Create DNS records for Office 365 using PowerShell

October 11, 2017 blog

Create DNS records for Office 365 using PowerShell

If you are using Microsoft DNS for Office 365 DNS records, you can create the required records easily with PowerShell.

Creating DNS records

The script below creates all DNS records required to enable Office 365 services. You should run the script on the DNS server.

Note! The script below is only an example, you should always modify it for your purposes. Especially the MX and SPF records are crucial for mail routing to function properly.

# Name of the domain 
$domain="mydomain.com"

# Create a new forward zone for the domain
Add-DnsServerPrimaryZone -name $domain -zonefile "$domain.dns"

# Create a Sender Policy Framework (SPF) record:
Add-DnsServerResourceRecord -zonename $domain -descriptivetext "v=spf1 include:spf.protection.outlook.com -all" -txt -name "@" -TimeToLive 3600

# Build a correct mail server name, store it to a variable, and create an MX record:
$mailExchange=$domain.Replace(".","-")+".mail.protection.outlook.com" 
Add-DnsServerResourceRecord -zonename $domain -MX -MailExchange $mailExchange -Name "@" -TimeToLive 3600 -Preference 0

# Create a SRV record for Skype for Business directory 
Add-DnsServerResourceRecord -zonename $domain -name "_sip._tls"  -TimeToLive 3600 -srv -DomainName "sipdir.online.lync.com" -Priority 100 -Weight 1 -port 443

# Create a SRV record for Skype for Business federation
Add-DnsServerResourceRecord -zonename $domain -name "_sipfederationtls._tcp" -TimeToLive 3600 -srv -DomainName "sipfed.online.lync.com" -Priority 100 -Weight 1 -port 5061

# Create a CNAME record for Outlook autodiscover:
Add-DnsServerResourceRecord -ZoneName $domain -TimeToLive 3600 -CName "autodiscover" -HostNameAlias "autodiscover.outlook.com"

# Create a CNAME record for Skype for Business autodiscover:
Add-DnsServerResourceRecord -ZoneName $domain -TimeToLive 3600 -CName "lyncdiscover" -HostNameAlias "webdir.online.lync.com"

# Create a CNAME record for Skype for Business SIP:
Add-DnsServerResourceRecord -ZoneName $domain -TimeToLive 3600 -CName "sip" -HostNameAlias "sipdir.online.lync.com"

# Create a CNAME record for client configuration:
Add-DnsServerResourceRecord -ZoneName $domain -TimeToLive 3600 -CName "msoid" -HostNameAlias "clientconfig.microsoftonline-p.net"

# Create a CNAME record for Mobile Device Managementin (MDM) registration:
Add-DnsServerResourceRecord -ZoneName $domain -TimeToLive 3600 -CName "enterpriseregistration" -HostNameAlias "enterpriseregistration.windows.net"

# create a CNAME record for Mobile Device Managementin (MDM) enrollment:
Add-DnsServerResourceRecord -ZoneName $domain -TimeToLive 3600 -CName "enterpriseenrollment" -HostNameAlias "enterpriseenrollment.manage.microsoft.com"

Dr Syynimaa works as Principal Identity Security Researcher at Microsoft Security Research.
Before his security researcher career, Dr Syynimaa worked as a CIO, consultant, trainer, and university lecturer for over 20 years. He is a regular speaker in scientific and professional conferences related to Microsoft 365 and Entra ID (Azure AD) security.

Before joining Microsoft, Dr Syynimaa was Microsoft MVP in security category and Microsoft Most Valuable Security Researcher (MVR).