Changing the DNS suffix search list in Active Directory

Here are different ways that you can configure a DNS suffix search list in Active Directory. I was tasked with removing a DNS suffix for a certain domain and spent a little bit of time trying to figure out where the DNS suffix was defined. In my workplace we configured it through group policy Default Domain Policy. See below for other ways that it can be configured.

1. Adding DNS Search suffix through group policy
2. Adding DNS Search suffix directly through registry
3. Adding DNS Suffix through DHCP option 135

1.  Adding DNS Search suffix through group policy

Open Default domain policy
-Computer Configuration > Policies > Administrative Templates > Network > DNS Client > DNS suffix search list (Include the primary domain here as first on the list, this is the order the search will be applied)

Primary DNS suffix: mylab.local (optional)
DNS Suffix search list: mylab.local,devcorp.local,dev.local,corp.local (Make sure to include the primary domain as the first domain in the search suffix)

2. Adding DNS Search suffix directly through registry
-The group policy adds the below registry key if its set. It is possible to script it so that it gets imported automatically.

3. Adding DNS Suffix through DHCP option 135

DHCP Scope Option for DNS SUFFIX
1. On the 2008 DC running DHCP, open the DHCP MMC.
2. Expand DHCP and select DHCP server name.
3. Right Click IPv4
4. Select “Set Predefined Options”
5. Click Add.
6. Name: “Domain suffix search order” (without the quotation marks)
Data Type: String
Code: “135” (without the quotation marks)
Description: “List of domain suffixes in order” (without the quotation marks)
String: enter your search suffixes separated by comma with no spaces
– mylab.local,devcorp.local,dev.local,corp.local
7. Click OK.
8. Close DHCP MMC and restart DHCP Server Service.
9. Reopen DHCP MMC and now scope option 135 is there.