You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/windows-server/active-directory/deployment-operation-ad-domains.md
+12-10Lines changed: 12 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -26,18 +26,20 @@ For the following reasons, create new Active Directory domains that have fully q
26
26
27
27
- You can't use an internet registrar to register single-label DNS names.
28
28
- When joined to single-label domains, client computers (both domain-joined and non-domain joined) and domain controllers require extra configuration to dynamically register DNS records in single-label DNS zones.
29
-
- Client computers and domain controllers might require extra configuration to resolve DNS queries in single-label DNS zones.
29
+
- Client computers (domain-joined, nondomain-joined, and Microsoft Entra ID-joined) and domain controllers require extra configuration to resolve DNS queries in single-label DNS zones.
30
30
- Some server-based applications are incompatible with single-label domain names. Newly released applications might not support single-label DNS names, and applications that support single-label DNS names might drop that support in the future.
31
31
- Transitioning from a single-label DNS domain name to a fully qualified DNS name is nontrivial and consists of two options:
32
32
33
-
-[Migrate](https://www.microsoft.com/download/details.aspx?id=19188) users, computers, groups, and other states to a new forest.
33
+
- Migrate users, computers, groups, and other states to a new forest.
34
34
- Rename the existing domain.
35
35
36
36
> [!IMPORTANT]
37
37
> Current Microsoft applications don't support domain renaming. As a result, don't try to rename a single-label DNS name to a fully qualified domain name.
38
38
39
39
- In Windows Server 2008, the Active Directory Installation Wizard (Dcpromo.exe) warns against creating new domains that have single-label DNS names. There's no business or technical reason to create new domains that have single-label DNS names. In Windows Server 2008 R2 and later versions, the Active Directory Installation Wizard explicitly blocks creating such domains.
40
40
41
+
Previous versions of this article provided information about Microsoft applications that specifically didn't support domain renaming. Currently, no Microsoft applications support domain renaming, so the distinction of the list isn't needed anymore.
42
+
41
43
## More information
42
44
43
45
Single-label names consist of a single word, such as "contoso."
@@ -83,7 +85,12 @@ Consider the following configuration:
83
85
- Domain member computers reside in a forest that doesn't contain any single-label DNS domains.
84
86
- Domain controllers reside in single-label DNS domains in a different forest.
85
87
86
-
By default, in these circumstances, the domain member computers don't use the DNS Server service to locate the domain controllers. Additionally, by default, Windows doesn't send updates to top-level domains. However, you can change these behaviors by using one of the two methods in this section.
88
+
In this configuration, you see the following default behaviors:
89
+
90
+
- By default, the client computers don't use the DNS Server service to locate the domain controllers.
91
+
- By default, Windows DNS clients don't send updates to top-level domains.
92
+
93
+
These behaviors cause DNS resolution issues. To mitigate them, you have to change the configurations of the Windows client computers (domain-joined, non-domain joined, or Microsoft Entra ID-joined) and the domain controllers. Use one of the two methods in this section to change the configurations.
87
94
88
95
> [!IMPORTANT]
89
96
> Before you use either method, make sure that NetBIOS name resolution works correctly in your environment. Otherwise, clients can't access the domains that have single-label DNS names fails.
@@ -94,7 +101,7 @@ By default, in these circumstances, the domain member computers don't use the DN
94
101
95
102
##### Step 1: Change the domain controller locator configuration
96
103
97
-
On the Windows client computers (domain-joined, non-domain joined, or Microsoft Entra ID-joined), follow these steps
104
+
On the Windows client computers (domain-joined, non-domain joined, or Microsoft Entra ID-joined), follow these steps:
98
105
99
106
1. In the Search box, enter regedit, and then select **Registry editor**.
100
107
1. Locate and then select the `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters` subkey.
@@ -106,12 +113,7 @@ On the Windows client computers (domain-joined, non-domain joined, or Microsoft
106
113
107
114
##### Step 2: Change the dynamic update configuration for the DNS root zone or single-label DNS zones
108
115
109
-
Apply these changes to all domain controllers and members of domains that have single-label DNS names. If a domain that has a single-label DNS name is a forest root, apply these configuration changes to all the domain controllers in the forest. The only exceptions are the following zones, *if* they're delegated from the *ForestName* zone:
110
-
111
-
-\_msdcs. *ForestName*
112
-
-\_sites. *ForestName*
113
-
-\_tcp. *ForestName*
114
-
-\_udp. *ForestName*
116
+
Apply these changes to all domain controllers and members of domains that have single-label DNS names. If a domain that has a single-label DNS name is a forest root, apply these configuration changes to all the domain controllers in the forest, unless the separate zones \_msdcs. *ForestName*, \_sites. *ForestName*, _tcp. *ForestName*, and_udp. *ForestName* are delegated from the *ForestName* zone.
0 commit comments