SD

Techie peeps,

I've a problem that I wonder if you can help with. We had a Windows NT/2000 Domain where we set the Primary DNS suffix using a system policy. I've upgraded some servers to Windows Server 2003, then moved them out of that Domain and into our 2003 Active Directory.

The problem is that after moving them into AD the old DNS suffix is still resident and even by applying a group policy to the machines of Primary DNS Suffix [disabled] and DNS Suffix Search Order [disabled] it won't go away. So if the old DNS suffix is aaa.bbb.com and the new AD DNS suffix is xxx.yyy.com then the new machine remains

name.aaa.bbb.com

and the DNS suffix search order is

aaa.bbb.com
xxx.yyy.com

On the freshly built (rather than upgraded) 2003 Servers the machine is:

name.xxx.yyy.com

and the DNS suffix search order is

xxx.yyy.com
yyy.com

Any idea how to resolve this issue? What can I do?

TIA

Simon.

David_Wallis

what domain are they a member of?

Right click on my computer, properties, computername, change, more and then it will have primary dns suffix for this computer, this is normally set with domain membership.

If not have a look at the DHCP scope.

Also check the policy is working with GPResult or similar.

David

SD

Just found the problem. Deleted the old policy entries from the registry [HKLM\Software\policies\microsoft\system\dnsclient] and rebooted and it works. Basically the AD DNS Client policy settings go elsewhere in the registry but these were taking precidence to no matter what group policy we applied to try and counter it it didn't work.

Thanks,

Simon.

GaryScoobNCBR

Just to add, the reason for this is because NT "tattoos" the registry ie places the settings permantly in the registry.

Where as 2000/2003 removes it once the policy is removed.