2

If I get the fully qualified computer name on a Windows server (2K3 or 2K8) using the GetComputerNameEx() API call, can I rely on that name to be unique on that particular domain? That is, can I assume that only a single active physical or virtual machine will have that fully qualified name at a given time?

As a second question: is it guaranteed that all Windows machines will have such a fully-qualified name?

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
xxbbcc
  • 135
  • 7
  • However, one host can have more than one IP number – mdpc Dec 14 '12 at 22:38
  • @mdpc That's fine by me - I'm trying to get a unique ID that I can use to identify a given physical or virtual machine on a network (not globally, just on a local network). So I don't care about the IP address as long as the full name is something that only one active computer may have at a given time. Even if a VM is cloned, as long as only one running copy can have that name at a given time, it's all right by me. – xxbbcc Dec 14 '12 at 22:56
  • You might consider using the MAC address instead. – joeqwerty Dec 14 '12 at 22:57
  • @joeqwerty Thanks for the suggestion but I've found many, many places that suggest that using the MAC is not reliable. (Getting the realy, HW-level MAC is very complicated and the high-level MAC shown on the UI is something that can be changed in the registry. Is this incorrect? – xxbbcc Dec 14 '12 at 23:03
  • @joeqwerty....as you know MAC addresses can be changed by a simple configuration command these days in a lot of operating systems. – mdpc Dec 14 '12 at 23:14
  • True, but so can the computer name. The MAC address is probably as reliable as the computer name. – joeqwerty Dec 15 '12 at 00:39
  • Just for reference, most of the high end (i.e. EXPEN$IVE) tools, use a license manager and generate their keys from the MAC address of the first ethernet board (usually eth0) on the server whether in use or not. – mdpc Dec 15 '12 at 06:42
  • As an administrator I would never expect software to deal with two computers having the same FQDN. Or, to put it another way, if I had a piece of network software which broke I'd consider it a network problem, not a software / vendor problems and I promise not to curse you. All I'd ask is that, if applicable, make sure the software fails gracefully and only falls down for the name that's duplicated. – Dan Dec 14 '12 at 23:46
  • @mdpc & joeqwerty Thanks guys for the advice, it was useful. – xxbbcc Dec 15 '12 at 17:53

1 Answers1

5

A properly functioning Windows Active Directory domain will not allow two computers with the same FQDN to exist within it.

All Windows computer joined to a domain will have a FQDN that includes the Active Directory domain(s) that make up its location in the forest. It might be possible to change the FQDN of a domain member by changing the primary DNS suffix using netdom computername /Add: and netdom computername /MakePrimary: It may also be possible to change HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Paramaters\Domain manually. This will require further testing to see if it's possible to alter a PC's FQDN away from a domain's heirarchy while it is still a member.

Wesley
  • 32,690
  • 9
  • 82
  • 117
  • Well, by definition of the FQDN, changing the domain suffix doesn't change the FQDN. It's like a house and street address. You can say your house is on High Street, you can even paint that in big bright letters on the front of your house... but that doesn't really do anything to change your actual street address. If you're actually on Main street, you're just the dumbass on Main street with "High St." painted on your house. Likewise, when you're a member of a domain, your FQDN is host.domain, regardless of what you change your DNS suffix to say. – HopelessN00b Dec 14 '12 at 22:49
  • @Wesley, thanks for your answer. So if I understand you correcly, the FQDN of a computer is quaranteed to exist and at any given time it can only identify a single computer on a given network, correct? (I understand that the same name may exist elsewhere, on a different network with the same domain name and that's fine - I'm looking for a unique ID on single local network.) – xxbbcc Dec 14 '12 at 22:51
  • @HopelessN00b if someone actually goes through the effort of changing the domain suffix, would that show up in the name returned by the `GetComputerNameEx()` API? I'm a software engineer, not a network professional so this area is very gray to me. – xxbbcc Dec 14 '12 at 22:53
  • @HopelessN00b I wasn't sure what `GetComputerNameEx()` specifically polled for. – Wesley Dec 14 '12 at 22:53
  • @xxbbcc Not quite. It's guaranteed to represent a single machine in a domain. However, anyone can show up and name their PC in such a way that conflicts with a pre-existing machine on the network. The domain PC will say "No fair! He's not playing be the rules!" and the rogue PC will say "lulz." (Rough translation of computer language) Having said that, you should be save enough in assuming that a AD joined computer's FQDN will be unique on a network. Perform a DNS/NETBIOS lookup first to add some checks if you want. – Wesley Dec 14 '12 at 22:55
  • @WesleyDavid Would that cause any issues on the network other than "lulz"? :) Or is that something completely without consequences? For example if the computer in question is a web server in a large group of web servers, would the conflicting FQDN be an issue? – xxbbcc Dec 14 '12 at 22:57
  • @xxbbcc No, it's a Mighty Bad Thing™ to have two computers with the same name on the same network. – Wesley Dec 14 '12 at 22:59