Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 649
  • Last Modified:

Setting DNS via group policy

I am working on a project for a small business.  They have Windows Server 2003 and 6 or 7 clients hooked to it.  Currently there is a group policy that sets the clients dns servers to the windows 2003 server.  I am doing some upgrades to their network and the ip of the server is changing.  I turned off the group policy setting that sets the dns server so now it grabs whatever the router says the ip for dns is.  I know this because when I do an ipconfig /all I see the dns ip for the isp.  However, when I do an nslookup for a domain it shows that it is still trying to use the old ip for the windows server as the dns.  I've tried flushing the dns, running group policy update etc and nothing seems to work.  How do I get rid of this group policy setting on the local computer level?
0
BofADev
Asked:
BofADev
  • 7
  • 6
1 Solution
 
Rob WilliamsCommented:
Is your router running DHCP? It should really be running on the server, turned off on the router, and the server handing out IP configurations including the DNS server within DHCP.
Is this the case ?
0
 
BofADevAuthor Commented:
No right now the router is handing out ip since there are some computers that are not a memeber of the domain.  
0
 
Rob WilliamsCommented:
The computers do not need to be members of the domain to obtain DHCP addressing from the server. Having the server manage DHCP gives you much better control.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Rob WilliamsCommented:
ps- Having the server manage DHCP also helps with local DNS registration of older Windows clients, in addition there are far more scope options.
0
 
BofADevAuthor Commented:
I still don't think this would solve the problem because when the computers are trying to resolve anything including internal computers on the network they are trying to do it via the old ip of the server.  I need someway to manually override what the group policy previously set for the computer.  When I go into tcp/ip settings there is no dns configured.  When I do ipconfig /all the correct dns is configured.  However, when I do a nslookup it is using the ip for the wrong dns server that doesn't exist.
0
 
BofADevAuthor Commented:
What is your opinion?
0
 
Rob WilliamsCommented:
>>" When I go into tcp/ip settings there is no dns configured. "
Therefore it will receive that information from Group policy, which you have disabled, or the DHCP server, the router. If GP is disabled, change the configuration on the routers DHCP configuration to hand out only your internal DNS server's IP.
The old DNS server that no longer exists may be still there if Group Policy has not refreshed. At a command line on the workstation run:
Win XP:
gpupdate /force
Win 2000:
secedit  /refreshpolicy machine_policy  

followed by:
ipconfig /release
ipconfig /renew
ipconfig /flushdns
0
 
BofADevAuthor Commented:
No dice.  I think the problem is before I realized the dns was being set in the group policy I modified the network and the computers can't resolve the domain anymore.  No when I run gpupdate even though it says it was successful I don't think it is getting the most recent version from the server that shows dns not configured.

ipconfig /all shows the ip address for the new server for dns
nslookup domainname shows we are still trying to use the old ip address.
0
 
Rob WilliamsCommented:
Maybe there is still a group policy being applied. Try using group policy results wizard in the group policy management console on the server, or gpresult on the workstation, to try to narrow down what if any group policies are still being applied
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/gpresult.mspx?mfr=true 
0
 
BofADevAuthor Commented:
Ok I figured out how to get rid of the old group policy that was still being applied.  First I created a local user on the computer and put it in the local admin group.  The I logged into the computer and removed it from the domain.  After restarting the computer I logged in again as the local admin account and did the following

gpupdate /force
ipconfig /release
ipconfig /renew
ipconfig /flushdns

I then did a nslookup on cnn.com and saw that I was going to the correct dns server!

Last step was re-adding it to the domain and restarting.  
0
 
Rob WilliamsCommented:
Interesting. A typical user cannot change TCP/IP configurations, however group policy is applied by the system account before logon completes. I wonder why you needed to be an admin. However, good to hear you were able to resolve.
--Rob
0
 
BofADevAuthor Commented:
I probably didnt' need to be admin but I wanted to make sure that I had an account that could log into the machine as admin incase once I re-established the domain connection it didn't map the user to their prior Documents and Settings folder.
0
 
Rob WilliamsCommented:
Thanks for updating. Glad it is resolved.
Cheers !
--Rob
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now