporate DNS IPs.
Any update to this script to only apply to the “Ethernet” LAN only? As listed above, it’s applies to everything with is not ideal.
Hi nikolinjo,
We have deployed this DNS script to put the DNS servers, however now we need to remove them but unable to run the removal script. What changes i need to do in the script to remove then DNS ?
Hi NS,
have you tried to remove the script from GPO containter and navigating to:
Computer Configuration | Administrative Templates | Network | DNS Client | DNS Servers
Set this setting to Disabled and see if it helps.
Regards,
Nik
Thanks Niko but this setting will not work since it only supports Windows XP.
Do you have any other suggestion, if there is any script ?
Nikolinjo, this looks like exactly what I need. I’m migrating users from domain1 to domain2 (in phases), and have already migrated all IP space from domain1 to domain2’s DHCP (which are different). Now, within the same DHCP scope, I have domain2 FQDN along with domain1 FQDN clients. I can’t use 2012’s DHCP policy, since checking the condition of FQDN doesn’t allow any option changes (i.e. applying DNS settings for each domain). I’m going to try this (via GPO) to apply changes based on the FQDN suffix. Fingers crossed!
Hi Nikolinjo,
I’ve put in my parameters for this script, but it’s failing to run. When I try to run the batch file via command prompt, I get the error: “1 was unexpected at this time.”
Any ideas? I really need this working. Thanks!
Can you post script changes you have made. You can fake ip addresses.
@echo off
set dnsserver=xxx.xxx.xxx.xx
set dnsserver2=xxx.xxx.xxx.xx
set dnsserver3=xxx.xxx.xx.xx
for /f “tokens=1,2,3*” %%i in (‘netsh interface show interface’) do (
if %%i EQU Enabled (
rem echo change “%%l” : %dnsserver%
netsh interface ipv4 set dnsserver name=”%%l” static %dnsserver% both
netsh interface ipv4 add dnsserver name=”%%l” %dnsserver2% index=2
netsh interface ipv4 add dnsserver name=”%%l” %dnsserver3% index=3
)
)
I think I may have found the issue. From some reason, notepad can paste different double quotes. Some are straight the others are curved. That’s the only difference I could see.
Also, it tells me I need to run under elevated permissions. I need this to apply to users who won’t have local admin rights on any given workstation. Will the script still run via GPO?
Yes, when you run the script via GPO it will run with user permissions.
Should it run under User Configuration or Computer Configuration?
It’s a startup script, so it is under Computer Configuration.
Please read the article again:
Computer Configuration | Administrative Templates | Network |DNS Client | DNS Servers
Hi Nik. I have the same problem, the GPO does not apply to clients with W7 applies only copying the file locally and running as administrator. Any idea??
Thank you
Can you run gpresult /R on one of the Win7 machines to see if the policy has actually been applied?
Yes, the policy has been applied, but not add dns’s.
Hmm, then you did something wrong 🙁 I can’t help you if I don’t see the policy in place. 🙁
I have applied same setting and it is not working. Please advise
I figured out and its working now. I want to set it back to DHCP when user shutdown the computer, could you please suggest what changes need to done in this script for this.
Hi. thanks for the information.
I ran the bat in windows Server 2012 R2 and Windows 10 and worked fine but not on Windows 7.
for windows 7 we created a new bat as shown below and ras as administrator.
wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder (“10.10.10.1”, “10.10.10.2”, “192.168.10.1”)
That works for us without modify anything to Windows 7.
Thanks for your help, I do appreciate it.
Blessings.
the script in the article doesn’t work as a Startup Script. I can run it locally, but that’s not helpful.
My bad. It works fine if you set a network startup delay and ‘wait for network’ at startup. New domain, didn’t already have those in place. Works great.
Hey, don’t know if anyone is still checking this. This script was helpful! However, several of the machines I’m trying to run it on have more than one ethernet adapter built into their motherboard, and which one we use is different depending on the machine. This script always seems to run on the first one, rather than the one that is active. I’m trying to add to the script to have it at least run on the first two ethernet adapters it finds, which should handle every use case I need it for. Any advice?
Hey Alex,
can you try to add this syntax for other adapters:
netsh interface set interface name=”interface name” ipv4 set dnsserver name=”%%l” static %dnsserver% both
Nik,
Thanks for the post. It has got me going in the right direction. I am trying to use the second version of the script with the WINS server, but we have two WINS servers. How do I update the second script to account for the second WINS server?
Hey Gilbert, can’t you use:
netsh interface ipv4 add winsserver name=”%%l” static %winsserver%
Hi Nik,
I tried that but was getting an error until I realized that somehow the quotes were changed to curly quotes and it prevented it from working. I also had to add the second DNS server as another variable at the beginning. I also used a slightly different command but it is working. Here is what it looks like:
@echo off
set dnsserver=192.168.1.1
set dnsserver2=192.168.1.2
set winsserver=192.168.1.3
set winsserver2=192.168.1.4
for /f “tokens=1,2,3*” %%i in (‘netsh interface show interface’) do (
if %%i EQU Enabled (
rem echo change “%%l” : %dnsserver%
netsh interface ipv4 set dnsserver name=”%%l” static %dnsserver% both
netsh interface ipv4 add dnsserver name=”%%l” %dnsserver2% index=2
netsh interface ipv4 set winsserver name=”%%l” static %winsserver%
netsh interface ipv4 add winsserver name=”%%l” %winsserver2% index=2
)
)
Thanks again for the post!
