September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
13.17. Allowing Computers to Use a Different Domain Suffix from Their AD Domain
Problem
You want to allow computers to use a different domain suffix than their AD domain.
Solution
Tip
The following solutions work only for Windows Server 2003 domains. Read the Discussion for a workaround for Windows 2000.
Using a graphical user interface
Open ADSI Edit.
Connect to the domain you want to edit.
Right-click on the
domainDNSobject and select Properties.Edit the
msDS-AllowedDNSSuffixesattribute and enter the DNS suffix you want to add.Click OK.
Using a command-line interface
Create an LDIF file called add_dns_suffix.ldf
with the following contents:
dn: <DomainDN> changetype: modify add: msDS-AllowedDNSSuffixes msDS-AllowedDNSSuffixes: <DNSSuffix> -
then run the following command:
> ldifde -v -i -f add_dns_suffix.ldf.ldf
Using VBScript
' This code adds a domain suffix that can be used by clients in the domain. ' ------ SCRIPT CONFIGURATION ------ strDNSSuffix = "<DNSSuffix>" ' e.g. othercorp.com strDomain = "<DomainDNSName>" ' e.g. amer.rallencorp.com ' ------ END CONFIGURATION --------- set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE") set objDomain = GetObject("LDAP://" & objRootDSE.Get("defaultNamingContext") ) objDomain.Put "msDS-AllowedDNSSuffixes", strDNSSuffix objDomain.SetInfo WScript.Echo "Added " & strDNSSuffix & " to suffix list."
Discussion
Windows 2000, Windows XP, and Windows Server 2003 member computers
dynamically maintain the
dNSHostName and
servicePrincipalName attributes ...