RE: [ActiveDir] DC DNS Suffix does not match Domain's DNS Suffix

[Tim Foster]

Steve,   Thanks for your reply.  You are 95% correct in your understanding.  Yes, the AD name is childdomain.domain.com, and the Primary DNS suffix for DC1 and DC2 is domain.com.  No, there is not an AD domain called “domain.com”.  What we desire here now is to have a standard set up where the DCs DNS suffix DOES match the domain’s DNS suffix.  This is why I don’t understand why fixdomainsuffix.vbs didn’t work.  I as mentioned before, I am wondering if it is because we didn’t run fixdomainsuffix.vbs on the DC carrying the Operations Master roles?  Thanks for the link to KB258503 – very helpful.  As for EX1, the “Change Primary DNS Suffix When Domain Membership Changes” is checked (and too my knowledge it always was; given that it is the default).   We see two possible ways forward at the moment.  One is to transfer all roles, demote and remove the older DCs (not easy, but a point we could get to somewhere in the near future).  Another is to allow the registration of EX1.domain.com in DNS (as per the KB).  How will the disjointed namespace in the domain affect Group Policies?   Thanks for your input.   Tim     From: Steve Patrick [mailto:[EMAIL PROTECTED] Sent: Saturday, August 28, 2004 11:04 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] DC DNS Suffix does not match Domain's DNS Suffix   Hi Tim,   Allow me to summarize and see if we are on the same page :)   AD domain name: childdomain.domain.com Primary DNS suffix for DC1 and DC2:  domain.com   Out of curiousity - is there an AD domain called "domain.com"?   I assume that at some point "... a number of years ago" someone modified the dnsHostName to satisfy Kerberos SPN issues for the older DC's. You recently brought up \\DC3 and it has a  "correct" dns suffix of "childdomain.domain.com" but what you really want is the disjoint name with a suffix of "domain.com".    The reason fixdomainsuffix.vbs doesnt "work" here - is because it is meant to change the DC suffix to match the AD name- yours already does. You could try to change it via editing the tcpip\paramters values for Hostname,NV Hostname, and NV Domain to say "domain.com"  - if you do this also check out http://support.microsoft.com/default.aspx?scid=kb;EN-US;258503   As for  \\EX1 - I am not sure why the name would change to domain.com after a reboot - if you had checked "Change primary DNS suffix when domain membership changes" it should have been childdomain.domain.com. And if it was unchecked - should not change at all.   -steve   ----- Original Message ----- From: Tim Foster To: [EMAIL PROTECTED] Sent: Friday, August 27, 2004 12:16 PM Subject: [ActiveDir] DC DNS Suffix does not match Domain's DNS Suffix   Hopefully you guys can shed some light on this one.   We have an AD domain, childdomain.domain.com.  The domain controllers for childdomain.domain.com are Windows 2000 DCs and they are named (on the Network Identification tab) DC1.domain.com, and DC2.domain.com.  Therefore we have a situation where the DC’s DNS suffix does not match domains DNS suffix.  DC1 and DC2 were setup a number of years ago with this configuration.  We have now introduced a new DC, DC3 into the domain.  DC3 has a FQDN DC3.childdomain.domain.com.  We also now have an Exchange server EX1.childdomain.domain.com.  EX1 registered itself in DNS with its FQDN.  As part of initial config it was rebooted, and came back up with a name EX1.domain.com.  We don’t have control of domain.com (i.e. this part of the puzzle cannot be changed).  My questions;   How do we fix this? Why did EX1 change its FQDN on reboot (what process caused this?)?   We tried running fixdomainsuffix.vbs (KB257623) on DC2 but it didn’t work.  DC2 doesn’t hold FSMO roles and maybe this is the problem?   Thanks in advance for your help.   Tim Foster