I am having an issue with adding new Windows 7 machines to our domain with the correct DNS suffix. Our domain is "itorg.ad.buffalo.edu" but our departmental DNS suffix is "urh.buffalo.edu". Whenever we add a machine to the domain, we get an error that the suffix could not be changed to "urh.buffalo.edu" and will remain "itorg.ad.buffalo.edu" which works fine for domain users to log in to these machines but breaks remote management capabilities. Currently I have to add the machine to the domain, ignore the error message and restart, then put in the proper DNS suffix and restart again. This is an annoying quirk that ends up wasting a lot of time. While using a script I made to add the computer to the domain, restart, and then change the DNS suffix I realized something. In the active directory the fully qualified name of the computer is still ******.itorg.ad.buffalo.edu instead of ******.urh.buffalo.edu which results in an error being displayed when domain users attempt to log in to the machine. I've been searching the web for days trying to find an answer to my specific problem and am willing to accept that there may not be one. However, as a work around, I was wondering if someone could help me by explaining how to change the primary DNS suffix from the command prompt/Powershell. This way I could at least script the operation to make life easier. I should point out that I'm aware of the method of modifying the registry entry for the suffix, however this does not update the computer's name on the domain controller and results in the logon error message I explained previously. I'm looking for a way to change the suffix from the command prompt that essentially does the same thing as right-clicking on "computer", going to "properties" and changing the primary DNS suffix. Any help/advice would be greatly appreciated!

Check your DHCP and see which options are set there. You should be able to set different DNS suffix for each subnet. Your DHCP might set up with "server option" instead of "subnet option" which then defaults down to each subnet that this DHCP is serving.

If you're referring to a server-side setting then I should tell you I don't have access to modify anything. Basically I only have admin rights over our departmental OU within the domain so I can add accounts, modify departmental groups, etc. I basically need a way to do whatever Windows does when you modify the primary DNS suffix through system properties, but from the command prompt instead. When done through system properties, it prompts me for domain admin credentials and then asks me to restart the machine. If I do it this way it ends up working perfectly fine in the end but the process takes far too long per machine. However, if I only modify the registry keys for the DNS suffix then the new name is not updated in the active directory and domain users are unable to log on as a result. There must be a way to do what I'm describing through a script

http://support.microsoft.com/kb/275553 SET WSHShell = CreateObject("WScript.Shell") WSHShell.RegWrite "HKLM\System\CurrentControlSet\Services\TCPIP\Parameters\SearchList", "testadatum.com,test2adatum.net,test3adatum.gov", "REG_SZ" http://social.technet.microsoft.com/Forums/en/winservergen/thread/f9fe989b-f5bd-4d7f-93a8-9134b7627db1

This is what I have already said does not work. Simply modifying the registry does not update the fully qualified name of the machine within the active directory and results in the log on issue for domain users

This is an example of what I need to have set: Domain name: a.b.buffalo.edu Primary DNS suffix: c.buffalo.edu The problem is joining the domain results in: "Changing the Primary Domain DNS name of this computer to "c.buffalo.edu" failed. The name will remain "a.b.buffalo.edu". So it remains computer.a.b.buffalo.edu instead of computer.c.buffalo.edu. I then need to specify the correct DNS suffix, enter my domain credentials, and reboot again. I have tried setting group policy for the OU and modifying the registry entry for the primary DNS suffix but both of these methods result in the following error: "The security database on the server does not have a computer account for this workstation trust relationship"

Please refer to: Windows 7 or Windows Server 2008 R2 domain join displays error "Changing the Primary Domain DNS name of this computer to "" failed...." http://support.microsoft.com/kb/2018583Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Please refer to: Windows 7 or Windows Server 2008 R2 domain join displays error "Changing the Primary Domain DNS name of this computer to "" failed...." http://support.microsoft.com/kb/2018583 Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ” Not to be rude, but don't you think I would have searched this site for an answer before posting this question? I checked all of the recommendations in that article and it still doesn't work for me. I suspect it has something to do with the disjoint namespace we're required to use as well as the fact that the primary DNS suffix for our department in not a sub-level of our domain Let's say this is the domain: corp.ad.buffalo.edu And let's sat the suffix for our department is: dept.buffalo.edu As you can see, our suffix does not reference our domain at all and has a lower hierarchy than the domain itself. In a perfect world, our domain would be something like ad.buffalo.edu and our departmental DNS suffix would be dept.ad.buffalo.edu. In that case this would likely work perfectly fine, but the problem here is that I'm not far enough up the chain of command to have any influence over anything but my department. So the domain and DNS suffix are what they are, I just need to make them work for me. If it were possible to specify operators for SystemPropertiesComputerName.exe from the command prompt then I could at least write a script to join the domain, reboot, and then change the DNS suffix. The problem is, none of the methods of changing the machine's FQDN (other than from the properties GUI) result in the Active Directory being updated to reflect this change, which breaks domain logon