< Back
Add-DnsClientNrptRule
Post
NAME Add-DnsClientNrptRule
SYNOPSIS
Adds a rule to the NRPT.
SYNTAX
Add-DnsClientNrptRule [-Namespace] <String[]> [-CimSession <CimSession[]>] [-Comment <String>] [-DAEnable] [-DAIPsecEncryptionType { | None | Low
| Medium | High}] [-DAIPsecRequired] [-DANameServers <String[]>] [-DAProxyServerName <String>] [-DAProxyType { | NoProxy | UseDefault |
UseProxyName}] [-DisplayName <String>] [-DnsSecEnable] [-DnsSecIPsecEncryptionType { | None | Low | Medium | High}] [-DnsSecIPsecRequired]
[-DnsSecValidationRequired] [-GpoName <String>] [-IPsecTrustAuthority <String>] [-NameEncoding {Disable | Utf8WithMapping | Utf8WithoutMapping |
Punycode}] [-NameServers <String[]>] [-PassThru] [-Server <String>] [-ThrottleLimit <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The Add-DnsClientNrptRule cmdlet adds a Name Resolution Policy Table (NRPT) rule for the specified namespace.
PARAMETERS
-CimSession [<CimSession[]>]
Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession
or Get-CimSession cmdlet. The default is the current session on the local computer.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Comment [<String>]
Stores administrator notes.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DAEnable [<SwitchParameter>]
Indicates the rule state for DirectAccess.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DAIPsecEncryptionType [<String>]
Specifies the Internet Protocol security (IPsec) encryption setting for DirectAccess. The acceptable values for this parameter are:
-- None
-- Low
-- Medium
-- High
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DAIPsecRequired [<SwitchParameter>]
Indicates that IPsec is required for DirectAccess.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DANameServers [<String[]>]
Specifies an array of DNS servers to query when DirectAccess is enabled.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DAProxyServerName [<String>]
Specifies the proxy server to use when connecting to the Internet. This parameter is only applicable if the DAProxyType parameter is set to
UseProxyName.
Acceptable formats are:
-- hostname:port
-- IPv4 address:port
-- IPv6 address:port
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DAProxyType [<String>]
Specifies the proxy server type to be used when connecting to the Internet. The acceptable values for this parameter are:
-- NoProxy
-- UseDefault
-- UseProxyName
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DisplayName [<String>]
Specifies an optional friendly name for the NRPT rule.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DnsSecEnable [<SwitchParameter>]
Enables Domain Name System Security Extensions (DNSSEC) on the rule.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DnsSecIPsecEncryptionType [<String>]
Specifies the IPsec tunnel encryption settings.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DnsSecIPsecRequired [<SwitchParameter>]
Indicates the DNS client must set up an IPsec connection to the DNS server.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DnsSecValidationRequired [<SwitchParameter>]
Indicates that DNSSEC validation is required.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-GpoName [<String>]
Specifies the name of the Group Policy Object (GPO).
-- If this parameter and the Server parameter are specified, then the NRPT rule is added in the GPO of domain. The Server parameter specifies
the domain controller (DC).
-- If neither this parameter nor the Server parameter is specified, then the NRPT rule is added for local client computer.
-- If this parameter is specified and the Server parameter is not specified, then the DC of the domain specified by this parameter value is
found and NRPT rule is added to the GPO.
-- If this parameter is not specified and the Server parameter is specified, then an error is displayed.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-IPsecTrustAuthority [<String>]
Specifies the certification authority to validate the IPsec channel.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-NameEncoding [<String>]
Specifies the encoding format for host names in the DNS query. The acceptable values for this parameter are:
-- Disable
-- Utf8WithMapping
-- Utf8WithoutMapping
-- Punycode
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-NameServers [<String[]>]
Specifies the DNS servers to which the DNS query is sent when DirectAccess is disabled.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Namespace <String[]>
Specifies the DNS namespace.
Required? true
Position? 2
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-PassThru [<SwitchParameter>]
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Server [<String>]
Specifies the server hosting the GPO. This parameter is only applicable with the GpoName parameter.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-ThrottleLimit [<Int32>]
Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0
is entered, then Windows PowerShell???? calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running
on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
Microsoft.Management.Infrastructure.CimInstance#root/Microsoft/Windows/DNS/DnsClientNrptRule
The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects.
The path after the pound sign (#) provides the namespace and class name for the underlying WMI object.
OUTPUTS
Microsoft.Management.Infrastructure.CimInstance#root/Microsoft/Windows/DNS/DnsClientNrptRule
The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects.
The path after the pound sign (#) provides the namespace and class name for the underlying WMI object.
The DnsClientNrptRule object contains all of the properties of the DNS client NRPT rule.
