WARNING: This provider is deprecated and will eventually be removed. Please switch to MSDNS. It is more modern and reliable. The creds.json fields changed names; otherwise it should be an uneventful upgrade.

ActiveDirectory_PS Provider

This provider updates an Microsoft Active Directory server DNS server. It interacts with AD via PowerShell commands that are generated and executed on the local machine. This means that DNSControl must be run on a Windows host. This driver automatically deactivates itself when run on non-Windows systems.

Running on Non-Windows systems

For debugging and testing on non-Windows systems, a “fake PowerShell” mode can be used, which will activate the driver and simulate PowerShell as follows:

To activate this mode, set "fakeps":"true" inside your credentials file for the provider.


The ActiveDirectory_PS provider reads an ADServer setting from creds.json to know the name of the ActiveDirectory DNS Server to update.

  "activedir": {
    "ADServer": "ny-dc01"

If you want to modify the “fake powershell” mode details, you can set them in the credentials file:

  "activedir": {
    "ADServer": "ny-dc01",
    "fakeps": "true",
    "pslog": "powershell.log",
    "psout": "commandsToRun.ps1"

An example DNS configuration:

var REG_NONE = NewRegistrar('none', 'NONE')
var ACTIVEDIRECTORY = NewDnsProvider("activedir", "ACTIVEDIRECTORY_PS");

D('example.tld', REG_NONE, DnsProvider(ACTIVEDIRECTORY),

To generate a adzonedump.ZONE.json file, run dnscontrol preview on a Windows system then copy the appropriate file to the system you’ll use in “fake powershell” mode.

The adzonedump.ZONE.json files should be UTF-16LE encoded. If you hand-craft such a file on a non-Windows system, you may need to convert it from UTF-8 to UTF-16LE using:

iconv -f UTF8  -t UTF-16LE <adzonedump.FOO.json.utf0 > adzonedump.FOO.json

If you check these files into Git, you should mark them as “binary” in .gitattributes.