Windows 2000 DNS |
When a Group Policy exists, the suffix set in the Group Policy supersedes the local primary DNS suffix, which by default is the same as the Active Directory domain name. Users can still enter a suffix in the System Properties dialog box, but the suffix is not used unless the Group Policy is disabled or unspecified.
If you make the primary DNS suffix of the computer different from the Active Directory domain name, however, you must perform additional configuration in order to enable the modified full computer name to be registered in the DNS host name attribute and the Service Principal Name attribute for the computer object in Active Directory.
By default, the name registered in those attributes must have the following syntax:
<NetBIOS name>.<Active Directory domain name>
where NetBIOS name is the NetBIOS name of the computer and Active Directory domain name is the DNS name of the Active Directory domain. To enable registration of the modified full computer name, you must modify the access control list (ACL) for the appropriate domain by following the steps in the following procedure. You must also perform this procedure if any computers joined to the domain have host names of more than 15 bytes.
To modify the ACL to enable registration of the full computer name
Caution
If you modify the ACL to enable registration of the modified full computer name, any computer in the domain can register itself under a different name.