Solved

Resoving Hostnames across multiple domains to IP via Group Policy

Posted on 2010-08-25
14
391 Views
Last Modified: 2012-05-10
I’ve set up a group policy that distributes a DNS Suffix Search List including the domain names (domain1, domain2) that I wish to resolve by hostname only.
 
I’ve done that in Group Policy:      

Computer Configuration\Administrative Templates\Networking\DNS Client.

However from a standard network PC I still cannot resolve hostnames to IP that are in Domain 2.  
I’m relatively new to group policy is there something obvious I’m missing?
0
Comment
Question by:DHPBilcare
14 Comments
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 333 total points
ID: 33519351

First step would be to verify the hosts in question actually have the suffix search list you're applying. "ipconfig /all" should show it?

Chris
0
 
LVL 3

Expert Comment

by:slappa1
ID: 33519352
where have you assigned the group policy too?  it needs to be applied to the computers OU not the users ou.  you can use gpresult /h to find out if the policy is applying.
0
 
LVL 6

Expert Comment

by:CorpComp
ID: 33519361
First thing to do would be to take a PC and set the DNS Suffix Search list manually, and see if that works.

If it does, you need to troubleshoot the group policy, or the application or group policy.

If it doesn't, you need to resolve a DNS problem.
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 167 total points
ID: 33519407
Which policy you modified and where you linked it? This is computer policy, so it should be linked to computers OU. Run RSoP.msc on one PC and check if this policy is applied. If not, reboot PC and check once again.
0
 

Author Comment

by:DHPBilcare
ID: 33519475
I manually entered the DNS suffix search list on a client and it then worked fine.  Although when I then removed the entries and restarted it still worked??  Ipconfig /all then showed both domains in the search list which wasnt there previously despite the group policy.  Other PC's are still not picking up the Group Policy.  

I've entered the group policy under the Default Group Policy of my domain,
0
 

Author Comment

by:DHPBilcare
ID: 33519522
How do I link this policy to computers OU?
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 333 total points
ID: 33519597

If you mean the default Computers container you cannot link policies there. However, if you've set it in the Default Domain Policy you really don't need to.

I suggest you head to one of the PCs and run:

rsop.msc

That will open the Resultant Set of Policy tool, expand the tree and see if you can see the policy. Also check out any errors it raises (right click on Computer Configuration, open Properties and check Error Information).

Otherwise you will need to check the Event Viewer for any errors associated with group policy application.

Chris
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:DHPBilcare
ID: 33519692
Thanks for that.

I went to one of the PC's, run rsop.msc, expanded the tree to the group policy in question.  There was an egg timer for a minute or so.  All appeared correct so I opened the command prompt to test and it worked??  

Will I have to do this for all the PC's in question?  Or is the new group policy simply taking a while to filter around the network.  We have a couple of hundred PC's.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 33519799

No, not at all. How long ago did you set the list? The change won't apply immediately.

Chris
0
 

Author Comment

by:DHPBilcare
ID: 33519832
I applied the change yesterday, late afternoon.  

Will this take a day or two to propogate to the whole network?  I dont fancy running around 240 pc's if I can help it.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 33519849

No it should be in by now. Check a few more and see if they see the policy change?

Chris
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 33543022
@ Chris
Why isn't the intended result covered in DNS? I thought DNS resolved the FQDN to an IP address?.. and you can set up a trust or zone transfers to provide resolution to clients that the server is not actually authoritative for.

Maybe I am missing something, but it appears DNS already has the desired effect the author is wishing for. So, I was wondering if you are reinventing the wheel.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 33543078

DNS does resolve the FQDN, but we're talking about resolution of a Hostname only, which must be converted into an FQDN using the DNS Suffix Search List prior to submission to the DNS server.

Otherwise you need GlobalNames, and that's 2008+ only.

Chris
0
 

Author Closing Comment

by:DHPBilcare
ID: 33605760
Not obvous why but the policy is coming through. It does seem that for a few computers it doesnt take first time.  Thanks for the comments.  
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
A short film showing how OnPage and Connectwise integration works.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now