This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 38%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Hi,
I´m trying to get the DNS suffix search list populated on our AAD machines as we´re in the transition phase from domain to cloud. And the autopilot / Intune-only machines have some name resolution "issues" as not everybody works with fqdn.
On AD the DNS suffix search list worked fine with GPO but on Intune I´m a bit lost with custom policies. I found this ADMX backed one from Microsoft:
From which I tried to create a custom policy:
OMA-URI:
./Vendor/MSFT/Policy/Config/ADMX_DnsClient/DNS_SearchList
and Value (String):
<enabled/>
<data id="DNS_SearchListLabel" value="ops.global.ad,na.global.ad,eu.global.ad,global.ad"/>
On my targeted Windows 10 2004 Enterprise I can see in the event viewer (apps..>microsoft>windows>devicemanagement-enterprise>admin) that it shows an error 404:
MDM ConfigurationManager: Command failure status. Configuration Source ID: (D2E622F6-EB75-40D7-9F2B-1594EBB1E082), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Vendor/MSFT/Policy/Config/ADMX_DnsClient/DNS_SearchList), Result: (The system cannot find the file specified.).
On C:\Windows\PolicyDefinitions there´s a dnsclient.admx file from which I got the "DNS_SearchListLabel" which is hopefully correct.
But I´m pretty new to the custom policies and a bit lost at the moment. Thanks in advance for your help!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Martin G , For the error, it means the OMA-URI is not configured correctly.
From the document, it seems the OMA-URI is "./Device/Vendor/MSFT/Policy/Config/ADMX_DnsClient/DNS_SearchList". I have tested in the lab, but it is still failed. From the document, I find this CSP is only available in the latest Windows 10 insider Preview Build. I think this is the reason why we failed.
Hope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 71%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE1%3C/text%3E%3C/svg%3E)
Hi Crystal,
Do you know if this is still the case? If so, is there any indication when this will go GA? In order to move to a pure AAD environment, this management functionality is important.
Thanks,
Eric
Yes, this is still the case. See https://techcommunity.microsoft.com/t5/intune-customer-success/the-latest-in-group-policy-settings-parity-in-mobile-device/ba-p/2269167.
Sorry for late reply, it seems I got no or missed a mail notification. Oh, just seen I have to enable first.
Thanks @Crystal-MSFT !
Indeed, I´ve overlooked the part that it´s only working on latest preview built. That absolutely explains it.
Actually I´m testing a PS script (pushed with Intune), but it seems that it only runs once and if something locally reverts back the DNS search suffix list, it won´t be automatically reapplied.
Anybody another idea how to get entries forced to the DNS suffix search list (reapplying/forced)? It was so easy in good old GPO times ;)
Thanks
Martin
@Martin G , Thanks for marking the reply as answer. I am glad that the information can help. For the Powershell script, Yes, once the script executes, it doesn't execute again unless there's a change in the script or policy. As a workaround, maybe we can update the script to let it deploy again. Meanwhile, I will do more research, if there's any good method I can find, I will post back.