How to – AD Forest/Domain Trust with a Single Label Domain (SLD)

Recently I was involved on for an AD integration with our company and a another acquired company. I discovered that the new company was using a Single Label Active Directory Domain and this make things more difficult :-)

If you are asking what is a SLD… check this: https://support.microsoft.com/en-us/kb/300684

An Active Directory domain name that contains one or more labels separated by a dot is referred to as a fully qualified domain name with two or more names and it will be referred as FQDN in this document. In contrast there is the concept of single-label domain (SLD), which refers to Active Directory domain names with only one label

The first step for setting up an AD trust is to configure conditional forwarder in DNS on both AD.
This worked as usual and I could resolve servers in both domain.

Second step was to set up the trust… and I immediately received an error. The source DC didn’t know how to find the SLD domain. To solve that problem you need to create a GPO enabling this setting:

“Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Location of the DCs hosting a domain with single label DNS name”

This GPO should be deployed to all DCs and Servers that need to use the trust.

If you have some service that have some authentication issue within the AD trust, check is the SLD DCs are discoverable and reachable:

nltest /dsgetdc:SLDdomain
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s