Solved

Domain Trust with a domain that does not have a FQDN

Posted on 2013-01-28
5
759 Views
Last Modified: 2013-01-28
Hi,

I have inherited 2 domains.  One of my domains when it was created, was created with a Non FQDN naming structure.  Instead of being domainname.local, it is just domainname.

I want to be able to create a trust between my 2 domains.  I can create a trust from the Non FQDN domain to my FQDN domain, but I cannot create a trust the other way around.

domainname > domainname1.local trust works
domainname1.local > domainname will not work.

Is there a way around this or do I see a domain re-name in my future?

Thanks for any help

Stu.
0
Comment
Question by:stu29
  • 2
  • 2
5 Comments
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 38826986
What type of domain is the FQDN-less running? It has to have some kind of DNS infrastructure, unless it is NT 4.0. Active Directory needs DNS to get up and running.
0
 
LVL 9

Author Comment

by:stu29
ID: 38827260
Domain is Windows Active Directory (running at Server 2003 level).
Domain name is domainname
DNS is running and passes all tests.
DNS also referenences just domainname with no FQDN ext.
So the name server in DNS would be nameserver.domainname. with no ext.

Hope this make sense.  AD functions correctly in this domain, justt the trust will not build.

Thanks

Stu
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 38827280
How about making an additional DNS zone with a proper FQDN, alongside the existing zone? A "domain.lan", or whatever you like and integrate that into Active Directory, so all of the glue records populate and replicate? I would make a System State backup before doing this...
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 38827429
I have inherited 2 domains.  One of my domains when it was created, was created with a Non FQDN naming structure.  Instead of being domainname.local, it is just domainname.
That's known as a single-label domain name.  In DNS terms, each element of an FQDN is a label, so a domain named mydomain.com has two labels, mydomain and com.  Single-label domains are problematic in AD; this KB article has some general information about why this is the case.

You may want to try the steps listed here to make the trust work, but in the long run you'll be better off either renaming or migrating away from that single-label domain.
0
 
LVL 9

Author Comment

by:stu29
ID: 38827590
Thanks for the feedback.  I think I will plan towards a Domain rename.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

29 Experts available now in Live!

Get 1:1 Help Now