If you find yourself making changes on your Microsoft DNS servers using the DNS MMC snapin you're probably wasting a lot of time.
Why? Because it's possible to create, modify or remove any DNS object that you can from the MMC with PowerShell! By using PowerShell to manage DNS allows you not only control things from the command line but to take those commands and put them into a script to automate all kinds of time-consuming tasks.
To limit this article's scope, we're going to just focus on managing DNS zones with PowerShell although it's completely possible to administer other DNS objects like records and the server itself as well.
Getting Started with DNS Zones
Before we get too far, there are a few prerequisites you need to be aware of. First, I'm assuming you have permissions to read, modify and remove DNS zones from your Windows DNS servers. Second, I'll be demonstrating a few concepts from DNS servers that are in an Active Directory domain with AD-integrated zones. PowerShell is still capable of managing zones and records outside of Active Directory but may not quite be the same result as I'll be showing you here. Finally, you'll need to ensure you have a version of the Remote Server Administration Tools (RSAT) installed on your client specific to your operating system.
Now that we have that out of the way let's start out by first ensuring the DNSServer module is available to us. To do that, I'll use the Get-Module cmdlet.
PS C:\> Get-Module DnsServer -ListAvailable
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Manifest 2.0.0.0 DnsServer {Add-DnsServerConditionalForwarderZone, Add-DnsServerDirectoryPartition, Add-DnsServerForwarder, Add-DnsServerPrimaryZone...}
Great! It looks like our module is downloaded and we have some available commands. Let's now see what commands we have to work with DNS zones.
PS C:\> Get-Command -Module DnsServer -Noun *Zone*
CommandType Name Version Source
----------- ---- ------- ------
Function Add-DnsServerConditionalForwarderZone 2.0.0.0 DnsServer
Function Add-DnsServerPrimaryZone 2.0.0.0 DnsServer
Function Add-DnsServerSecondaryZone 2.0.0.0 DnsServer
Function Add-DnsServerStubZone 2.0.0.0 DnsServer
Function Add-DnsServerZoneDelegation 2.0.0.0 DnsServer
Function Add-DnsServerZoneScope 2.0.0.0 DnsServer
Function Add-DnsServerZoneTransferPolicy 2.0.0.0 DnsServer
Function ConvertTo-DnsServerPrimaryZone 2.0.0.0 DnsServer
Function ConvertTo-DnsServerSecondaryZone 2.0.0.0 DnsServer
Function Export-DnsServerZone 2.0.0.0 DnsServer
Function Get-DnsServerDnsSecZoneSetting 2.0.0.0 DnsServer
Function Get-DnsServerGlobalNameZone 2.0.0.0 DnsServer
Function Get-DnsServerZone 2.0.0.0 DnsServer
Function Get-DnsServerZoneAging 2.0.0.0 DnsServer
Function Get-DnsServerZoneDelegation 2.0.0.0 DnsServer
Function Get-DnsServerZoneScope 2.0.0.0 DnsServer
Function Get-DnsServerZoneTransferPolicy 2.0.0.0 DnsServer
Function Invoke-DnsServerZoneSign 2.0.0.0 DnsServer
Function Invoke-DnsServerZoneUnsign 2.0.0.0 DnsServer
Function Remove-DnsServerZone 2.0.0.0 DnsServer
Function Remove-DnsServerZoneDelegation 2.0.0.0 DnsServer
Function Remove-DnsServerZoneScope 2.0.0.0 DnsServer
Function Remove-DnsServerZoneTransferPolicy 2.0.0.0 DnsServer
Function Reset-DnsServerZoneKeyMasterRole 2.0.0.0 DnsServer
Function Restore-DnsServerPrimaryZone 2.0.0.0 DnsServer
Function Restore-DnsServerSecondaryZone 2.0.0.0 DnsServer
Function Resume-DnsServerZone 2.0.0.0 DnsServer
Function Set-DnsServerConditionalForwarderZone 2.0.0.0 DnsServer
Function Set-DnsServerDnsSecZoneSetting 2.0.0.0 DnsServer
Function Set-DnsServerGlobalNameZone 2.0.0.0 DnsServer
Function Set-DnsServerPrimaryZone 2.0.0.0 DnsServer
