Our Mac Loepard users are unable to change their Mobile AD passwords over the VPN. I had our network guys look at the firewall and Macs were trying to reach an outside IP on port 389 instead of our private IP space. I have the private ip listed as preferred domain controller in directory utility/active directory. Our AD domain name is owned by someone else and I think the Macs are trying to go to that external IP instead of internal. Why would they still use external dns for resolution even though once connected to vpn, they get assigned dns, wins, ip, etc. ? Can I fix this by modifying a config file? Maybe host file?