@s_castle After you run the smbutil dfs command, it should provide the referral network address that is a FQDN (fully qualified domain name).
For example:
smbutil dfs //company.orangeroot.org/dept/infotech
------------- Domain Entry 1 -------------
Domain requested : /company.orangeroot.org
ExpandedName: /ADDC101.company.orangeroot.org
ExpandedName: /ADDC102.company.orangeroot.org
------------- Entry 1 -------------
Referral requested : /ADDC101/dept/infotech
list item 1 : Path: /ADDC101/dept/infotech
list item 1 : Network Address: /fileserver123.company.edu/infotech
list item 1 : New Referral: /fileserver123.company.edu/infotech
If the Entry 1 referral network address offered is a valid Fully Qualified Domain Name, then that is what the Mac will try to connect to. In the example, the Mac would effectively connect to smb://fileserver123.company.edu/infotech
If the referral network address offered is something like /AD101/depart, then I believe you'll need to point this out to the admin of your domain controller.
@s_castle After you run the smbutil dfs command, it should provide the referral network address that is a FQDN (fully qualified domain name).
For example:
smbutil dfs //company.orangeroot.org/dept/infotech
------------- Domain Entry 1 -------------
Domain requested : /company.orangeroot.org
ExpandedName: /ADDC101.company.orangeroot.org
ExpandedName: /ADDC102.company.orangeroot.org
------------- Entry 1 -------------
Referral requested : /ADDC101/dept/infotech
list item 1 : Path: /ADDC101/dept/infotech
list item 1 : Network Address: /fileserver123.company.edu/infotech
list item 1 : New Referral: /fileserver123.company.edu/infotech
If the Entry 1 referral network address offered is a valid Fully Qualified Domain Name, then that is what the Mac will try to connect to. In the example, the Mac would effectively connect to smb://fileserver123.company.edu/infotech
If the referral network address offered is something like /AD101/depart, then I believe you'll need to point this out to the admin of your domain controller.
Turns out not all the servers listed in the DFS share had FQDNs. I can't change that, but I've been able to change the DNS suffix settings on the affected machines so they are now accessible.
Basically, the problem was that the DNS settings for each device (picked up from DHCP) included two sub domains, but not the root. The servers are in the root domain, but not either sub. The Macs were just searching the two sub domains, not the root. Adding the root domain to the Mac's DNS Suffix search list solved the problem.
Weirdly, Windows just copes with this, so it's clearly searching the root as well. The machines are on the same subnet, so are picking up DNS details from the same source. Unless our Windows admins encountered the same problem and rather than fixing the problem at the source, just edited the Windows DNS Search suffixes via Group Policy or some such.