Example 1: Add an NRPT rule to a GPO
PS C:\\>Add-DnsClientNrptRule -GpoName "TestGPO" -DANameServers "10.0.0.1" -DAIPsecRequired -DAIPsecEncryptionType "High" -DAProxyServerName
"DaServer.com:6666" -DnsSecEnable -PassThru -DAProxyType "UseProxyName" -DnsSecValidationRequired -DAEnable -IPsecTrustAuthority "RootCA" -Comment
"Sample NRPT Rule" -DisplayName "Sample" -DnsSecIPsecRequired -DnsSecIPsecEncryptionType "Medium" -NameServers "10.0.0.1" -NameEncoding "Punycode"
-Namespace "dnsnrpt.com" -Server "host1.com"
This command adds an NRPT rule in TestGPO on server host1.com for the namespace dnsnrpt.com.
Example 2: Add an NRPT rule to configure a server
PS C:\\>Add-DnsClientNrptRule -Namespace "pqr.com" -NameServers "10.0.0.1"
This command adds an NRPT rule that configures the server named 10.0.0.1 as a DNS server for the namespace pqr.com.
Example 3: Add an NRPT rule to enable DNSSEC queries
PS C:\\>Add-DnsClientNrptRule -Namespace "pqr.com" -DnsSecEnable
This command adds an NRPT rule that enables DNSSEC queries to be sent for the namespace pqr.com.
Example 4: Add an NRPT rule to enable DNSSEC queries for a specified namespace
PS C:\\>Add-DnsClientNrptRule -Namespace "pqr.com" -DnsSecEnable -NameServers "10.0.0.1"
This command adds an NRPT rule that enables DNSSEC queries to be sent to DNS server named 10.0.0.1 for the namespace pqr.com.
Example 5: Add an NRPT rule to send Punycode DNS queries
PS C:\\>Add-DnsClientNrptRule -Namespace "pqr.com" -NameEncoding "Punycode" -NameServers "10.1.1.1" -PassThru
Name : {6a78d8d1-231d-4d1e-bc23-fb593e11a53d}
Version : 2
Namespace : {pqr.com}
IPsecCARestriction :
DirectAccessDnsServers :
DirectAccessEnabled : False
DirectAccessProxyType :
DirectAccessProxyName :
DirectAccessQueryIPsecEncryption :
DirectAccessQueryIPsecRequired :
NameServers : 10.1.1.1
DnsSecEnabled : False
DnsSecQueryIPsecEncryption :
DnsSecQueryIPsecRequired :
DnsSecValidationRequired :
NameEncoding : Punycode
DisplayName :
Comment :
This command adds an NRPT rule that sends DNS queries encoded in Punycode to DNS server named 10.1.1.1 for the namespace pqr.com.
RELATED LINKS
Online Version:
Get-DnsClientNrptGlobal
Get-DnsClientNrptPolicy
Get-DnsClientNrptRule
Remove-DnsClientNrptRule
Set-DnsClientNrptGlobal
Set-DnsClientNrptRule
SYNOPSIS
Adds a rule to the NRPT.
SYNTAX
Add-DnsClientNrptRule [-Namespace] <String[]> [-CimSession <CimSession[]>] [-Comment <String>] [-DAEnable] [-DAIPsecEncryptionType { | None | Low
| Medium | High}] [-DAIPsecRequired] [-DANameServers <String[]>] [-DAProxyServerName <String>] [-DAProxyType { | NoProxy | UseDefault |
UseProxyName}] [-DisplayName <String>] [-DnsSecEnable] [-DnsSecIPsecEncryptionType { | None | Low | Medium | High}] [-DnsSecIPsecRequired]
[-DnsSecValidationRequired] [-GpoName <String>] [-IPsecTrustAuthority <String>] [-NameEncoding {Disable | Utf8WithMapping | Utf8WithoutMapping |
Punycode}] [-NameServers <String[]>] [-PassThru] [-Server <String>] [-ThrottleLimit <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The Add-DnsClientNrptRule cmdlet adds a Name Resolution Policy Table (NRPT) rule for the specified namespace.
PARAMETERS
-CimSession [<CimSession[]>]
Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession
or Get-CimSession cmdlet. The default is the current session on the local computer.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Comment [<String>]
Stores administrator notes.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DAEnable [<SwitchParameter>]
Indicates the rule state for DirectAccess.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DAIPsecEncryptionType [<String>]
Specifies the Internet Protocol security (IPsec) encryption setting for DirectAccess. The acceptable values for this parameter are:
-- None
-- Low
-- Medium
-- High
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DAIPsecRequired [<SwitchParameter>]
Indicates that IPsec is required for DirectAccess.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DANameServers [<String[]>]
Specifies an array of DNS servers to query when DirectAccess is enabled.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DAProxyServerName [<String>]
Specifies the proxy server to use when connecting to the Internet. This parameter is only applicable if the DAProxyType parameter is set to
UseProxyName.
Acceptable formats are:
-- hostname:port
-- IPv4 address:port
-- IPv6 address:port
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DAProxyType [<String>]
Specifies the proxy server type to be used when connecting to the Internet. The acceptable values for this parameter are:
-- NoProxy
-- UseDefault
-- UseProxyName
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DisplayName [<String>]
Specifies an optional friendly name for the NRPT rule.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DnsSecEnable [<SwitchParameter>]
Enables Domain Name System Security Extensions (DNSSEC) on the rule.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DnsSecIPsecEncryptionType [<String>]
Specifies the IPsec tunnel encryption settings.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DnsSecIPsecRequired [<SwitchParameter>]
Indicates the DNS client must set up an IPsec connection to the DNS server.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DnsSecValidationRequired [<SwitchParameter>]
Indicates that DNSSEC validation is required.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-GpoName [<String>]
Specifies the name of the Group Policy Object (GPO).
