ADMX-backed Custom Policy DNS_SearchList

Martin G 21 Reputation points


I´m trying to get the DNS suffix search list populated on our AAD machines as we´re in the transition phase from domain to cloud. And the autopilot / Intune-only machines have some name resolution "issues" as not everybody works with fqdn.

On AD the DNS suffix search list worked fine with GPO but on Intune I´m a bit lost with custom policies. I found this ADMX backed one from Microsoft:

From which I tried to create a custom policy:


and Value (String):
<data id="DNS_SearchListLabel" value=",,,"/>

On my targeted Windows 10 2004 Enterprise I can see in the event viewer (apps..>microsoft>windows>devicemanagement-enterprise>admin) that it shows an error 404:
MDM ConfigurationManager: Command failure status. Configuration Source ID: (D2E622F6-EB75-40D7-9F2B-1594EBB1E082), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Vendor/MSFT/Policy/Config/ADMX_DnsClient/DNS_SearchList), Result: (The system cannot find the file specified.).

On C:\Windows\PolicyDefinitions there´s a dnsclient.admx file from which I got the "DNS_SearchListLabel" which is hopefully correct.

But I´m pretty new to the custom policies and a bit lost at the moment. Thanks in advance for your help!

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,749 questions
0 comments No comments
{count} votes

Accepted answer
  1. Crystal-MSFT 44,411 Reputation points Microsoft Vendor

    @Martin G , For the error, it means the OMA-URI is not configured correctly.

    From the document, it seems the OMA-URI is "./Device/Vendor/MSFT/Policy/Config/ADMX_DnsClient/DNS_SearchList". I have tested in the lab, but it is still failed. From the document, I find this CSP is only available in the latest Windows 10 insider Preview Build. I think this is the reason why we failed.


    Hope it can help.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

1 additional answer

Sort by: Most helpful
  1. Martin G 21 Reputation points

    Sorry for late reply, it seems I got no or missed a mail notification. Oh, just seen I have to enable first.

    Thanks @Crystal-MSFT !
    Indeed, I´ve overlooked the part that it´s only working on latest preview built. That absolutely explains it.

    Actually I´m testing a PS script (pushed with Intune), but it seems that it only runs once and if something locally reverts back the DNS search suffix list, it won´t be automatically reapplied.

    Anybody another idea how to get entries forced to the DNS suffix search list (reapplying/forced)? It was so easy in good old GPO times ;)