Why do we ask for an ipconfig /all, when we try to help diagnose AD issues?

Ace Fekay, MCT, MVP, MCSE 2012/Cloud, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & 2010, Exchange 2010 Enterprise Administrator, MCSE 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP: Directory Services
Active Directory, Exchange and Windows Infrastructure Engineer

Ace here again. Yea, I had to post a blog about this because many people ask, why do you want that? Just for the IP address??

Nope. Not just for the IP.

Good question.

There is quite a bit of information that an ipconfig /all provides us configuration data as a precursor for a diagnosis. Sometimes the ipconfig /all results will help us fix it, but not always.

Many admins are reluctant to provide this sort of information citing security reasons.

In some cases, I sympathize and agree, but in many cases, security really isn’t much of a concern, because for one, your internal IP range is a private range, and two, you can substitute your actual internal domain name with something more generic, such as substituting “microsoft.local” with “mydomain.local. You should also substitute your DC names using something generic, such as dc-01. dc-02, etc. But definitely keep track of the substituted DC names if we have additional questions regarding them.

Let’s take a look at each value in an ipconfig /all

Believe it or not, the results of an ipconfig /all has numerous information that helps us get an inside view of a DC’s basic network configuration, as well as basic service configuration.

Let’s break it down:

C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : company-dc-01  

  • Name is under 15 characters – good for NetBIOS compatibility. Not a huge concern for many compani
  • Possibly indicates more than one DC based on the –01 portion of the name

Primary Dns Suffix  . . . . . . . : company.com 

  • The AD DNS Domain name is not a single label name.
  • In some cases, we’ll also ask for the name in ADUC. If the name in ADUC does no match this name, then it’s a Disjointed Namespace condition).
  • Node Type . . . . . . . . . . . . : Hybrid   

    • If Hybrid is set, it tells me that WINS is in use.
    • Hybrid mode, specifically 0x8 (as you would set a WINS server Hybrid mode in DHCP Option 046), tells the client side resolver to use WINS first when attempting to resolve a single name query, and if it can’t resolve it, to then try a broadcast to resolve it. Of course, this is only after DNS resolution fails, since DNS is used first anyway, where the client side resolver will suffix the Search Suffix when attempting to resolve it as a DNS hostname query.
    • If the Node Type is set to “Unknown,” then no big deal. It just means that WINS is not being used, and the resolver service will use broadcast for a  single name resolution.
    • IP Routing Enabled. . . . . . . . : No

      • Means RRAS is not installed
      • If set to Yes, it means RRAS is installed, and it will interfere with AD communications on this DC. 

      WINS Proxy Enabled. . . . . . . . : No  

      • On a DC, “No” is what we want to see.
      • If set to Yes, then it means “Enable broadcast name resolution” is checked under General tab in RRAS properties.
        • If this is set to Yes, and there is only one NIC. it could mean either:
        • RRAS is installed only for VPN use
        • RRAS was disabled, but the setting stuck
      • Either way, if it is set to Yes, it will cause problems with AD communications.

      DNS Suffix Search List. . . . . . : company.com

      • This is what the client side resolver will use when attempting to resolve a single name query. For example, if I run nslookup against a single name such as computer1, the resolver will suffix company.com to it, resulting in a query of computer1.company.com.
      • If there are multiple domains in the forest, such as a parent and child domain, or multiple child domains, then each domain must be configured with a search suffix for all other domains in order to be able to resolve everything in the forest. This is also true for additional Trees in the forest.
      • The company.com in this example, was devolved from the Primary DNS Suffix.
        • If the Primary DNS suffix has multiple levels, such as Chicago.ad.company.com, then the resolver will devolve it to show search suffixes of chicago.ad.company.com, ad.company.com, and company.com.
        • However, if ad.company.com is the parent root domain, if using Windows 2008 or newer, it will only devolve to ad.company.com. Windows 2000 and 2003 devolved all levels, which led to some confusion.

      Ethernet adapter Team 1:

      • Obviously this interface is a team.

      Connection-specific DNS Suffix  . :

      • If this is a DHCP client, and DHCP Option 015 is configured with a domain suffix, then it will populate this value. It’s used for a specific interface that gets this configuration, such as if it is a wireless, then that value will populate the wireless connection, but not the wired connection, and will be used as suffix for identification and DNS registration only for that interface, but it is not used as a search suffix.

      Description . . . . . . . . . . . : BASP Virtual Adapter

      • This is the vendor brand name of the adapter

      Physical Address. . . . . . . . . : 00-18-8B-47-F0-D1

      • This is the MAC address of this adapter or Team.

      DHCP Enabled. . . . . . . . . . . : No

      • This means the NIC has a static configuration.

      IP address, mask and subnet

         IP Address. . . . . . . . . . . . :
         Subnet Mask . . . . . . . . . . . :
         Default Gateway . . . . . . . . . :

      • In the above three values, we make sure the IP address and mask are on the same subnet as an ipconfig /all of another machine, if one was provided. You would be surprised how many times we’ve seen subnets mis-configured with an incorrect subnet mask. 

