PowerShell: Add Office365 Records on DNS Servers

Make Changes to Internal DNS

A. Delete Old CNAMES and MX Records

Sample commands from a desktop client:

H:\>nslookup
Default Server: dc01.subdomain.com
Address: 1.1.1.1

> set type=SRV
> _autodiscover._tcp.kimconnect.com
Server: dc01.subdomain.kimconnect.com
Address: 1.1.1.1

_autodiscover._tcp.kimconnect.com SRV service location:
priority = 0
weight = 0
port = 443
svr hostname = mail.kimconnect.com

> _sip._tcp.kimconnect.com
Server: dc01.subdomain.kimconnect.com
Address: 1.1.1.1

_sip._tcp.kimconnect.com SRV service location:
priority = 10
weight = 10
port = 5060
svr hostname = expc01.subdomain.kimconnect.com
expc01.subdomain.kimconnect.com internet address = 2.2.2.2
> _lyncdiscover
Server: dc01.subdomain.kimconnect.com
Address: 1.1.1.1

*** dc01.subdomain.kimconnect.com can't find _lyncdiscover: Non-existent domain

From the output above, it’s recommended to remove those legacy records and update them with CNAMES and SRVs as provided in section (C)

  • Remove _autodiscover record of subdomain.kimconnect.com as this legacy Exchange record is not required for Office 365
  • Remove _sip of subdomain.kimconnect.com (currently pointing to expc01.subdomain.kimconnect.com.)
  • Remove _lyncdiscover of subdomain.kimconnect.com. to point to lyncdiscover.ct950.com.

Here’s a script to perform these updates server-side

# return all SRV record data.
$domain='kimconnect.com'

# Show all SRV records of specified domain
Get-WmiObject MicrosoftDNS_srvtype -ns root\microsoftdns -filter "containername='$domain'"-computer $pdc | select TextRepresentation,RecordData

# Clean records in preparation for re-adds
$srvsToRemove='_autodiscover._tcp','_sip._tcp','_sip._udp','_sip._tls','_sipfederationtls._tcp'
$srvsToRemove | %{Remove-DnsServerResourceRecord -ZoneName $domain -RRType "Srv" -Name $_ -computername $pdc -Force}
# Remove-DnsServerResourceRecord -ZoneName $domain -RRType "Srv" -Name $test -computername $pdc -Force

# Re-create SRV records with recommended values
$test='test._tcp'
$sipTls='_sip._tls'
$sipFederationTcp='_sipfederationtls._tcp'
# Add-DnsServerResourceRecord -Srv -Name $test -ZoneName $domain -DomainName "sipserver1.contoso.com" -Priority 0 -Weight 0 -Port 5060 –computername $pdc
Add-DnsServerResourceRecord -Srv -Name $sipTls -ZoneName $domain -DomainName "sipdir.online.lync.com" -Priority 1 -Weight 100 -Port 443 –computername $pdc
Add-DnsServerResourceRecord -Srv -Name $sipFederationTcp -ZoneName $domain -DomainName "sipfed.online.lync.com" -Priority 1 -Weight 100 -Port 5061 –computername $pdc

# Verify the newly created records
Resolve-DnsName -Name "$sipTls`.$domain" -Type SRV
Resolve-DnsName -Name "$sipFederationTcp`.$domain" -Type SRV

# Refresh DNS Cache
dnscmd $pdc /clearcache

B. Add New CNAMES

# Set Variables
$autodiscover="autodiscover.outlook.com"
$calendar="outlook.office365.com"
$email="email.office365.com"
$enterpriseregistration="enterpriseregistration.windows.net"
$enterpriseenrollment="enterpriseenrollment.manage.microsoft.com"
$imap="outlook.office365.com"
$lyncdiscover="webdir.online.lync.com"
$mail="outlook.office365.com"
$pop="outlook.office365.com"
$sip="sipdir.online.lync.com"
$smtp="smtp.office365.com"

$pdc = (Get-ADDomainController -Discover -Service PrimaryDC).HostName
$forwardZones=(Get-DNSServerZone |?{$_.IsReverseLookupZone -eq $False}).ZoneName

$forwardZones | % {
Add-DnsServerResourceRecordCName -computername $pdc -Name "autodiscover" -HostNameAlias $autodiscover -ZoneName $_
Add-DnsServerResourceRecordCName -computername $pdc -Name "sip" -HostNameAlias $sip -ZoneName $_
Add-DnsServerResourceRecordCName -computername $pdc -Name "lyncdiscover" -HostNameAlias $lyncdiscover -ZoneName $_
Add-DnsServerResourceRecordCName -computername $pdc -Name "enterpriseregistration" -HostNameAlias $enterpriseregistration -ZoneName $_
Add-DnsServerResourceRecordCName -computername $pdc -Name "enterpriseenrollment" -HostNameAlias $enterpriseenrollment -ZoneName $_
Add-DnsServerResourceRecordCName -computername $pdc -Name "imap" -HostNameAlias $imap -ZoneName $_
Add-DnsServerResourceRecordCName -computername $pdc -Name "mail" -HostNameAlias $mail -ZoneName $_
Add-DnsServerResourceRecordCName -computername $pdc -Name "pop" -HostNameAlias $pop -ZoneName $_
Add-DnsServerResourceRecordCName -computername $pdc -Name "smtp" -HostNameAlias $smtp -ZoneName $_
Add-DnsServerResourceRecordCName -computername $pdc -Name "calendar" -HostNameAlias $calendar -ZoneName $_
Add-DnsServerResourceRecordCName -computername $pdc -Name "email" -HostNameAlias $email -ZoneName $_
}

C. Add MX and Other Records at External DNS at the Registrar

$autodiscover="autodiscover.outlook.com"
$calendar="outlook.office365.com"
$email="email.office365.com"
$enterpriseregistration="enterpriseregistration.windows.net"
$enterpriseenrollment="enterpriseenrollment.manage.microsoft.com"
$imap="outlook.office365.com"
$lyncdiscover="webdir.online.lync.com"
$mail="outlook.office365.com"
$pop="outlook.office365.com"
$sip="sipdir.online.lync.com"
$smtp="smtp.office365.com"
$intranetPublicIP={Public IP HERE}

MX: <MX-prefix>.mail.protection.outlook.com  (Obtain MX-prefix from: https://admin.microsoft.com/AdminPortal/Home#/Domains)
TXT: @ v=spf1 include:spf.protection.outlook.com -all
v=spf1 ip4:$intranetPublicIP include:spf.protection.outlook.com ~all
SRV: _sip._tls.@ 100 1 443 sipdir.online.lync.com
SRV: _sipfederationtls._tcp.@ 100 1 5061 sipfed.online.lync.com
Configure Exchange Online to Accept Relays from Certain Vendors
Click Dimensions:

66.240.227.4 66.240.227.9 66.240.227.18 66.240.227.21 --------------- 66.240.227.0/27 63.143.57.132 63.143.57.137 63.143.57.146 63.143.57.149 --------------- 63.143.57.128/27 135.84.216.160 135.84.216.224 --------------- 135.84.216.128/25 135.84.217.32 135.84.217.96 --------------- 135.84.217.0/25
AutoTasks:

customerdomain.com. 18000 IN TXT "v=spf1 include:aem.autotask.net ~all" 185.217.59.0/24 8.34.161.0/24 8.224.10.0/24 213.212.96.64/27 118.186.64.32/28

Leave a Reply

Your email address will not be published. Required fields are marked *