Where in the registry are the keys/values which set the 'Append these DNS Suffixes (in order)' option
Hello, We have a number of servers worldwide which need to have their DNS Suffix Search order 'modified' to add a domain. We do this with a VB Script. I have found after the VB Script runs and successfully modifies the SearchList, as found at HKLM\CurrentControlSet\Services\Tcpip\Parameters\SearchList, the Option for 'Append these DNS Suffixes (in order)' is cleared and the 'Append Primary and connection specific DNS Suffixes' is now checked. What happens is we can no longer search by host name. What we would like to do is in the same script which modifies the SearchList, make sure we modify the registry so the 'Append these DNS Suffixes (in order)' is checked. I've run a Procman to try and find where in the registry this is set, but I have not been successful. Can you tell me where in the registry are the keys/values which set the 'Append these DNS Suffixes (in order)' are stored? Thanks in advance.
April 11th, 2011 11:46am

Any reason you don't use group policy to set this? Here is the GP registry location: HKLM\Software\Policies\Microsoft\Windows NT\DNSClient I'd recommend setting this in group policy though. Check this out: Group Policy Search http://gps.cloudapp.net/ Search for DNS Suffix Search List which lists a bunch of info. "Determines the DNS Suffixes to attach to an unqualified single-label name before submission of a DNS query for that name. An unqualified single-label name contains no dots, such as "example". This is different from a fully qualified domain name, such as "example.microsoft.com.". With this setting enabled, when a user submits a query for a single-label name, such as "example", a local DNS client attaches a Suffix, such as "microsoft.com", resulting in the query "example.microsoft.com", before sending the query to a DNS server. If you enable this setting, you can specify the DNS Suffixes to attach before submission of a query for an unqualified single-label name. The values of the DNS Suffixes in this setting may be set using comma-separated strings, such as "microsoft.com,serverua.microsoft.com,office.microsoft.com". One DNS Suffix is attached for each submission of a query. If a query is unsuccessful, a new DNS Suffix is added in place of the failed Suffix, and this new query is submitted. The values are used in the order they appear in the string, starting with the leftmost value and preceding to the right. If you enable this setting, you must specify at least one Suffix. If you disable this setting, the primary DNS Suffix and network connection-specific DNS Suffixes are appended to the unqualified queries. If this setting is not configured, it is not applied to any computers, and computers use their local configuration. === Presentation information === DNS Suffixes: === Detailed values: === text: Id: DNS_SearchListLabel; ValueName: SearchList" I hope this helps!
Free Windows Admin Tool Kit Click here and download it now
April 11th, 2011 2:05pm

Thanks for your response Sean. I've tested this Group Policy setting in our lab and the reason we wont deploy it is because it 'replaces' the current Searchlist with what you specify in the list in the Group Policy. We don't want to 'replace'; we want to 'append'. The reason we want to 'append' is because we have a large international server farm with various customized search lists and we dont want to spend the labor/time to analyze each and create a master list, potentially cause outages, etc.
April 11th, 2011 4:53pm

Hi SdeDot, Thanks for posting here. I think it’s better post to script forum for acquiring a mention for how to append DNS search list registry entries: http://social.technet.microsoft.com/Forums/en/ITCG/threads For more information please refer to the article below: DNS Registry Entries http://technet.microsoft.com/en-us/library/dd197418(WS.10).aspx Thanks. Tiger LiPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2011 1:38am

Tiger, We know how to script, but we dont know what registry keys/values to script. If I cant find what specific registry values/keys to script here, where else should I go?
April 12th, 2011 4:25am

Gotcha. I just manually edited this setting in my registry and it worked without issue. I appended a new domain to the search list and verified that it did NOT change the adapter to 'Append Primary and connection specific DNS Suffixes'. What OS are you testing on? I tried this with Win7. Have you tried to manually do this (without the VB script) with any success? Ultimately I think you'd be better served to have a complete list of all DNS suffixes each server needs and then apply these with group policy but I can understand how that might be hard to achieve at this point. I even tried using incorrect syntax (a space instead of a comma). It simply didn't append the new value. It still didn't change it to 'Append Primary and connection specific DNS Suffixes' on the adapter. Let me know if manually changing this works and what OS you're testing on. Thanks!
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2011 9:33am

