Dns suffix change procedure

When a computer joins an Active Directory domain (for example, WEST.AD.ASU.EDU), Active Directory stores the fully qualified domain dame (FQDN) of the computer with the computer account in a property called DNSHostName. For example, for a computer named "W2K-CLIENT," the DNSHostName property contains a "W2K-CLIENT.WEST.AD.ASU.EDU" value.

If the computer belongs to a Directory Naming Service (DNS) zone (for example, WEST.ASU.EDU or VPRC.ASU.EDU) whose name is different from the Active Directory domain name (in this example, WEST.AD.ASU.EDU) that the computer joined, the DNSHostName does not by default include the subdomain name (in this example, "DHCP" or “VPRC”), but only contains the value "W2K-CLIENT.WEST.AD.ASU.EDU".

Because there is no W2K-CLIENT.ASU.EDU entry in DNS (DNS knows only about the "W2K-CLIENT.DHCP.ASU.EDU" or “W2K-CLIENT.VPRC.ASU.EDU entry), some services may not work correctly.
Here is the process for successfully using a different DNS name than Active Directory name (with or without Netbios enabled):
The DNSHostName property on the workstation needs to be the same as the name in DNS. This can be done by changing the workstation’s PrimaryDNSSuffix. In addition to the change on the workstation, permission on the Domain Controller must be granted for the workstation to successfully change it’s DNS name and have all services work.
To give workstations the appropriate rights in Active Directory to change the DNSHostName property (do this on a domain controller):

  1. Start the Active Directory Users and Computers snap-in.

  2. Choose Advanced view.

  3. Right-click the appropriate domain, and then click Properties.

  4. On the Security tab, add the Self group to the ACL.

  5. Click Advanced button.

  6. Click Self, and then click View/Edit.

  7. Click the Property tab. In the Apply onto box, click Computer Objects.

  8. Under Permissions, click to select the Write DNS host name check box.

  9. Click OK to close all dialog boxes.

Then on the workstation, you can change the DNSHostName (PrimaryDNSSuffix) property either manually or via a group policy:

  • To change the computer's PrimaryDNSSuffix, on the Network Identification tab in the System tool in Control Panel, click Properties, and then click More.

Change the Primary DNS suffix of the workstation setting to include the subdomain (i.e., for the workstation. Click OK, click OK, and then click OK, and reboot.

- OR -
Use Group Policy to set PrimaryDNSSuffix appropriately on all computers in the subdomain OU (e.g., OU’s for DHCP or VPRC). You can set PrimaryDNSSuffix in Group Policy by opening Computer Configuration, Administrative Templates, System, and then DNS Client on the Domain Controller. Then reboot all clients that this change affects.

