Solved

Group policy, DNS suffix and Net Use

Posted on 2010-09-14
6
635 Views
Last Modified: 2012-05-10
I’ve implemented a Group Policy on Windows Server 2003 that simply assigns a DNS suffix list to XP clients.  I have assigned this to the default group policy.  The purpose for this is to allow host names in a secondary domain to be identified.  Before I did this we would simply amend local host files for users who needed to resolve host names in the secondary domain.    

However, users who access the second domain also have a local BAT file that’s maps and authenticates access to a server in the secondary domain (using Net Use).  Without the local host files mentioned above the BAT file fails to access the secondary domain server and map the drive.  However I can ping the server in question from the associated client using the domain suffix group policy and ipconfig /all shows both domains.  

With the secondary domain host file the BAT file mapping works.

Hope this makes sense.

And comment s as to what the problem is are welcome.  
0
Comment
Question by:DHPBilcare
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33674974
You need to setup DNS Forwarders within your DNS to point to the second Domain's DNS servers this will allow the clients to append the suffix then look to DNS for the proper IP address.

If you don't want to do that you can use IP addresses within your Bat file instead of names.
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 33675849
Are you saying that from CLIENT.DOMAIN1.NET, you can ping SERVER1 and get a response from SERVER1.DOMAIN2.COM?  I think Darius is on track here.  Adding conditional forwarders to your DNS servers would certainly be expected in your scenario.

How to add AD-Integrated Conditional Forwarders:
http://msmvps.com/blogs/ulfbsimonweidner/archive/2006/09/30/DNS-Conditional-Forwarders-_2D00_-AD-integrated.aspx
0
 

Author Comment

by:DHPBilcare
ID: 33680854
Sorry I should have added that I have already added the second domain as a secondary domain on my internal DNS Servers.  

This includes both a primary and secondary DNS serve address for the second domain.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:DHPBilcare
ID: 33680956
I've tried replacing the host name with IP in the BAT file and still no luck.
0
 

Author Comment

by:DHPBilcare
ID: 33681031
Ignore my last post, the change to IP in the BAT file works.  

However why is the hostname not being resolved in the BAT file when I can ping the host at the cmd prompt?
0
 
LVL 17

Accepted Solution

by:
Tony Massa earned 500 total points
ID: 33681381
If I'm not mistaken, UNC connections will always try NETBIOS.  PING isnt the same process as NET USE  Try going to the RUN command and type \\SERVER\. Does it find it?  Just use the FQDN in your bat would fix it.

You can test with wireshark to confirm that the PC isn't using DNS. Is there WINS in your domains?
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
A hard and fast method for reducing Active Directory Administrators members.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question