This is being tested on Server 2008 R2 and Server 2003 R2. Manually this works fine. So I spent a few hours with Procmon to try to find the registry hives which are changed, but to no avail.
April 13th, 2011 4:42am

I think I found your problem (at least I hope this guess is right)... First, lets understand what the registry is. It's a place to set settings that ARE NOT the default. So, just because some setting isn't there doesn't mean a settings doesn't exist. It just means we are using the default setting that's configured in code. So, delete that value (seachlist) and guess what happens? It automatically checks the "Append primary and connection specific DNS suffixes". Lets say that script has something misspelled. Lets say the NAME of the string value (searchlist) is appended with a " " (yes, that's a SPACE). If you do that manually, guess what happens...The system no longer sees a valid value and assumes the default "Append primary and connection specific DNS suffixes". So, does the script have a " " or some other value in front of the searchlist name? Is it spelled correctly? Does it have a " " at the end? I really hope that or something similar is your problem but I'm 99.99% sure it's the script. Thanks!
Free Windows Admin Tool Kit Click here and download it now
April 13th, 2011 7:53am

I don't get it, I responded to this! Oh well, here it goes again... So I think I found your problem and I'm pretty sure it's with the script. First lets talk about the registry. The registry allows you to change settings that differ from the default. Just because a setting isn't in the registry doesn't mean it doesn't exist. The default settings typically resides in code. Entering a registry setting changes the default. So... SearchList changes the default setting from "Append primary and connection specific DNS suffixes" to "Append these DNS suffixes (in order):" Do me a favor and put a space before or after SearchList (for example " SearchList" or "SearchList "). As soon as you do this, you'll notice the setting reverts back to default. You can test this manually but I'm guessing the script has a space either before or after "SearchList". I hope this helps!
April 13th, 2011 12:13pm

Thanks for the follow-up Sean. Your suggestions make sense, however Im replacing the searchlist as oppossed to deleting which is in effect the same thing that happens when the GUI is used to change the list. The code we run follows and the searchlist is changed correctly in the registry, however the 'Append Primary and connection specific DNS Suffixes' is checked. I've also tested not appending to the current searchlist, or just replacing the current searchlist with one entry which would be acme.net, but I get the same results. In that test, the line of code strValue = strValue & ",acme.net" becomes strValue = "acme.net". I think I will post this to the right script forum to see if they see anything wrong here. const HKEY_CURRENT_USER = &H80000001 Const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set oReg=GetObject( _ "winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "System\CurrentControlSet\Services\TCPIP\Parameters" strValueName = "searchlist" return= oReg.GetExpandedStringValue(HKEY_LOCAL_MACHINE,_ strKeyPath,strValueName,strValue) If (Return = 0) And (Err.Number = 0) Then WScript.Echo "Search list is: " & strValue Else Wscript.Echo _ "GetExpandedStringValue failed. Error = " & Err.Number End If 'strValue has current search list if instr(1,strvalue,"acme.net",1) = 0 then strValue = strValue & ",acme.net" Return = oReg.SetExpandedStringValue( _ HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue) If (Return = 0) And (Err.Number = 0) Then Wscript.Echo "SetExpandedStringValue succeeded" Else Wscript.Echo _ "SetExpandedStringValue failed. Error = " & Err.Number End If else wscript.echo "acme.net is already in " & strvalue End if
Free Windows Admin Tool Kit Click here and download it now
April 14th, 2011 7:58am

Sorry, I've helped about as much as I can. All this script stuff looks a little funny to me...like another language :) Knowing what we know now, you might want to bring this up in the script forum to see what you're doing should cause this behavior, but knowing that I can make it work or break by manually editing the registry makes me believe it's the way the script is editing it or something... Is it possible for you to just use reg commands instead? I know you need to keep the existing value, so output the current key with reg query and then just do a reg add <current stuff> + <new stuff>. I think you could do it in 2-3 lines...but again, I can't script to save my life :) Thanks!
April 15th, 2011 10:03am

Thanks for the followup Sean. Thats a good suggestion to try to use reg commands, so let me try to do that and I will post the results when Im finished.
Free Windows Admin Tool Kit Click here and download it now
April 15th, 2011 10:25am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics