One-Way Forest Trust Issue

active-directorydomain-name-system

I have a unique problem. We have inherited a domain that doesn't have a top level domain.
The domain name is renob. I am trying to create a forest level trust between our production domain (jimbo.local) and this inherited domain (renob), but the trust wizard doesn't like a domain without a TLD.
Suggestions?

Best Answer

What you have is called a single label domain (SLD). The trust basically fails to be created because it can't lookup the SLD through DNS. You can enable the DNS lookup on SLD names which should allow you to create the trust.

On the domain controllers, create the following DWORD key and set the value to 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\AllowSingleLableDnsDomain

You may also need to add this key to domain members in the other domain so they can access the SLD over the trust depending on which way the trust is pointing. There is also one additional key that may be necessary for clients to update their DNS entries on the domain controller. The value for the below DWORD value should be created and set to 1 to enable dynamic DNS updates to a SLD DNS server.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateTopLevelDomainZones

There is more info on SLD here.

Finally, I would advise you to retire this domain. However, this isn't always an easy thing to do because of the complications with the single label domain name.

Best Answer

Related Solutions

DNS Best Practices – Top Level Domain/Domain Suffix for Private Network

AD One-Way Trust between Child and Parent Domains

Related Topic