You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/windows-server/active-directory/deployment-operation-ad-domains.md
+34-35Lines changed: 34 additions & 35 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -69,17 +69,16 @@ If you use a single-label DNS name in your environment, clients may be unable to
69
69
70
70
The following list describes the symptoms that may occur:
71
71
72
-
- After you configure Microsoft Windows for a single label domain name, all servers that have the domain controller role may be unable to register DNS records. The System log of the domain controller may consistently log NETLOGON 5781 warnings that resemble the following example:
73
-
> [!NOTE]
74
-
> Status code 0000232a maps to the following error code:
72
+
- After you configure Microsoft Windows for a single label domain name, all servers that have the domain controller role may be unable to register DNS records. The System log of the domain controller may consistently log NETLOGON 5781 warnings that resemble the following example:[recheck]()
75
73
76
-
> DNS_ERROR_RCODE_SERVER_FAILURE
74
+
> [!NOTE]
75
+
> Status code 0000232a maps to the `DNS_ERROR_RCODE_SERVER_FAILURE` error code.
77
76
78
77
- The following additional status codes and error codes may appear in log files such as Netdiag.log:
79
78
80
-
> DNS Error Code: 0x0000251D = DNS_INFO_NO_RECORDS
81
-
DNS_ERROR_RCODE_ERROR
82
-
RCODE_SERVER_FAILURE
79
+
-`0x0000251D = DNS_INFO_NO_RECORDS`
80
+
-`DNS_ERROR_RCODE_ERROR`
81
+
-`RCODE_SERVER_FAILURE`
83
82
84
83
- Windows-based computers that are configured for DNS dynamic updates won't register in a single-label domain. Warning events that resemble the following examples are recorded in the System log of the computer:
85
84
@@ -100,31 +99,31 @@ Also without modification, an Active Directory domain member in a forest that co
100
99
To enable a Windows computer to use DNS to locate domain controllers in domains that have single-label DNS names, follow these steps:
101
100
102
101
1. Select **Start**, select **Run**, type regedit, and then select **OK**.
3. In the details pane, locate the **AllowSingleLabelDnsDomain** entry. If the **AllowSingleLabelDnsDomain** entry doesn't exist, follow these steps:
107
-
1. On the **Edit** menu, point to **New**, and then select **DWORD Value**.
108
-
2. Type **AllowSingleLabelDnsDomain** as the entry name, and then press **ENTER**.
109
-
4. Double-click the **AllowSingleLabelDnsDomain** entry.
110
-
5. In the **Value data** box, type 1, and then select **OK**.
111
-
6. Exit Registry Editor.
105
+
1. In the details pane, locate the **AllowSingleLabelDnsDomain** entry. If the **AllowSingleLabelDnsDomain** entry doesn't exist, follow these steps:
106
+
1. On the **Edit** menu, point to **New**, and then select **DWORD Value**.
107
+
1. Type **AllowSingleLabelDnsDomain** as the entry name, and then press **ENTER**.
108
+
1. Double-click the **AllowSingleLabelDnsDomain** entry.
109
+
1. In the **Value data** box, type 1, and then select **OK**.
110
+
1. Exit Registry Editor.
112
111
113
112
- DNS client configuration
114
113
115
114
Active Directory domain members and domain controllers that are in a domain that has a single-label DNS name typically must dynamically register DNS records in a single-label DNS zone that matches the DNS name of that domain. If an Active Directory forest root domain has a single-label DNS name, all domain controllers in that forest typically must dynamically register DNS records in a single-label DNS zone that matches the DNS name of the forest root.
116
115
117
116
By default, Windows-based DNS client computers don't attempt dynamic updates of the root zone "." or of single-label DNS zones. To enable Windows-based DNS client computers to try dynamic updates of a single-label DNS zone, follow these steps:
118
117
1. Select **Start**, select **Run**, type regedit, and then select **OK**.
3. In the details pane, locate the **UpdateTopLevelDomainZones** entry. If the **UpdateTopLevelDomainZones** entry doesn't exist, follow these steps:
123
-
1. On the **Edit** menu, point to **New**, and then select **DWORD Value**.
124
-
2. Type **UpdateTopLevelDomainZones** as the entry name, and then press **ENTER**.
125
-
4. Double-click the **UpdateTopLevelDomainZones** entry.
126
-
5. In the **Value data** box, type 1, and then select **OK**.
127
-
6. Exit Registry Editor.
121
+
1. In the details pane, locate the **UpdateTopLevelDomainZones** entry. If the **UpdateTopLevelDomainZones** entry doesn't exist, follow these steps:
122
+
1. On the **Edit** menu, point to **New**, and then select **DWORD Value**.
123
+
1. Type **UpdateTopLevelDomainZones** as the entry name, and then press **ENTER**.
124
+
1. Double-click the **UpdateTopLevelDomainZones** entry.
125
+
1. In the **Value data** box, type 1, and then select **OK**.
126
+
1. Exit Registry Editor.
128
127
129
128
These configuration changes should be applied to all domain controllers and members of a domain that have single-label DNS names. If a domain that has a single-label domain name is a forest root, these configuration changes should be applied to all the domain controllers in the forest, unless the separate zones _msdcs. _ForestName_, _sites. *ForestName*, _tcp. *ForestName*, and_udp. *ForestName* are delegated from the *ForestName* zone.
130
129
@@ -138,7 +137,7 @@ Use Group Policy to enable the Update Top Level Domain Zones policy and the Loca
138
137
|---|---|
139
138
|Update Top Level Domain Zones|Computer Configuration\Administrative Templates\Network\DNS Client|
140
139
|Location of the DCs hosting a domain with single label DNS name|Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records|
141
-
140
+
142
141
To enable these policies, follow these steps on the root domain container:
143
142
144
143
[Revise the following--need to jump from gpmc to gpedit for group policy instead of local policy]
@@ -147,25 +146,25 @@ To enable these policies, follow these steps on the root domain container:
147
146
1. Under **Local Computer Policy**, expand **Computer Configuration**.
148
147
1. Expand **Administrative Templates**.
149
148
1. Enable the Update Top Level Domain Zones policy. To do it, follow these steps:
150
-
1. Expand **Network**.
151
-
2. Select **DNS Client**.
152
-
3. In the details pane, double-click **Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC**.
153
-
4. Select **Enabled**.
154
-
5. Select **Apply**, and then select **OK**.
149
+
1. Expand **Network**.
150
+
1. Select **DNS Client**.
151
+
1. In the details pane, double-click **Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC**.
152
+
1. Select **Enabled**.
153
+
1. Select **Apply**, and then select **OK**.
155
154
1. Enable the Location of the DCs hosting a domain with single label DNS name policy. To do this, follow these steps:
156
-
1. Expand **System**.
157
-
2. Expand **Net Logon**.
158
-
3. Select **DC Locator DNS Records**.
159
-
4. In the details pane, double-click **Location of the DCs hosting a domain with single label DNS name**.
160
-
5. Select **Enabled**.
161
-
6. Select **Apply**, and then select **OK**.
155
+
1. Expand **System**.
156
+
1. Expand **Net Logon**.
157
+
1. Select **DC Locator DNS Records**.
158
+
1. In the details pane, double-click **Location of the DCs hosting a domain with single label DNS name**.
159
+
1. Select **Enabled**.
160
+
1. Select **Apply**, and then select **OK**.
162
161
1. Close the Group Policy Editor and GPMC.
163
162
164
163
> [!NOTE]
165
164
> You can define the settings by using configuration service policies (CSPs). For more information, see the following articles:
0 commit comments