Function Set-DnsServerSecondaryZone 2.0.0.0 DnsServer
Function Set-DnsServerStubZone 2.0.0.0 DnsServer
Function Set-DnsServerZoneAging 2.0.0.0 DnsServer
Function Set-DnsServerZoneDelegation 2.0.0.0 DnsServer
Function Set-DnsServerZoneTransferPolicy 2.0.0.0 DnsServer
Function Start-DnsServerZoneTransfer 2.0.0.0 DnsServer
Function Suspend-DnsServerZone 2.0.0.0 DnsServer
Function Sync-DnsServerZone 2.0.0.0 DnsServer
Function Test-DnsServerDnsSecZoneSetting 2.0.0.0 DnsServer
Creating a DNS Zone
First up, let's create a zone with PowerShell. To do this, we'll use the Add-DnsServerPrimaryZone function. The simplest way this can be done is by using two parameters. Those parameters are Name and ReplicationScope. However, in our example, I'll also be using the ComputerName parameter since I'm invoking this command on a remote computer.
Add-DnsServerPrimaryZone -Name testzone.mylab.local -ComputerName DC -ReplicationScope Forest
Above you can see that my domain is mylab.local and my zone name is testzone. My DNS server is DC so I'm specifying that for the ComputerName parameter and finally since this server is on my domain I have to also set the ReplicationScope so I've chosen to replicate this zone amongst all other DNS servers in my Active Directory forest.
Using Get-DnsServerZone
Next, to verify this zone was created, I can then use the Get-DnsServerZone command. I could use the Name parameter but to show you all of the zones I have I'll just tell Get-DnsServerZone to find all of them.
PS C:\> Get-DnsServerZone -ComputerName DC
ZoneName ZoneType IsAutoCreated IsDsIntegrated IsReverseLookupZone IsSigned
-------- -------- ------------- -------------- ------------------- --------
_msdcs.mylab.local Primary False True False False
0.in-addr.arpa Primary True False True False
127.in-addr.arpa Primary True False True False
255.in-addr.arpa Primary True False True False
mylab.local Primary False True False False
testzone.mylab.local Primary False True False False
TrustAnchors Primary False True False False
Removing a DNS Zone
And just to be sure we go through the entire lifecycle of a DNS zone, I'll then remove it.
PS C:\> Remove-DnsServerZone -Name testzone.mylab.local -ComputerName DC
Confirm
This will also remove all the records in the zone, and the server will no longer host the zone, do you want to continue?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): y
PS C:\> Get-DnsServerZone -ComputerName DC
ZoneName ZoneType IsAutoCreated IsDsIntegrated IsReverseLookupZone IsSigned
-------- -------- ------------- -------------- ------------------- --------
_msdcs.mylab.local Primary False True False False
0.in-addr.arpa Primary True False True False
127.in-addr.arpa Primary True False True False
255.in-addr.arpa Primary True False True False
mylab.local Primary False True False False
TrustAnchors Primary False True False False
There is so much more possible with managing DNS zones in PowerShell. I encourage you to look through all of the commands possible in Get-Command -Module DnsServer -Noun *Zone*. This command gives you a list of all of the commands inside of the DnsServer module that have 'Zone' in the name. You'll find that the command names are self-explanatory and if you need to investigate further always consult the help of each command using Get-Help.
Adam Bertram
Adam Bertram is a 25+ year IT veteran and an experienced online business professional. He’s a successful blogger, consultant, 6x Microsoft MVP, trainer, published author and freelance writer for dozens of publications. For how-to tech tutorials, catch up with Adam at adamtheautomator.com, connect on LinkedIn or follow him on X at @adbertram.