locked
name resolution works 1 way in 2 way forest trust please help.. RRS feed

  • Question

  •  
    Hi
     
    i am setting up platform for cross forest migration.
    all done i am able to access resources in both forest.
     
    here is issue.
     
    "ordernet" is 1st old forest
    "orderline.com" is 2nd new forest
     
    two way trust relation is completed.
     
    when i try to add users to group in 2nd from 1st it works.
    when i try to add users to group in 1st from 2nd after selecting the forest it does not resolve the is it due to single lable domain or what please help since i have to do this over weekend.
     
    Thanks
    Imran.

    Shift the Ctrl in our hands and we will Alt the world.
    Tuesday, October 21, 2008 8:35 PM

Answers

  • Hi Imran,

     

    As you said, when you try to add users to group in 1st from 2nd after selecting the forest it does not resolve, can you tell us what thing cannot be resolved?

     

    Troubleshooting steps:

     

    1. Please refer to the following document to valid the two-way trust that you create between the 2 domains.

     

    Validate a Trust

    http://technet.microsoft.com/en-us/library/cc816894.aspx

     

    2. Please add the AllowSingleLabelDnsDomain registry value to the computers in "orderline.com" to enable these domain members to use DNS Server service to locate domain controllers in Single-label domain. 

     

    Steps to enable an Active Directory domain member to use DNS to locate domain controllers in domains that have single-label DNS names that are in other forests:

     

    a. Click Start, click Run, type regedit, and then click OK.

     

    b. Locate and then click the following subkey:

     

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

     

    c. In the right pane, locate the AllowSingleLabelDnsDomain entry.

     

    d. If the AllowSingleLabelDnsDomain entry does not exist, follow these steps:

     

    1)  On the Edit menu, point to New, and then click DWORD Value.

     

    2)  Type AllowSingleLabelDnsDomain as the entry name, and then press ENTER.

     

    e. Double-click the AllowSingleLabelDnsDomain entry.

     

    f. In the Value data box, type 1, and then click OK

     

    g. Quit Registry Editor.

     

    3. If the issue continues, please take a screenshot of the issue and send it to tfwst@microsoft.com

     

    For more information, please refer to :

     

    Information about configuring Windows for domains with single-label DNS names

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;300684


    Hope it helps.


    David Shen - MSFT
    • Marked as answer by David Shen Monday, October 27, 2008 7:28 AM
    Thursday, October 23, 2008 10:00 AM

All replies

  • Hi Imran,

     

    As you said, when you try to add users to group in 1st from 2nd after selecting the forest it does not resolve, can you tell us what thing cannot be resolved?

     

    Troubleshooting steps:

     

    1. Please refer to the following document to valid the two-way trust that you create between the 2 domains.

     

    Validate a Trust

    http://technet.microsoft.com/en-us/library/cc816894.aspx

     

    2. Please add the AllowSingleLabelDnsDomain registry value to the computers in "orderline.com" to enable these domain members to use DNS Server service to locate domain controllers in Single-label domain. 

     

    Steps to enable an Active Directory domain member to use DNS to locate domain controllers in domains that have single-label DNS names that are in other forests:

     

    a. Click Start, click Run, type regedit, and then click OK.

     

    b. Locate and then click the following subkey:

     

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

     

    c. In the right pane, locate the AllowSingleLabelDnsDomain entry.

     

    d. If the AllowSingleLabelDnsDomain entry does not exist, follow these steps:

     

    1)  On the Edit menu, point to New, and then click DWORD Value.

     

    2)  Type AllowSingleLabelDnsDomain as the entry name, and then press ENTER.

     

    e. Double-click the AllowSingleLabelDnsDomain entry.

     

    f. In the Value data box, type 1, and then click OK

     

    g. Quit Registry Editor.

     

    3. If the issue continues, please take a screenshot of the issue and send it to tfwst@microsoft.com

     

    For more information, please refer to :

     

    Information about configuring Windows for domains with single-label DNS names

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;300684


    Hope it helps.


    David Shen - MSFT
    • Marked as answer by David Shen Monday, October 27, 2008 7:28 AM
    Thursday, October 23, 2008 10:00 AM
  • Thanks a lot ...

    appriciate your time and, my migration was successfull and no issues all good in production env..

    once again thank you.

    imran.
    Shift the Ctrl in our hands and we will Alt the world.
    Monday, October 27, 2008 12:42 PM