Thanks for sharing the script!
Regards, Nik
Dear Nik,
In my system there are already two DNS servers, now I want to add 2 (or more) new IP DNS servers. how do i update the script to add new ip server dns, please help me, thanks a lot Nik
I have roughly 6 dns servers for 3 sites. I would like to assign all DNS servers to all servers, but have the primary and secondary be the ones at the local site.
Is there a way to use group policy to assign DNS addresses in a particular order based on the site?
Hi Paul,
not that I know of, sorry.
doesn’t work for me
no error in batch file
same ip …
try this too the same :
netsh int ipv4 set dns name=”%%l” static %DNS1% primary validate=no
netsh int ipv4 add dns name=”%%l” %DNS2% index=2 validate=no
I like the script and the feedback. If I wanted to remove WINS can it be done in the same script ? Going to start testing the script by tomorrow I hope.
Haven’t tried it but it should work with the following command:
netsh interface ipv4 delete winsserver name=”%%l” static %winsserver%
Please let us know the outcome.
I have not tried the WINS part yet .. And rookie question. I have put the ip’s in I want to assign and saved the script as a bat file .. Tried to run as admin and within a admin command prompt window and no luck .. In command prompt window just say 1 unexpected at this time and nothing. Been a long time since I have tried to do this. I put the script into notepad and saved as a bat file ? Any help would be cool. this is not a powershell correct ?
Correct, save it as a .bat, but make sure that you have unchecked the “hide extensions for known file types” option. Otherwise, you’ll save the file in the .bat.txt file format.
I really appreciate you getting back so fast .. 🙂 And feeling like its Monday. I read the one guy who had the same error and mentioned the quotes issue .. So I installed notepad++ to use instead since it has a specific save as .bat and some other stuff .. So I cut and pasted it into that and saved again and got the same issue .. I’m using the one you added the third dns server to as we have three we want to change .. And if you mean the hide extensions in windows explorer I toggle it and see the .bat disappear and come back with no .txt added .. This is the one I cut and paste .. Just changing the IP to match what we want
@echo off
set dnsserver=192.168.1.1
set dnsserver2=192.168.1.2
set dnsserver3=192.168.1.3
for /f “tokens=1,2,3*” %%i in (‘netsh interface show interface’) do (
if %%i EQU Enabled (
rem echo change “%%l” : %dnsserver%
netsh interface ipv4 set dnsserver name=”%%l” static %dnsserver% both
netsh interface ipv4 add dnsserver name=”%%l” %dnsserver2% index=2
netsh interface ipv4 add dnsserver name=”%%l” %dnsserver3% index=3
)
)
and side note .. Running it local on a 2016 server should work correct ?
Next side note .. yay .. lol .. I went through the script and refreshed all the “.s … And it works now .. 🙂 so not sure what the cut and paste does but I had to fix my quotes like the other guy … So will try the remove WINS in a bit .. THANKS!! Boss will like progress ..
K’m glad it’s working. BTW, if it’s working without issues I will update this article.
Thanks and have a nice weekend 🙂
Only things I had were the first echo command gave an error like there is some hidden ascii that effects that .. And first try at wins deleting did not work. Says parameter is incorrect. Think I have the right ” in that command .. I just added it at the end of the script if it should work there ? There other stuff still works.
Well, for using with windows in another language you shuld change
” if %%i EQU Enabled ”
instead of Enabled you should place the translation for the windows language, for example, Enabled in spanish is Habilitado, this will make it work
@echo off
chcp 861>nul
For russian example:) Change your codepage and script ask you in William Shakespeare language!!!
Sorry got out on other things for a while .. thanks for the information again .. My echo looks just like the script metioned ..
@echo off
set dnsserver=x.x.x.x
that’s what gave me the error .. And I found a article to confirm I was setting up the GPO right and that article says I need to not only put my bat file in a certain location (have done that) but also says I need to add logon.bat ? Is that true .. I will probably test without to start.
https://www.websense.com/content/support/library/web/v78/logon_agent/la_configure_scripts.aspx
I mean logonapp.exe
Hi, I also recommend using powerhsell. This will allow you to change an old DNS server for a new one.
$inet1=Get-DnsClient | Get-DnsClientServerAddress | where{$_.ServerAddresses -contains “192.168.0.245” -or $_.ServerAddresses -contains “192.168.0.207”}
foreach($nic in $inet1){
Set-DnsClientServerAddress -InterfaceIndex $nic.InterfaceIndex -ServerAddresses (“192.168.0.245″,”192.168.0.114”)
}
## then just create a GPO to call this powerhsell.ps1 file script as an immediate Schedule tasks , and this will make the changes.
I used this method for Windows10 computers:
https://itdungeon.blogspot.com/2021/11/update-dns-static-servers-in-your-local.html