none
the name you specified is not a valid windows domain name

    Question

  • Hi,

     

    I have a domain called DomainA that contains a Child Domain called Child.DomainA

     

    I have another domain called DomainB

     

    At the moment there is a Forest Trust between DomainA and DomainB and I can Validate this trust.

     

    I have added a new DC in Child.DomainA and from here when I try to create a trust between Child.DomainA & DomainB I get the following error

    “the name you specified is not a valid windows domain name”

     

    In DNS on DomainB I have added a secondary zone for Child.DomainA and on Child.DomainA I have added a secondary zone for DomainB.  I can ping servers from both domains without issues.

     

    Other errors I am noticing is if I go to the build in Administrator group on Child.DomainA and try and add an account from DomainB it comes backs as it can’t resolve the username.

     

    Any help on this issue would be great

     

    Thanks

    Wednesday, September 14, 2011 3:00 PM

Answers

All replies

  • Hi,

    Check and enable the Name Suffix Routing(In trust). Name suffix routing should be enabled for newly created child domains

     

    Using the Windows interface

    1. Open Active Directory Domains and Trusts.

    2. In the console tree, right-click the domain that you want to administer, and then click Properties.

    3. On the Trusts tab, under either Domains trusted by this domain (outgoing trusts) or Domains that trust this domain (incoming trusts), click the forest trust that you want to administer, and then click Properties.

    4. Click the Name Suffix Routing tab, and then, under Name suffixes in the x.x forest, do one of the following:

      • To enable a name suffix, click the suffix that you want to enable, and then click Enable.

    http://technet.microsoft.com/en-us/library/cc783658(WS.10).aspx

     

     


    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    • Edited by Tanmoy Manik Wednesday, September 14, 2011 3:52 PM
    Wednesday, September 14, 2011 3:49 PM
  • Checked it on the main Trust between DomainA & DomainB and its enabled
    Wednesday, September 14, 2011 3:53 PM
  • Have you considered creating a transitive forest trust?
    MCTS...
    Wednesday, September 14, 2011 4:00 PM
  • Hello,

    I believe forest trust is always transitive. If you have a forest trust you do not need to create another trust.

    Have you checked the status in name suffix routing for child.doaminA . 

    In child.domainA open dsa.msc, right click on domainname and do connect to domainB. Can you do that?

     


    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, September 14, 2011 4:10 PM
  • Hi,

     

    The trust between DomainA & DomainB is a transitive forest trust.

    Other issue I am noticing is in regards to using ADMT to migrate users accounts from DomainB to the Child Domain.  I have a feeling the issue is down to DNS but can't find anything glaring wrong 

    Wednesday, September 14, 2011 4:10 PM
  • Hi Tanmoy,

     

    the answer to your question is No.

     

    More info:

    I have just run dcdiag /dns and here are the results

      Summary of DNS test results:

     

                                         Auth Basc Forw Del  Dyn  RReg Ext

            ________________________________________________________________

         Domain: child.domainA.com

            childDC                      PASS PASS FAIL PASS WARN PASS n/a

    Wednesday, September 14, 2011 4:17 PM
  • Hi,

    My suggestion toy you is use stub zone instead of secondary zone.

    http://www.misdivision.com/blog/step-by-step-how-to-create-a-stub-zone-in-windows-server-2008-r2

    Validate the trust both ways.

    If you are using ADMT then definitely the trust is working. Enable name suffix routing for child domain

     

    http://technet.microsoft.com/en-us/library/cc784334(WS.10).aspx


    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Edited by Tanmoy Manik Wednesday, September 14, 2011 4:25 PM
    • Proposed as answer by Marius EneMVP Thursday, September 15, 2011 5:04 AM
    Wednesday, September 14, 2011 4:18 PM
  • Got this fixed. It was looking at a old DC that is no longer on the network

     

    thanks

    Thursday, September 15, 2011 2:49 PM