      DNS Servers . . . . . . . . . . . :

      • What we look for with DNS address, is only to specify the internal DNS servers hosting the AD zone. If an external DNS addresses are specified, or your router’s DNS address is specified (for example,, then you should expect to see numerous problems. This is because your machine is sending the external DNS servers or your router a query whenever it tries to login, authenticate, find domain resources, etc. The external DNS servers or your router, does not have an answer when queried for internal resources. It’s the same as me asking the first person I see walking by out front of my house, “Where’s that beer that was in my refrigerator last night?” Besides the person not having an answer, he’ll probably give me a funny or dirty look. Your DNS server and DC won’t give you a funny look, but you’ll probably get some sort of error and your machine will fail to find your AD domain.
      • The addresses you see listed in this example are showing that it is pointing to a partner DC as the first entry, and itself as the second entry.
        • You may also find in some configuration the loopback as the second entry. This is ok, too. DCPROMO puts in the loopback. Matter of fact, if you were to run the AD BPA, one of the things it looks for is the loopback as the second entry. You can leave it there if you like, or you can change it to the IP of itself, but if you do, just ignore the BPA’s warnings, if you were to run it again.

      Primary WINS Server . . . . . . . :

      • This tells me the server is running WINS. Why? Because it is pointing to itself, as it should be for a WINS server.
      • If a WINS server is pointing to any other WINS servers, it will cause numerous problems with WINS record ownership.

      NetBIOS over Tcpip. . . . . . . . : Enabled

      • Of course this one is obvious. But here’s one for you. If you have NetBIOS disabled, but you are using WINS, what’s the point??

      Nslookup suffixing behavior

      By Ace Fekay, MCT, MVP, MCSE 2012/Cloud, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & 2010, Exchange 2010 Enterprise Administrator, MCSE 2003/2000, MCSA Messaging 2003
      Microsoft Certified Trainer
      Microsoft MVP: Directory Services
      Active Directory, Exchange and Windows Infrastructure Engineer

      Original compilation: 2/17/2013



      Many IT folks who are not familiar with nslookup’s suffixing behavior in some cases may believe it’s a DNS issue. Nope, it’s not a DNS issue, rather a combination of nslookup’s suffixing behavior, which DNS server nslookup is using, Forwarders if configured, and the operating system’s Search Suffixes.


      NSLOOKUP and requiring a trailing dot

      Keep in mind, nslookup’s resolver service has its own built-in resolver service and is totally *independent* of the operating system’s client side resolver algorithm, (although it will use the machine’s suffixes to devolve names), and will behave differently than if you were to say ping a host by single name.

      When using nslookup, you need to fully qualify the name (querying an FQDN), instead of a single name, then you must supply a trailing dot with the query.

      If not, it will append the current context, that is the suffix(es) configured on the machine, which it will suffix each one in the order they are configured.

      If you want to use a better tool for nameserver queries, I suggest to use DIG. DIG is downloadable as part of ISC’s BIND DNS server. You can  download BIND for free from https://www.isc.org/wordpress/. Expand the files into a folder, and the tools will be available for use. No, this doesn’t mean you have to install the BIND DNS server service, I’m just suggesting to download and use the utilities in the folder. Matter of fact, BIND also has its own version of nslookup that some say works better than Microsoft’s nslookup, but I haven’t found that true. I’ve found DIG very beneficial when trying to troubleshoot DNS issues.

      Additional nslookup information

      Here are some links explaining nslookup’s behavior. The first one is a doc that explains more of this in greater detail. This doc actually was compiled from KB200525, the second link, which is also mentioned in the Microsoft Official Curriculum Course# 688, “Using TCP/IP,” Courseware.

      Using NSlookup (File Format: Microsoft Word) – “Nslookup will always devolve the name from the current context. If you fail to fully qualify a name query (that is, use trailing dot), the query will be …; “

      Using NSlookup.exe

      Using NSlookup – (Microsoft Word Doc)
      ”Nslookup will always devolve the name from the current context. If you fail to fully qualify a name query (that is, use trailing dot), the query will be … “

      Nslookup, Sep 28, 2007 … This applies when the set and the lookup request contain at least one period, but do not end with a trailing period. Nslookup /set srchlist …

      As the last link suggests, you can run nslookup with the /set srchlist, such as nslookup /set srchlist to set your own search lists that changes the default search suffix nslookup uses that it grabs from the operating system’s Search Suffixes. You can also set it in interactive mode by the following and leaving it blank to remove any search suffixes it’s pulling from the machine:

      > set srchlist


      Will removing the Primary DNS Suffix affect AD functionality?

      Yes and No. Yes if you remove the Primary DNS Suffix, which the default search list comes from and the machine uses in such cases as DirectSMB connectivity, among other things. And no, nslookup’s requirement of using a dot doesn’t affect or indicate any issues with AD, it’s just an nslookup thing.


      In summary:

      No, it’s not something that’s saying there is a DNS problem. To determine if you have a DNS problem, I suggest to use nslookup querying FQDNs with a trailing dot, or better, download and use DIG.

      Further, you will need to use the trailing dot (a period) unless you remove the search suffix. You can also remove the suffix from the machine, and it will work without a trailing dot. But the search suffix is derived from the Primary DNS Suffix, which is set by the domain it’s joined to. You can remove it in the registry and not touch the Primary DNS Suffix.

      You can also uncheck the computer’s client side resolver behavior, as shown in this screenshot (https://utgkjq.sn2.livefilestore.com/y1ppjK9K5o-JVAQJqWMjf9NSpoI9kTGnkjX_q5PGS3whQEFD-TPNXHMC0PU8rKjKt3AKPD5kuN0k9MyqK2I2sXd0mD2DSiTFiF0/DNS%20-%20Stop%20Suffix%20from%20Appending.jpg?psid=1).


      Additional links to read on this subject:

      Thread: “Weird NSLOOKUP results” 6/10/2010

      Windows Appending Domain Suffix To All Lookups

      Thread: “DNS server strange behavior” 2/9/2013

      It’s just something to keep in mind when using nslookup.

      I hope you find this info helpful.

      Ace Fekay

      Comments, corrections and suggestions are welcomed.