Use Active Directory Domain Services to Block Website

Mitch Bartlett Comments (2)
Active Directory logo

You can block or redirect a website using settings on your firewall or router. But did you know that you can block or redirect websites using Active Directory Domain Services (DNS) as well? Just use these steps.

This tutorial assumes you have Administrator rights in your Active Directory Environment, with access to Microsoft Management Console.

Creating Forward Lookup Zone

  1. Select “Start“, type “mmc.exe“, then press “Enter“.
  2. The Microsoft Management Console appears. Select “File” > “Add/Remove Snap In…“.
  3. Add the “DNS” snap in, then select “OK
  4. Select “DNS” on the left pane. You should be prompted to “Connect to DNS Server“. Select “This computer” if you’re logged into the DNS server, or select “The following computer” and enter the domain name or IP address of the DNS server you wish to connect to. Select “OK” when you are done.
  5. Now expand the server name under DNS and right-click “Forward Lookup Zones” and select “New Zone“.
  6. The New Zone Wizard appears. Select “Next”.
  7. Select “Primary Zone“, then select “Next“.
  8. Select “To all DNS servers running on domain controllers in this domain“, then select “Next“.
  9. For the “Zone name“, type the URL for the website you wish to block (i.e. facebook.com, reddit.com, etc.), then select “Next“.
  10. Select “Do not allow dynamic updates“, then select “Next” > “Finish“. You now have set a Forward Lookup Zone that will “take over” any requests to that domain on your network.

Note: It may take time for this setting to propagate to clients. You may want to restart, or use the ipconfig /flushdns command to be sure DNS queries are not cached in any way.

 

Redirecting the URL

If you would like to redirect the URL to another URL, you can use these steps:

  1. Expand DNS and “Forward Lookup Zones” in the MMC console.
  2. Right-click on the zone you created, then choose “Other New Records…” > “Domain Alias (DNAME)” > “Create Record…“.
  3. Leave “Alias name” blank. For “Fully qualified domain name (FQDN) for target domain“, type the URL for the site you would like to redirect to, then select “OK“.

Now any time somebody tries to go to the web address you set the Forward Lookup Zone for, they will redirect to the new target domain.

Author Mitch Bartlett

Through my career that spans over 20 years I have become an expert in Microsoft Systems Administration, Android, and macOS. I started this site as a technical guide for myself and it has grown into what I hope is a useful knowledgebase for everyone.

You Might Also Like

Comments

  2. I want to prevent end users to restrict one application during 7:AM to 9:AM. This application is installed on all the end user Desktops/Laptops..

    Can I schedule this restriction?

Leave a Reply

Your email address will not be published. Required fields are marked *