Modify DNS logging settings via GPO

Home Forums Microsoft Networking and Management Services GPO Modify DNS logging settings via GPO

This topic contains 5 replies, has 2 voices, and was last updated by  JDMils 1 year, 3 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts

  • JDMils
    Member
    #167192

    I’ve been asked to write a domain-wide GPO to do the following:

    * Create a folder called “C:DNSLogs”.
    * Share the folder “C:DNSLogs” as “DNSLogs”.
    * Modify the DNS server Debug logging so that the log file path points to “C:dnslogsDNSLogs.log”.
    * Restart DNS for the changes to take effect.

    From what I can see, the easiest method to do this is to create a GPO which runs a PowerShell script on each domain controller to do the above. Is this the only solution?


    Ossian
    Moderator
    #191797

    The first two should be possible using Group Policy Preferences, but I think PowerShell for the last two:
    https://technet.microsoft.com/en-us/itpro/powershell/windows/dnsserver/set-dnsserverdiagnostics
    https://technet.microsoft.com/en-us/library/ee176942.aspx


    JDMils
    Member
    #251028

    I think I worked it out with your help, on how to use just the GPOs GPPs. This is what I think will work:

    * Create a folder called “C:DNSLogs”.

    [ATTACH=JSON]{“data-align”:”none”,”data-size”:”full”,”data-attachmentid”:513139}[/ATTACH]

    * Share the folder “C:DNSLogs” as “DNSLogs”.

    [ATTACH=JSON]{“data-align”:”none”,”data-size”:”full”,”data-attachmentid”:513140}[/ATTACH]
    * Modify the DNS server Debug logging so that the log file path points to “C:dnslogsDNSLogs.log”.

    [ATTACH=JSON]{“data-align”:”none”,”data-size”:”full”,”data-attachmentid”:513141}[/ATTACH]
    * Restart DNS for the changes to take effect.

    [ATTACH=JSON]{“data-align”:”none”,”data-size”:”full”,”data-attachmentid”:513138}[/ATTACH]
    What do you think?

    The only issue I have is that the GPP will restart the DNS service on the domain controllers every 5 minutes and this seems superfluous.


    JDMils
    Member
    #251029

    Looks like restarting the DNS service on all domain controllers every 5 minutes is killing DNS across the domain. Is there a way to only restart the DNS service when the DNS folder is created earlier in the GPO? It seems that each GPP preference is a separate entity and thus you cannot link them in this way?


    Ossian
    Moderator
    #191799

    It is all a “one off” so why don’t you move the last two steps into a startup script?


    JDMils
    Member
    #251030

    Yep, you’re right- I’ll move them into a PowerShell script! Thanks.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.