Adding Multiple Alternate DNS Names for a Windows Computer

In migrating scenarios, it is often necessary to be able to access Windows servers (computers) using both the old and new hostnames. The simplest way to make a computer accessible by a new name is to add an alias (CNAME) to the DNS pointing to the old FQDN name (A record).

A CNAME alias for the old hostname can be added using the DNS Manager console (dnsmgmt.msc) or by the Add-DnsServerResourceRecordCName command:

Add-DnsServerResourceRecordCName -ZoneName woshub.loc -Name new-wks11 -HostNameAlias wks11.woshub.loc

However, if you’ve created a DNS alias, you won’t be able to perform Kerberos authentication when accessing the computer using the new hostname. This is because when you add a DNS record to a computer, the SPN (Service Principal Name) value in the AD object properties is not updated.

Windows Server has a built-in netdom.exe command that can be used to correctly add an additional hostname. For example, if you want to add a second hostname to the fs01 computer, run the following command with an alternate FQDN:

netdom computername fs01 /ADD new-fs01.woshub.loc

Register the new name in the DNS:

ipconfig /registerdns

The netdom command will register a CNAME record in DNS, add the new name to the AlternateComputerNames registry parameter (described below), and update the value of the servicePrincipalName and msDS-AdditionalDnsHostName attributes for the computer account in AD.

List all registered computer names:

netdom computername m-dc01 /enum

Get registered SPNs for a computer account:

setspn.exe -L fs01

The netdom.exe command is missing in Windows 10 and 11, so you’ll need to change the registry to add an additional hostname manually.

To add an alternate DNS name:

1. Under the HKLM\System\CurrentControlSet\Services\DNSCache\Parameters\ registry key, create a REG_Multi_SZ parameter called AlternateComputerNames.
2. Specify an additional FQDN name (or multiple names) for this (one FQDN per line)
3. Register computer names in DNS: ipconfig /registerdns
4. Add the new computer name to the SPN:
   SETSPN -a host/new-wks11 wks11
SETSPN -a host/new-wks11_name.woshub.loc wks11

To add an alternative NetBIOS name to a computer, create the OptionalNames parameter (REG_Multi_SZ) in the HKLM\System\CurrentControlSet\Services\LanManServer\Parameters reg key.

Then restart the lanmanserver service:

net stop lanmanserver
net start lanmanserver

If for some reason you cannot update the computer’s SPN in AD, create a REG_DWORD parameter called DisableStrictNameChecking (HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters) and set to 1. This will allow the shared SMB folders on that computer to be accessed under the new name.