Microsoft AD DNS – How to force Google Safe Search

Forcing safe-search for Google is very simple, and pretty hard to turn off. Couple it together with filtering DNS queries and you’ve got yourself a pretty robust content filter.

First I’m going to show you the powershell way (run powershell as admin), then I will show you the GUI way.


add-dnsserverprimaryzone -ReplicationScope Forest -Name -Verbose
Add-DnsServerResourceRecord -DName -ZoneName -name "@" -DomainNameAlias -Verbose
Add-DnsServerResourceRecordA -IPv4Address -name "@" -ZoneName -Verbose

As you can see the powershell way is the preferred method.

Here’s how to do it the GUI way:

Open up AD DNS or just type dnsmgmt.msc in a RUN box.

Add a new primary zone, replicated to the whole forest for “”

Now go to the zone, and create a A record pointing to “”.

Now right click and create ” other new records…” we’ll select DNAME.

Now add “” as the FQDN, leave alias name blank.

Now flush your DNS and test it out!



if we try to turn safesearch off via the settings, it does not work!!!

Same result.



I also recommend setting your DNS forwarders to OpenDNS Family Shield (It’s FREE!) it blocks porn and malicious DNS queries.

Powershell command (needs to be run as admin)

Set-DnsServerForwarder -IPAddress "",""

Close and reopen DNS to make sure you got the new forwarders.












Leave a comment

Exit mobile version