Topic Last Modified: 2006-05-18

The Microsoft® Exchange Server Analyzer Tool reads the following registry entries to determine the primary Domain Name System (DNS) suffix for this Exchange Server:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\NV Domain


If the Exchange Server Analyzer finds that the values for NV Domain and Domain do not match, a warning is displayed.

The NV Domain registry value contains the computer's primary DNS suffix. The Domain registry value contains the computer's primary DNS domain. By default, the primary DNS suffix portion of a computer's fully qualified domain name (FQDN) must be the same as the name of the Active Directory® directory service domain where the computer is located. Mismatched names can prevent DNS registration from occurring correctly. If the DNS domain name for the computer does not match the Active Directory domain name, you will see errors in the computer's System event log every 22 minutes. Such a condition is known as a disjoint namespace. To allow different primary DNS suffixes, you can create a restricted list of allowed suffixes by creating an Active Directory attribute called msDS-AllowedDNSSuffixes in the domain object container.

The procedure for ensuring you have a correctly configured disjoint namespace depends on the operating system used for your Active Directory domain controllers.

To perform the second procedure below, you will need to use an Active Directory editor such as Active Directory Service Interfaces (ADSI) Edit or LDP (Ldp.exe) tool. For more information about modifying Active Directory with the LDP tool, see the Microsoft Knowledge Base article 260745, "XADM: Using the LDP Utility to Modify Active Directory Object Attributes" (

If you incorrectly modify the attributes of Active Directory objects when you use ADSI Edit, the LDP tool, or another Lightweight Directory Access Protocol (LDAP) version 3 client, you may cause serious problems. These problems may require that you reinstall Windows Server 2003, Exchange Server 2003, or both. Modify Active Directory object attributes at your own risk.

If the disjoint namespace is unintended

  1. Right-click My Computer, and then click Properties. The System Properties dialog box will appear.

  2. Click the Computer Name tab.

  3. Click Change. The Computer Name Changes dialog box will appear.

  4. Click More. The DNS Suffix and NetBIOS Computer Name dialog box will appear.

  5. Select the Change primary DNS suffix when domain membership changes check box.

  6. Click OK to save the changes, and then click OK to exit the Computer Name Changes dialog box.

  7. Click OK to close the System Properties dialog box, and then restart the computer for the change to take effect.

If the disjoint namespace is intended

  1. Use the procedure above to ensure that the Change primary DNS suffix when domain membership changes check box is clear.

  2. Modify the msDS-AllowedDNSSuffixes Active Directory attribute on the domain object container. You can do this with ADSI Edit, by performing the following steps:

    1. Double-click the domain directory partition for the domain you want to modify.

    2. Right-click the domain container object, and then click Properties.

    3. On the Attribute Editor tab, in the Attributes box, double-click the attribute msDS-AllowedDNSSuffixes.

    4. In the Multi-valued String Editor dialog box, in the Value to add box, type a DNS suffix, and then click Add.

    5. When you have added all the DNS suffixes for the domain, click OK.

    6. Click OK to close the Properties dialog box for that domain.

    7. Repeat these steps if you have multiple domains you want to similarly configure.

For more information about the msDS-AllowedDNSSuffixes attribute, see the Windows Server 2003 Help and Support Center. For additional information about the procedure used to edit this attribute, see "Step-by-Step Guide to Implementing Domain Rename" (