none
Group Policy Prevent users to access DNS

    Question

  • Hello

    I have a problem with DNS in windows 2008R2. there is a policy prevent DNS resolving name to IP and I can ping any computer by IP put I cannot ping it by name although when I use "nslookup" on cmd the computer can see DNS server. Another problem I can join Computer to domain put when I want to add a domain user to local admin group the computer cannot see the domain and user show as s-1-5-21 if I could  add user.I don't know the policy and how to delete it.

    Wednesday, December 24, 2014 7:04 AM

Answers

All replies

  • Hello

    I have a problem with DNS in windows 2008R2. there is a policy prevent DNS resolving name to IP and I can ping any computer by IP put I cannot ping it by name although when I use "nslookup" on cmd the computer can see DNS server. Another problem I can join Computer to domain put when I want to add a domain user to local admin group the computer cannot see the domain and user show as s-1-5-21 if I could  add user

    Tuesday, December 23, 2014 12:09 PM
  • Hi,

    Before going further, this may not be related to group policy. However, to check what group policy settings are applied, you can run command gpresult/h gpreport.html with admin privileges to collect group policy result report.  Besides, for DNS related issues, you can check DNS logs to see if some related events were logged. In addition, to edit group policy settings, you can do this with GPMC on domain controllers or on a client with remote server administrative tools (RSAT) installed.

    Best regards,
    Frank Shen

    Thursday, December 25, 2014 3:02 PM
    Moderator
  • thank's alot for your replaying. 

    But when any computer is in work group I can ping any computer on the domain using host name and IP . when I joined the computer to domain I can ping computers by Ip but when I ping it using host name I get this message

    "Ping request could not find host ............. Please check the name and try again"    

    thank's

    Sunday, December 28, 2014 9:57 AM
  • thank's alot for your replaying. 

    But when any computer is in work group I can ping any computer on the domain using host name and IP . when I joined the computer to domain I can ping computers by Ip but when I ping it using host name I get this message

    "Ping request could not find host ............. Please check the name and try again"    

    thank's

    some thoughts...

    check: System Properties > Computer Name > Change > More >
    Primary DNS Suffix of this computer
    &
    Change primary DNS suffix when domain membership changes

    http://technet.microsoft.com/en-us/library/cc794784(v=ws.10).aspx

    also
    http://gpsearch.azurewebsites.net/Default.aspx?PolicyID=203


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Sunday, December 28, 2014 10:50 AM
  • thank's DonPick but the problem still found I found group policy called name resolution policy and its enable I did't know what it do exactly and what happen if I disable it 

    regards 

    Tuesday, December 30, 2014 7:22 AM
  • thank's DonPick but the problem still found I found group policy called name resolution policy and its enable I did't know what it do exactly and what happen if I disable it 

    regards 


    Perhaps you mean this?

    http://technet.microsoft.com/en-au/library/ee649207(v=ws.10).aspx

    http://technet.microsoft.com/en-au/library/ee649182(v=ws.10).aspx


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Tuesday, December 30, 2014 9:08 AM