There are a lot of moving parts you need to keep track of when moving DNS servers. What do you do when you’re finished? You need to confirm that everything still works correctly! Recently, I did just that and documented how I tested Office 365, Azure Active Directory (Azure AD), Microsoft Intune and Skype after moving Enhansoft’s DNS servers. Obviously, there are a lot more items you need to test, but those are the ones I am focusing on in this post.
Moving DNS Servers
Managing Domain Name System (DNS) servers isn’t that complicated once everything is setup properly. The problem is when you move them and then need to re-confirm that every application is pointed to the right domain name. There isn’t a one-stop guide to tell you how to test everything, so I decided to document the steps I took to confirm that all Microsoft Office products, Skype, Azure AD and Microsoft Intune worked properly.
Select your domain.
After selecting the domain, you see a report about your DNS records. In the screenshot above, I blurred out the information about Enhansoft’s two DNS servers, but you can clearly tell that there are problems. I’m fairly certain that these issues are caused by the caching of the old and new DNS servers, so I’ll check this page again later.
Ideally, you want to see a green checkmark next to all of your records. In case you see a similar report (as the one in the screenshot above) you first need to wait until the new DNS server is listed. Once it is listed, you can then expand each item in order to reveal the exact issue with the records.
Fortunately, after I reviewed this page 12 hours later, everything appeared good with the DNS records. By the way, I know that Microsoft Office 365 is showing a false positive message above, so I opened a support case and informed Microsoft that there’s an issue.
Later on while I was testing Microsoft Intune, I found this great Microsoft Docs page about all of the DNS records needed for Office 365.
I wasn’t able to find a lot of information online about how to test Skype after moving DNS servers. After digging deep, however, I eventually found this article: https://admin1a.online.lync.com/lscp/OrganizationSettings/General.aspx?language=en-US&tenantID=1b531bd2-0df3-4ecc-b542-83858690ebbd
That post then lead me to this page about Microsoft’s Support and Recovery Assistant tool: https://testconnectivity.microsoft.com/?tabid=o365
Select the Office 365 Lync Domain Name Server (DNS) Connectivity Test and click Next.
Enter in the captcha code and click Verify. Then click on Perform Test.
A few seconds later, the test results are displayed. You can see that all of Enhansoft’s DNS settings are correctly setup for Skype/Lync.
Unfortunately, I couldn’t find anything online to help me test/confirm that Azure AD was working properly after moving DNS servers, so here’s what I did.
By the way, when I moved Enhansoft’s DNS servers, I could have sworn that I also needed to update Azure AD. However, in order to validate ownership of the domain name (in this case Enhansoft.com) I needed, at a bare minimum, a TXT record. If this record existed, I couldn’t find it, so I required another method to validate that Azure AD was setup correctly.
What did I do? I started on the Azure AD Connect page. There I saw that the last Sync Status data was less than an hour old. That was good news because it meant that things were working correctly.
Next, I clicked on the Troubleshoot link in order to open the help topics. Unfortunately, the help topics weren’t helpful.
Then, I clicked on the Azure AD Connect Health link in the screenshot (two above). That link opened the Quick start page, which again wasn’t helpful.
Next, I clicked on the Sync errors node, but although it looked promising, there was no data available.
In the end, I decided that since I don’t really use Azure AD and can’t confirm that it is 100% healthy (but I can’t see any “real” errors either) I will assume that everything is fine for now.
I have a couple of Microsoft Intune labs; one for stand-alone Intune and one for Intune integrated with SCCM. It turns out that after moving the DNS servers, neither were pointed to Enhansoft.com.
While I was trying to confirm that Intune was setup correctly, I found this great Microsoft Docs page about Office 365 and DNS. Here you can also find all of the DNS records you need for Microsoft Intune and Mobile Device Management.
In this example, I used my stand-alone Intune lab to demonstrate how you can confirm that Intune is setup correctly.
Start by logging on to https://portal.azure.com. It might be hard to see, but I pinned Intune to the favorites bar. In case you’re curious about how you can do this too, see my blog post, 3 Tips for Customizing the Azure Portal Home Page.
It took me a while to find the DNS settings information because it was hiding. After expanding Device enrollment and then Windows enrollment, I finally saw CNAME Validation. Why was it hiding here? That’s anyone’s guess. Ideally the DNS settings information should reside under Tenant states or Troubleshooting.
Click on CNAME Validation. This action expands the pane to the right. Enter your domain name and click Test.
If everything is setup properly a green check mark appears. If not, a red exclamation mark is displayed.
With that last test, my DNS server testing is complete for Office 365, Skype, Azure AD and Microsoft Intune. If you have any questions about testing these Microsoft applications after moving DNS servers, please feel free to contact me @GarthMJ.