-- If this parameter and the Server parameter are specified, then the NRPT rule is added in the GPO of domain. The Server parameter specifies
the domain controller (DC).
-- If neither this parameter nor the Server parameter is specified, then the NRPT rule is added for local client computer.
-- If this parameter is specified and the Server parameter is not specified, then the DC of the domain specified by this parameter value is
found and NRPT rule is added to the GPO.
-- If this parameter is not specified and the Server parameter is specified, then an error is displayed.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-IPsecTrustAuthority [<String>]
Specifies the certification authority to validate the IPsec channel.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-NameEncoding [<String>]
Specifies the encoding format for host names in the DNS query. The acceptable values for this parameter are:
-- Disable
-- Utf8WithMapping
-- Utf8WithoutMapping
-- Punycode
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-NameServers [<String[]>]
Specifies the DNS servers to which the DNS query is sent when DirectAccess is disabled.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Namespace <String[]>
Specifies the DNS namespace.
Required? true
Position? 2
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-PassThru [<SwitchParameter>]
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Server [<String>]
Specifies the server hosting the GPO. This parameter is only applicable with the GpoName parameter.
Required? false
Position? named
Default value none
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-ThrottleLimit [<Int32>]
Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0
is entered, then Windows PowerShell???? calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running
on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
Microsoft.Management.Infrastructure.CimInstance#root/Microsoft/Windows/DNS/DnsClientNrptRule
The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects.
The path after the pound sign (#) provides the namespace and class name for the underlying WMI object.
OUTPUTS
Microsoft.Management.Infrastructure.CimInstance#root/Microsoft/Windows/DNS/DnsClientNrptRule
The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects.
The path after the pound sign (#) provides the namespace and class name for the underlying WMI object.
The DnsClientNrptRule object contains all of the properties of the DNS client NRPT rule.
Example 1: Add an NRPT rule to a GPO
PS C:\\>Add-DnsClientNrptRule -GpoName "TestGPO" -DANameServers "10.0.0.1" -DAIPsecRequired -DAIPsecEncryptionType "High" -DAProxyServerName
"DaServer.com:6666" -DnsSecEnable -PassThru -DAProxyType "UseProxyName" -DnsSecValidationRequired -DAEnable -IPsecTrustAuthority "RootCA" -Comment
"Sample NRPT Rule" -DisplayName "Sample" -DnsSecIPsecRequired -DnsSecIPsecEncryptionType "Medium" -NameServers "10.0.0.1" -NameEncoding "Punycode"
-Namespace "dnsnrpt.com" -Server "host1.com"
This command adds an NRPT rule in TestGPO on server host1.com for the namespace dnsnrpt.com.
Example 2: Add an NRPT rule to configure a server
PS C:\\>Add-DnsClientNrptRule -Namespace "pqr.com" -NameServers "10.0.0.1"
This command adds an NRPT rule that configures the server named 10.0.0.1 as a DNS server for the namespace pqr.com.
Example 3: Add an NRPT rule to enable DNSSEC queries
PS C:\\>Add-DnsClientNrptRule -Namespace "pqr.com" -DnsSecEnable
This command adds an NRPT rule that enables DNSSEC queries to be sent for the namespace pqr.com.
Example 4: Add an NRPT rule to enable DNSSEC queries for a specified namespace
PS C:\\>Add-DnsClientNrptRule -Namespace "pqr.com" -DnsSecEnable -NameServers "10.0.0.1"
This command adds an NRPT rule that enables DNSSEC queries to be sent to DNS server named 10.0.0.1 for the namespace pqr.com.
Example 5: Add an NRPT rule to send Punycode DNS queries
PS C:\\>Add-DnsClientNrptRule -Namespace "pqr.com" -NameEncoding "Punycode" -NameServers "10.1.1.1" -PassThru
Name : {6a78d8d1-231d-4d1e-bc23-fb593e11a53d}
Version : 2
Namespace : {pqr.com}
IPsecCARestriction :
DirectAccessDnsServers :
DirectAccessEnabled : False
DirectAccessProxyType :
DirectAccessProxyName :
DirectAccessQueryIPsecEncryption :
DirectAccessQueryIPsecRequired :
NameServers : 10.1.1.1
DnsSecEnabled : False
DnsSecQueryIPsecEncryption :
DnsSecQueryIPsecRequired :
DnsSecValidationRequired :
NameEncoding : Punycode
DisplayName :
Comment :
This command adds an NRPT rule that sends DNS queries encoded in Punycode to DNS server named 10.1.1.1 for the namespace pqr.com.
RELATED LINKS
Online Version:
Get-DnsClientNrptGlobal
Get-DnsClientNrptPolicy
Get-DnsClientNrptRule
Remove-DnsClientNrptRule
Set-DnsClientNrptGlobal
Set-DnsClientNrptRule