Solved

Resoving Hostnames across multiple domains to IP via Group Policy

Posted on 2010-08-25
14
406 Views
Last Modified: 2012-05-10
I’ve set up a group policy that distributes a DNS Suffix Search List including the domain names (domain1, domain2) that I wish to resolve by hostname only.
 
I’ve done that in Group Policy:      

Computer Configuration\Administrative Templates\Networking\DNS Client.

However from a standard network PC I still cannot resolve hostnames to IP that are in Domain 2.  
I’m relatively new to group policy is there something obvious I’m missing?
0
Comment
Question by:DHPBilcare
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
14 Comments
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 333 total points
ID: 33519351

First step would be to verify the hosts in question actually have the suffix search list you're applying. "ipconfig /all" should show it?

Chris
0
 
LVL 3

Expert Comment

by:slappa1
ID: 33519352
where have you assigned the group policy too?  it needs to be applied to the computers OU not the users ou.  you can use gpresult /h to find out if the policy is applying.
0
 
LVL 6

Expert Comment

by:CorpComp
ID: 33519361
First thing to do would be to take a PC and set the DNS Suffix Search list manually, and see if that works.

If it does, you need to troubleshoot the group policy, or the application or group policy.

If it doesn't, you need to resolve a DNS problem.
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 167 total points
ID: 33519407
Which policy you modified and where you linked it? This is computer policy, so it should be linked to computers OU. Run RSoP.msc on one PC and check if this policy is applied. If not, reboot PC and check once again.
0
 

Author Comment

by:DHPBilcare
ID: 33519475
I manually entered the DNS suffix search list on a client and it then worked fine.  Although when I then removed the entries and restarted it still worked??  Ipconfig /all then showed both domains in the search list which wasnt there previously despite the group policy.  Other PC's are still not picking up the Group Policy.  

I've entered the group policy under the Default Group Policy of my domain,
0
 

Author Comment

by:DHPBilcare
ID: 33519522
How do I link this policy to computers OU?
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 333 total points
ID: 33519597

If you mean the default Computers container you cannot link policies there. However, if you've set it in the Default Domain Policy you really don't need to.

I suggest you head to one of the PCs and run:

rsop.msc

That will open the Resultant Set of Policy tool, expand the tree and see if you can see the policy. Also check out any errors it raises (right click on Computer Configuration, open Properties and check Error Information).

Otherwise you will need to check the Event Viewer for any errors associated with group policy application.

Chris
0
 

Author Comment

by:DHPBilcare
ID: 33519692
Thanks for that.

I went to one of the PC's, run rsop.msc, expanded the tree to the group policy in question.  There was an egg timer for a minute or so.  All appeared correct so I opened the command prompt to test and it worked??  

Will I have to do this for all the PC's in question?  Or is the new group policy simply taking a while to filter around the network.  We have a couple of hundred PC's.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 33519799

No, not at all. How long ago did you set the list? The change won't apply immediately.

Chris
0
 

Author Comment

by:DHPBilcare
ID: 33519832
I applied the change yesterday, late afternoon.  

Will this take a day or two to propogate to the whole network?  I dont fancy running around 240 pc's if I can help it.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 33519849

No it should be in by now. Check a few more and see if they see the policy change?

Chris
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 33543022
@ Chris
Why isn't the intended result covered in DNS? I thought DNS resolved the FQDN to an IP address?.. and you can set up a trust or zone transfers to provide resolution to clients that the server is not actually authoritative for.

Maybe I am missing something, but it appears DNS already has the desired effect the author is wishing for. So, I was wondering if you are reinventing the wheel.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 33543078

DNS does resolve the FQDN, but we're talking about resolution of a Hostname only, which must be converted into an FQDN using the DNS Suffix Search List prior to submission to the DNS server.

Otherwise you need GlobalNames, and that's 2008+ only.

Chris
0
 

Author Closing Comment

by:DHPBilcare
ID: 33605760
Not obvous why but the policy is coming through. It does seem that for a few computers it doesnt take first time.  Thanks for the comments.  
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question