Topic Last Modified: 2006-05-18
The Microsoft® Exchange Server Analyzer Tool reads the following registry entries to determine the primary Domain Name System (DNS) suffix for this Exchange Server:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\NV Domain
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Domain
If the Exchange Server Analyzer finds that the values for NV Domain and Domain do not match, a warning is displayed.
The NV Domain registry value contains the computer's primary DNS suffix. The Domain registry value contains the computer's primary DNS domain. By default, the primary DNS suffix portion of a computer's fully qualified domain name (FQDN) must be the same as the name of the Active Directory® directory service domain where the computer is located. Mismatched names can prevent DNS registration from occurring correctly. If the DNS domain name for the computer does not match the Active Directory domain name, you will see errors in the computer's System event log every 22 minutes. Such a condition is known as a disjoint namespace. To allow different primary DNS suffixes, you can create a restricted list of allowed suffixes by creating an Active Directory attribute called msDS-AllowedDNSSuffixes in the domain object container.
The procedure for ensuring you have a correctly configured disjoint namespace depends on the operating system used for your Active Directory domain controllers.
- If you are running a Microsoft Windows® 2000 Server
operating system on your Active Directory domain controllers, you
can use the procedure outlined in the Microsoft Knowledge Base
article 258503, "DNS Registration Errors 5788 and 5789 When DNS
Domain and Active Directory Domain Name Differ" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=258503)
to correctly configure your namespace. This article includes
procedures for correcting an unintended disjoint namespace, and for
correctly configuring a disjoint namespace if one is intended.
- If you are running Microsoft Windows Server™ 2003 on your
Active Directory domain controllers and the disjoint namespace is
unintended, you can use the first procedure below to correct the
unintended disjoint namespace and resolve this warning. If you are
running Windows Server 2003 on your Active Directory domain
controllers and the disjoint namespace is intended, you can use the
second procedure below to correctly configure it.
To perform the second procedure below, you will need to use an Active Directory editor such as Active Directory Service Interfaces (ADSI) Edit or LDP (Ldp.exe) tool. For more information about modifying Active Directory with the LDP tool, see the Microsoft Knowledge Base article 260745, "XADM: Using the LDP Utility to Modify Active Directory Object Attributes" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=260745).
Caution: |
---|
If you incorrectly modify the attributes of Active Directory objects when you use ADSI Edit, the LDP tool, or another Lightweight Directory Access Protocol (LDAP) version 3 client, you may cause serious problems. These problems may require that you reinstall Windows Server 2003, Exchange Server 2003, or both. Modify Active Directory object attributes at your own risk. |
If the disjoint namespace is unintended
-
Right-click My Computer, and then click Properties. The System Properties dialog box will appear.
-
Click the Computer Name tab.
-
Click Change. The Computer Name Changes dialog box will appear.
-
Click More. The DNS Suffix and NetBIOS Computer Name dialog box will appear.
-
Select the Change primary DNS suffix when domain membership changes check box.
-
Click OK to save the changes, and then click OK to exit the Computer Name Changes dialog box.
-
Click OK to close the System Properties dialog box, and then restart the computer for the change to take effect.
If the disjoint namespace is intended
-
Use the procedure above to ensure that the Change primary DNS suffix when domain membership changes check box is clear.
-
Modify the msDS-AllowedDNSSuffixes Active Directory attribute on the domain object container. You can do this with ADSI Edit, by performing the following steps:
- Double-click the domain directory partition for the domain you
want to modify.
- Right-click the domain container object, and then click
Properties.
- On the Attribute Editor tab, in the Attributes
box, double-click the attribute msDS-AllowedDNSSuffixes.
- In the Multi-valued String Editor dialog box, in the
Value to add box, type a DNS suffix, and then click
Add.
- When you have added all the DNS suffixes for the domain, click
OK.
- Click OK to close the Properties dialog box for
that domain.
- Repeat these steps if you have multiple domains you want to
similarly configure.
- Double-click the domain directory partition for the domain you
want to modify.
For more information about the msDS-AllowedDNSSuffixes attribute, see the Windows Server 2003 Help and Support Center. For additional information about the procedure used to edit this attribute, see "Step-by-Step Guide to Implementing Domain Rename" (http://go.microsoft.com/fwlink/?LinkId=41359).