Hello,
We have a number of servers worldwide which need to have their DNS Suffix Search order 'modified' to add a domain. We do this with a VB Script. I have found after the VB Script runs and successfully modifies the SearchList, as found at HKLM\CurrentControlSet\Services\Tcpip\Parameters\SearchList,
the Option for 'Append these DNS Suffixes (in order)' is cleared and the 'Append Primary and connection specific DNS Suffixes' is now checked. What happens is we can no longer search by host name.
What we would like to do is in the same script which modifies the SearchList, make sure we modify the registry so the 'Append these DNS Suffixes (in order)' is checked. I've run a Procman to try and find where in the registry this is set, but I have
not been successful. Can you tell me where in the registry are the keys/values which set the 'Append these DNS Suffixes (in order)' are stored? Thanks in advance.

There is an amazing pack of free network admin tools. click here to download it

Any reason you don't use group policy to set this? Here is the GP registry location:
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient
I'd recommend setting this in group policy though. Check this out:
Group Policy Search

http://gps.cloudapp.net/

Search for DNS Suffix Search List which lists a bunch of info.
"Determines the DNS
Suffixes to attach to an unqualified single-label name before submission of a
DNS query for that name.

An unqualified single-label name contains no dots, such as "example". This is different from a fully qualified domain name, such as "example.microsoft.com.".

With this setting enabled, when a user submits a query for a single-label name, such as "example", a local
DNS client attaches a
Suffix, such as "microsoft.com", resulting in the query "example.microsoft.com", before sending the query to a
DNS server.

If you enable this setting, you can specify the
DNS Suffixes to attach before submission of a query for an unqualified single-label name. The values of the
DNS
Suffixes in this setting may be set using comma-separated strings, such as "microsoft.com,serverua.microsoft.com,office.microsoft.com". One
DNS
Suffix is attached for each submission of a query. If a query is unsuccessful, a new
DNS
Suffix is added in place of the failed
Suffix, and this new query is submitted. The values are used in the order they appear in the string, starting with the leftmost value and preceding to the right.

If you enable this setting, you must specify at least one
Suffix.

If you disable this setting, the primary DNS
Suffix and network connection-specific
DNS
Suffixes are appended to the unqualified queries.

If this setting is not configured, it is not applied to any computers, and computers use their local configuration.



=== Presentation information ===

DNS
Suffixes:


=== Detailed values: ===
text: Id: DNS_SearchListLabel; ValueName:
SearchList"
I hope this helps!

There is an amazing pack of free network admin tools. click here to download it

Thanks for your response Sean.
I've tested this Group Policy setting in our lab and the reason we wont deploy it is because it 'replaces' the current Searchlist with what you specify in the list in the Group Policy. We don't want to 'replace'; we want to 'append'. The reason
we want to 'append' is because we have a large international server farm with various customized search lists and we dont want to spend the labor/time to analyze each and create a master list, potentially cause outages, etc.

Need to support users over the internet? click here try our remote control online beta

Hi SdeDot,

Thanks for posting here.

I think it’s better post to script forum for acquiring a mention for how to append DNS search list registry entries:


http://social.technet.microsoft.com/Forums/en/ITCG/threads


For more information please refer to the article below:

DNS Registry Entries

http://technet.microsoft.com/en-us/library/dd197418(WS.10).aspx


Thanks.

Tiger LiPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

There is an amazing pack of free network admin tools. click here to download it

Tiger,
We know how to script, but we dont know what registry keys/values to script. If I cant find what specific registry values/keys to script here, where else should I go?

There is an amazing pack of free network admin tools. click here to download it

Gotcha. I just manually edited this setting in my registry and it worked without issue. I appended a new domain to the search list and verified that it did NOT change the adapter to 'Append Primary and connection specific DNS Suffixes'.
What OS are you testing on? I tried this with Win7. Have you tried to manually do this (without the VB script) with any success? Ultimately I think you'd be better served to have a complete list of all DNS suffixes each server needs and
then apply these with group policy but I can understand how that might be hard to achieve at this point.
I even tried using incorrect syntax (a space instead of a comma). It simply didn't append the new value. It still didn't change it to 'Append Primary and connection specific DNS Suffixes' on the adapter. Let me know if manually changing
this works and what OS you're testing on.
Thanks!

