Apologize for delay in response and for any inconvenience caused.
Yes, you are correct that when you create a Private Endpoint, it creates a NIC as read-only and it cannot be attached to Private Endpoint.
By following the below steps, you can identify the NIC of secondary resources.
- Identify the secondary resource.
- Locate the private endpoint associated with that resource.
- Use Azure CLI or PowerShell to list the NICs and their IP addresses.
For example, using Azure CLI:-
az network private-endpoint list --resource-group <ResourceGroupName> --query "[].{Name:name, NicId:nic.id, IpAddress:ipAddress}"
And then, update your Private DNS Zone with the correct IP address. Once you have the IP address, you can update the Private DNS Zone with the new A record pointing to the NIC IP address.
For more additional information, please refer the below links.
cross-tenant-secure-access-private-endpoints.
I hope this helps and addressed your query. Please let us know if the issue is resolved or still persist. We will be glad to assist you closely.
Thanks!