Hello Mariëtte,
We use the Essentials Experience Role of Windows Server 2016 Standard in a domain where there are 2 AD controllers and a healthy DHCP server that serves both AD's IP to DHCP clients. This is a typical small scale AD redundant setup. The DHCP server is on the machine holding the FSMO rights and the Essentials Experience role is located on the second AD controller. This is NOT redundant but that is the way it is.
We were unaware of the SkipAutoDNSServerDetection regisry setting until I recently had o fix a condition where servers were losing their DNS settings, including the AD servers (!).
During the last year, we also had to create the SkipDomainJoin registry setting whenever reinstalling the WSE Client Connector after a Windows 10 major release update.
Is there a documented GPO where I could set these (and other unknown beauties) and forget about them?
Is there any interest for such a GPO (in case I am a lone dinosaur still using the 2016 Essentials Experience Role) ?
Kind regards,
Serge Caron
Hello Serge,
Creating a GPO that sets 'SkipDomainJoin' on all clients is easy but if the client is already joined to the domain and you need to reinstall the Connector software that setting is not needed as the Connector wizard will detect that the client is already joined.
How can servers loose DNS settings? I don't understand this
In our experience, reinstalling the Client Connector after a major Windows 10 upgrade (say, 1903 to 2004, for example) will remove ALL of the WSE registry settings. The install fails unless we set SkipDomainJoin.
If a server 2016 / 2019 is included in the WSE devices, and the server has a static IP, then the DNS becomes blank under mysterious circumstances. These are devices that are seldom restarted and I don't know what triggers the AUTO DNS configuration for those devices. Nevertheless, the SkipAutoDNSServerDetection must be set on these servers.
Do you have a sample GPO that I could augment with our findings ?
Regards,
Attached is a small script that will create server side and client side GPOs to prevent the DNS Auto Config "feature". This script was tested only on actual DCs and may need revisions if executed from a workstation or member server.
Since we are dealing with domain members, the SkipDomainJoin setting is also set to avoid reinstall errors when all Essentials settings disappear after a Windows 10 major upgrade. The available documentation from MS is focused on exploiting workstations in a workgroup like manner and does not seem to address situations where the machine is already joined to a domain (regardless of scenario).
You can redistribute this as you see fit: the OUs used in the script are the default Essentials settings and may need adjusting for larger configurations.