There is an amazing pack of free network admin tools. click here to download it

This is being tested on Server 2008 R2 and Server 2003 R2. Manually this works fine.
So I spent a few hours with Procmon to try to find the registry hives which are changed, but to no avail.

There is an amazing pack of free network admin tools. click here to download it

I think I found your problem (at least I hope this guess is right)...
First, lets understand what the registry is. It's a place to set settings that ARE NOT the default. So, just because some setting isn't there doesn't mean a settings doesn't exist. It just means we are using the default setting that's configured
in code.
So, delete that value (seachlist) and guess what happens? It automatically checks the "Append primary and connection specific DNS suffixes".
Lets say that script has something misspelled. Lets say the NAME of the string value (searchlist) is appended with a " " (yes, that's a SPACE). If you do that manually, guess what happens...The system no longer sees a valid value and assumes
the default "Append primary and connection specific DNS suffixes". So, does the script have a " " or some other value in front of the searchlist name? Is it spelled correctly? Does it have a " " at the end?
I really hope that or something similar is your problem but I'm 99.99% sure it's the script.
Thanks!

Need to support users over the internet? click here try our remote control online beta

I don't get it, I responded to this! Oh well, here it goes again...
So I think I found your problem and I'm pretty sure it's with the script. First lets talk about the registry.
The registry allows you to change settings that differ from the default. Just because a setting isn't in the registry doesn't mean it doesn't exist. The default settings typically resides in code. Entering a registry setting changes the
default. So...
SearchList changes the default setting from "Append primary and connection specific DNS suffixes" to "Append these DNS suffixes (in order):"
Do me a favor and put a space before or after SearchList (for example " SearchList" or "SearchList "). As soon as you do this, you'll notice the setting reverts back to default. You can test this manually but I'm guessing the script has a space
either before or after "SearchList".
I hope this helps!

Need to support users over the internet? click here try our remote control online beta

Thanks for the follow-up Sean.
Your suggestions make sense, however Im replacing the searchlist as oppossed to deleting which is in effect the same thing that happens when the GUI is used to change the list.
The code we run follows and the searchlist is changed correctly in the registry, however the 'Append Primary and connection specific DNS Suffixes' is checked. I've also tested not appending to the current searchlist, or just replacing the
current searchlist with one entry which would be acme.net, but I get the same results. In that test, the line of code strValue = strValue & ",acme.net" becomes strValue = "acme.net".
I think I will post this to the right script forum to see if they see anything wrong here.
const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set oReg=GetObject( _
"winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "System\CurrentControlSet\Services\TCPIP\Parameters"
strValueName = "searchlist"
return= oReg.GetExpandedStringValue(HKEY_LOCAL_MACHINE,_
strKeyPath,strValueName,strValue)
If (Return = 0) And (Err.Number = 0) Then
WScript.Echo "Search list is: " & strValue
Else
Wscript.Echo _
"GetExpandedStringValue failed. Error = " & Err.Number
End If

'strValue has current search list
if instr(1,strvalue,"acme.net",1) = 0 then
strValue = strValue & ",acme.net"
Return = oReg.SetExpandedStringValue( _
HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue)
If (Return = 0) And (Err.Number = 0) Then
Wscript.Echo "SetExpandedStringValue succeeded"
Else
Wscript.Echo _
"SetExpandedStringValue failed. Error = " & Err.Number
End If
else
wscript.echo "acme.net is already in " & strvalue
End if

Need to support users over the internet? click here try our remote control online beta

Sorry, I've helped about as much as I can. All this script stuff looks a little funny to me...like another language :) Knowing what we know now, you might want to bring this up in the script forum to see what you're doing should cause this behavior,
but knowing that I can make it work or break by manually editing the registry makes me believe it's the way the script is editing it or something...

Is it possible for you to just use reg commands instead? I know you need to keep the existing value, so output the current key with reg query and then just do a reg add <current stuff> + <new stuff>. I think you could do it in 2-3
lines...but again, I can't script to save my life :)

Thanks!

There is an amazing pack of free network admin tools. click here to download it

Thanks for the followup Sean.
Thats a good suggestion to try to use reg commands, so let me try to do that and I will post the results when Im finished.

Need to support users over the internet? click here try our remote control online beta