Share via

How to config the DNS suffix for windows server in terraform deployment steps

sheng.fang 0 Reputation points
2026-03-19T04:05:41.99+00:00

To change or remove the primary DNS suffix, we can follow these steps¹:

- Right-click on Start and select System.

- Click on Advanced system settings.

- Click on Computer Name tab.

- Click on Change button.

- Click on More button.

- In the Primary DNS suffix of this computer box, type the new suffix or leave it blank to remove it.

- Click on OK three times and restart your computer.

this is a manually operation in windows server , my question is how to integrate this steps into terraform code when doing the vm depolyment , including the AADLoginForWindows extension ?

Windows for business | Windows Server | Networking | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. sheng.fang 0 Reputation points
    2026-03-19T04:08:02.6133333+00:00

    do we have the exact code ?

    0 comments
  2. Q&A Assist
    2026-03-19T04:05:57.32+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Terraform cannot directly edit the Windows “Primary DNS suffix of this computer” UI, but the same setting is controlled by the Windows DNS client’s primary DNS suffix. That suffix can be configured in an automated way and applied at deployment time.

    From the Windows side, the primary DNS suffix is what forms the computer’s FQDN and is used for DNS registration and resolution. It can be set either:

    1. As the machine’s primary DNS suffix (System Properties → Computer Name → More…), or
    2. Via policy/registry using the DNS_PrimaryDnsSuffix setting, which explicitly defines the primary DNS suffix used by the DNS client.

    In an automated deployment (for example, via Terraform):

    1. Deploy the Windows VM and the AADLoginForWindows extension as usual.
    2. Use a provisioning mechanism that Terraform supports (custom script extension, cloud-init equivalent, or configuration management) to set the primary DNS suffix inside the guest OS by:
      • Applying the DNS_PrimaryDnsSuffix policy (ADMX_DnsClient/DNS_PrimaryDnsSuffix) with the desired suffix (for example, microsoft.com), or
      • Writing the corresponding registry keys and then restarting Windows so the DNS client picks up the new suffix.

    The DNS_PrimaryDnsSuffix policy explicitly:

    • Specifies the primary DNS suffix used by the DNS client in DNS name registration and resolution.
    • Overrides the value configured in the “DNS Suffix and NetBIOS Computer Name” dialog.
    • Requires a Windows restart for changes to apply.

    In Terraform terms, the flow is:

    1. Define the Windows VM resource.
    2. Attach the AADLoginForWindows extension.
    3. Attach a custom script extension that:
      • Configures the DNS_PrimaryDnsSuffix policy/registry with the desired suffix.
      • Triggers a reboot so the DNS client uses the new suffix.

    Once applied, the VM’s DNS client will use that primary DNS suffix for:

    • Forming the full computer name (FQDN).
    • Registering A/PTR records (if dynamic DNS registration is enabled).
    • DNS name resolution.

    This achieves the same effect as manually setting the “Primary DNS suffix of this computer” during deployment, integrated into Terraform’s provisioning workflow.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.