Recently in doing a migration project to Exchange Online Protection (for a large number of domains) it was necessary on a regular basis to make changes to DNS records, and part of that is validating that the records were changed to the expected and correct values.

Therefore I created a PowerShell script (Validate-ExoDnsRecords.ps1) to assist with this. The script will check the following items for a domain that you specify:

  • That a valid Exchange Online protection MX record exists for the domain, with a preference of 0
  • That a valid CNAME exists for autodiscover.outlook.com
  • That a valid SPF record exists with an include for ‘include:spf.protection.outlook.com’, or that there is an SPF redirect
  • That valid selector1 and selector2 records exist for DKIM with a validly formatted CNAME name host.

A complete list of the Microsoft 365 DNS pre-requisite configuration is available: https://docs.microsoft.com/en-us/microsoft-365/enterprise/external-domain-name-system-records?view=o365-worldwide

Sample usage

Below is an example using it against this domain, and as you can see I now have a todo to fix my DKIM records!

.\Validate-ExoDnsRecords.ps1 -Domain itdevlab.au

By Andrew

Leave a Reply

Your email address will not be published. Required fields are marked *