Domain – Which GPO is making the Domain Controller the clients’ DNS server

I maintain a small domain (about 20 clients) and we need to make some changes to the DNS server that's being used by the clients. All the clients have been hard coded to use the domain controller as their DNS. Since these are new machines, and I never changed their DNS settings, I'm guessing there must be a GPO that's causing them to use the domain controller as their DNS. Since we don't have any GPO other than the default one yet, it's got to be the default GPO, however, I have looked through all the GPO settings and none of them refer to anything related to DNS. So I'm wondering if there's anything else that might be causing this.

Any help or advice is highly appreciated.

Thanks,
Harry

EDIT: Just to clarify things a little, here's what I'm dealing with: if I look at the network adapter settings in Windows on these clients and check the IPV4 settings, the IP address is set to DHCP, but the DNS is hard coded. I can change the DNS to DHCP also, however, after a reboot, it's back to being hard coded pointing to the domain controller

Best Answer

Edit: Because of your edits and followup comments, I really believe that their is either a script in the local startup folder doing this on each machine, or you're just missing where one is being called in rsop.

SYSVOL can be empty and startup scripts can still be called from other shares as long as the permissions are correct. There's no requirement that a statup/logon script must exist in SYSVOL.

All the clients have been hard coded to use the domain controller as their DNS

You shouldn't do this. I'll explain why later.

Since these are new machines, and I never changed their DNS settings, I'm guessing there must be a GPO that's causing them to use the domain controller as their DNS

Probably not. The GPO to force DNS settings only works on XP or earlier. If these are new machines, they're probably not XP, meaning that if there actually was a GPO enforcing this, it wouldn't apply to anything Vista or later.

The only thing that I can think of, as pointed out in the comments, is a logon script, or a conditional forwarder from the other domain that's in this picture (as described in your previous question).

Since we don't have any GPO other than the default one yet, it's got to be the default GPO, however, I have looked through all the GPO settings and none of them refer to anything related to DNS.

If you really want to dig into what GPO settings are applying, look through the output of gpresult /H c:\gpo.html and rsop.msc. These are the two primary tools for troubleshooting GPO issues.

So I'm wondering if there's anything else that might be causing this.

Yes, most likely you've configured the DNS Server DHCP option on your DHCP server. This is how you actually want to distribute your DNS Server search list. By hardcoding it, you make it a real PITA to change down the road. Microsoft agrees with this, as evidenced in their choice to deprecate the GPO that sets the DNS server list for clients.

You should make sure that your DHCP server is handing out the right DNS servers to clients and then stop statically configuring it. There's no reason to.

Best Answer

Related Solutions

GPO Computer Settings not updating. Default Domain policy and all User Settings work fine

AD domain member DNS record randomly disappearing from AD’s DNS server

Related Topic