Search code examples
powershellazuredsc

Azure DSC. HA Active Directory Domain Controller issue with Windows Server 2016

I'm trying to modify the official HA DC example to work with Windows Server 2016. https://github.com/Azure/azure-quickstart-templates/tree/master/active-directory-new-domain-ha-2-dc After updating xActiveDirectory module that addresses race condition on Windows Server 2016 it gives me one more error. The final script that resides in ConfigureADBDC.ps1 fails:

                Script script1
    {
        SetScript =
        {
            $dnsFwdRule = Get-DnsServerForwarder
            if ($dnsFwdRule)
            {
                Remove-DnsServerForwarder -IPAddress $dnsFwdRule.IPAddress -Force
            }
            Write-Verbose -Verbose "Removing DNS forwarding rule"
        }
        GetScript =  { @{} }
        TestScript = { $false}
        DependsOn = "[xADDomainController]BDC"

PowerShell DSC resource MSFT_ScriptResource failed to execute Set-TargetResource functionality with error message: Failed to get information for server ADBDC. When I execute Get-DnsServerForwarder I see this:

PS C:\Users\adAdministrator> Get-DnsServerForwarder
    UseRootHint        : True
    Timeout(s)         : 3
    EnableReordering   : True
    IPAddress          : 
    ReorderedIPAddress :

However after some time it changes to this:

PS C:\Users\adAdministrator> Get-DnsServerForwarder
    UseRootHint        : True
    Timeout(s)         : 3
    EnableReordering   : True
    IPAddress          : 10.0.0.4
    ReorderedIPAddress : 10.0.0.4

So, my question is. What is that DnsServerForwarder is used for? Is that even needed? How is it possible to fix this issue?

Solution

  • Well, a hackish way would be:

    SetScript = {
    do {
        $dnsFwdRule = Get-DnsServerForwarder
    } while ( $dnsFwdRule.IPAddress -eq $null )
    if( $dnsFwdRule ) {
        Remove-DnsServerForwarder -IPAddress $dnsFwdRule.IPAddress -Force
    } 
    Write-Verbose -Verbose "Removing DNS forwarding rule"
}

    note, this could lead to an infinite loop ;) you can fix that with adding something like this:

    $i = 0
do
{
    $i++
    Start-Sleep 10
    $dnsFwdRule = Get-DnsServerForwarder
}
while ($i -lt 10 -and $dnsFwdRule.IPAddress -eq $null)

    as for the first question:

    The Get-DnsServerForwarder cmdlet gets configuration settings on a DNS server. A forwarder is a Domain Name System (DNS) server on a network that is used to forward DNS queries for external DNS names to DNS servers outside that network.