I am having an issue with adding new Windows 7 machines to our domain with the correct DNS suffix. Our domain is "corp.ad.buffalo.edu" but our departmental DNS suffix is "dept.buffalo.edu". Whenever we add a machine to the domain, we get an error that the suffix could not be changed to "dept.buffalo.edu" and will remain "corp.ad.buffalo.edu" which works fine for domain users to log in to these machines but breaks remote management capabilities. Currently I have to add the machine to the domain, ignore the error message and restart, then put in the proper DNS suffix and restart again. This is an annoying quirk that ends up wasting a lot of time. While using a script I made to add the computer to the domain, restart, and then change the DNS suffix I realized something. In the active directory the fully qualified name of the computer is still "example.corp.ad.buffalo.edu" instead of "example.dept.buffalo.edu" which results in an error being displayed when domain users attempt to log in to the machine. I've been searching the web for days trying to find an answer to my specific problem and am willing to accept that there may not be one. However, as a work around, I was wondering if someone could help me by explaining how to change the primary DNS suffix from the command prompt/Powershell. This way I could at least script the operation to make life easier. I should point out that I'm aware of the method of modifying the registry entry for the suffix, however this does not update the computer's name on the domain controller and results in the logon error message I explained previously. I'm looking for a way to change the suffix from the command prompt that essentially does the same thing as right-clicking on "computer", going to "properties" and changing the primary DNS suffix. Any help/advice would be greatly appreciated!

Please refer to: Windows 7 or Windows Server 2008 R2 domain join displays error "Changing the Primary Domain DNS name of this computer to "" failed...." http://support.microsoft.com/kb/2018583 Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ” Not to be rude, but don't you think I would have searched this site for an answer before posting this question? I checked all of the recommendations in that article and it still doesn't work for me. I suspect it has something to do with the disjoint namespace we're required to use as well as the fact that the primary DNS suffix for our department in not a sub-level of our domain Let's say this is the domain: corp.ad.buffalo.edu And let's sat the suffix for our department is: dept.buffalo.edu As you can see, our suffix does not reference our domain at all and has a lower hierarchy than the domain itself. In a perfect world, our domain would be something like ad.buffalo.edu and our departmental DNS suffix would be dept.ad.buffalo.edu. In that case this would likely work perfectly fine, but the problem here is that I'm not far enough up the chain of command to have any influence over anything but my department. So the domain and DNS suffix are what they are, I just need to make them work for me. If it were possible to specify operators for SystemPropertiesComputerName.exe from the command prompt then I could at least write a script to join the domain, reboot, and then change the DNS suffix. The problem is, none of the methods of changing the machine's FQDN (other than from the properties GUI) result in the Active Directory being updated to reflect this change, which breaks domain logon EDIT: Another thing I noticed is that on machines that have already been entered in the domain correctly, the problem does not occur. For example, machines that I recently converted to VHD installations of Windows 7 joined the domain fine. Their DNS suffix was set to the correct value and then the domain join operation worked perfectly, they also used the same name as they had before the conversion. The problem is when joining the domain with a brand new machine, this leads me to believe it is a network configuration or domain controller issue.