I have an environment with separate Active Directory and DNS infrastructures and am using DNS CNAMEs for several storage servers. Normally windows clients can reach the storage correctly whether pointing at the "real" name or the CNAME.
\\server\storage
\\cname\storage
There is a "server" object in Active Directory associated with the storage, but there isn't anything related to the DNS CNAME.
The other day someone created a windows server with a hostname that was the same as one of the CNAMEs and joined it to the AD domain. This server wasn't in DNS and couldn't be reached, but the presence of the AD object seemed to conflict with the CNAME. When clients tried to reach \\cname\storage, no data was returned. When we removed the conflicting object, things started working again.
Admittedly, this name shouldn't have been used in the first place (it was in use in DNS already). But since DNS is completely separate from AD, I'm worried about this happening again. Is there any way to either "reserve" the name in AD so that someone can't create a new object with that name, or some other step to prevent a new object from creating this conflict?
To make sure you are using your DNS and not other name resolution methods like NBT, I would suggest using Fully Qualified Domain Names in form of
client.domain.localon clients, in that case, any AD object that is not on DNS wouldn't interfere.