Set up Migration Endpoint to single-label Domain/Forest

Similar Messages

• Single Label domain names

  Greetz!
  I would like clarification on Single Label Domain names in SP 2013 web applications.
  When I set up my A record I can set the Name, FQDN and IP Address. If I leave Name blank it will use whatever is in the FQDN?When I enter the FQDN I should use something like "Company.Local" or "SP.Company.Local" and not "Company"
  When I set up my root Web Application, I will use the FQDN that I gave in the A record and I will not leave the ":80" on the end of it.
  My intention is to setup a single web application and run HNSCs off the default zone. I will use Windows Authentication with basic Kerberos. I'll have a root site collection but we won't be using it.
  Am I thinking straight about avoiding the use of single label domain names?
  Thanks!
  Love them all...regardless. - Buddha

  "Single Label Domain names" has specific meaning and that applies to Active Directory (SLDs are not supported by SharePoint).
  You will want to use an FQDN as your Host-Named Site Collections will be present underneath the root domain (e.g. if you create a Web Application using "root.company.com", your sites will be "portal.company.com", "teams.company.com",
  as a couple of examples). Your Web Application will be created without a host name (see PowerShell example here: https://technet.microsoft.com/en-us/library/cc424952.aspx#section2).
  Your "root.company.com", in my example, with be a path-based Site Collection as the "Root" Site Collection, which is required for all SharePoint Web Apps. That is described here: https://technet.microsoft.com/en-us/library/cc424952.aspx#section2b.
  They use the WFE URL, but I prefer using the FQDN.
  Another advantage of using FQDNs + SSL is that you don't have two different URLs for internal and external access, thus SharePoint Alerts will always have the correct URL, etc.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Single Label Domain - Corss Forest trust issue!

  Hello There
  We have a single label root domain ex: "abc" trying to establish the external trust with the other forest's root domain which is FQDN ex: xyz.com. The trust seems to be working fine from abc to xyz.com however the trust from xyz.com to abc is an
  issue.
  We are not able to resolve/ping domain abc from xyz.com DC. We are able to ping DCs in abc from xyz.com.
  On xyz.com DNS forwarder are pointing to abc DNS server and WINS has been configured to route to abc WINS. Everytime when I ping abc from xyz.com DC its pointing to some unknown IP.
  on the xyz.com DC tried setting up the registry key AllowSingleLabelDnsDomain, updated the LMHOSTS and host file with abc domain but still unable to resolve the single label domain. We could not suspect that its an issue with the network as we are able to
  ping abc domain DCs from xyz.com
  Thanks in advance.

  Hi,
  It’s not recommended to use LMHOSTS file. Instead, we can use conditional forwarders or secondary DNS zones for DNS resolution between the
  two forests. Besides, we need to open required ports for building inter-forest trust.
  Regarding how to configure name resolution between two forests, the following article can be referred to for more information.
  Trust relationship between Two external forest / Name Resolution
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/f0f384c5-f421-4592-88db-409c171b0567/trust-relationship-between-two-external-forest-name-resolution?forum=winserverDS
  Best regards,
  Frank Shen

• Trusted Forest (Single Label Domain)

  We have a forest "Domain1.com with SCCM 2012 R2 installed. This forest has a Trusted relation with another forest "Domain2". "Domain2" is "Single Label Domain"
  1) Could I discover computers on "Domain2" Domain??
  2) Must I configure "Domain2" Domain as "Disjoint Namespace" ??
  3) Must I configure something on "Domain1.com" ?

  Hi,
  Please make sure the specified account has Read permission to Domain2.
   And here is a blog about discover computers in another trusted domain, although it is for SCCM 2007. Hope this could be helpful.
  SCCM | Discover Another Trusted Domain
  Best Regards,
  Joyce Li
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Support for Single Labeled Domain

  Question - When will Microsoft stop supporting "Single Label Domains"?  Now with Windows Server 8 in the horizon, I would like to know if it will let you upgrade your current AD infrastructure if it is setup as a Single Label Domain.

  I'm sorry, but I truly don't know. The reason that I don't know, is I've never tested it or let an AD infrastructure remain as a single label name for this length of time. I've fixed a number of them in the distant past with renames. I'm not aware of anyone
  currently with a single label name until I saw this thread.
  From what I see, I don't really think so if it hasn't caused any issues up to this point.
  Besides, why do you want to bump the levels up? Is there something you are trying to introduce that requires the levels at 2008 R2? If it's DNS based, it may fail anyway due to the single label name, because the basis of the single label name is DNS *thinks*
  it's a TLD, such as "COM," "NET," etc. That's why it's problematic. DNS is hierarchal and requires a minimum of a two level domain name.
  So if you have a computer, called computer1, and your domain name is DOMAIN. Then the computer's FQDN is computer1.domain. But that looks like a domain name. Make sense?
  Anyway, I'm sure you've heard this and read that in my blog. I'm curious ... Will you be planning on renaming your domain?
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• SCCM and Single Label Domains

  Hi,
  I have SCCM in DomainA.local. It's have trust to DomainB - it's the Single Label Domains.
  How can i add DomainB to SCCM and deploy client?
  Thanks.

  You can find the requirements for single label domains here:
  https://technet.microsoft.com/en-us/library/gg682077.aspx?f=255&MSPPError=-2147217396#BKMK_SupConfigSLD
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Resolving Single-Name Domain on DC

  So I have a domain lets call it CONTOSO its a single-label domain name. 
  I can currently join computers to the domain but when you do an NSLOOKUP for the domain it doesn't resolve. Im trying to figure out if theres something wrong with the DNS settings since no client not even the DC can resolve the domain name via NSLOOKUP.
  It also doesn't resolve if I add CONTOSO.local.
  Is this normal behavior? I am planning a domain migration to corp.contoso.com to get it as a FQDN and I have been unable to setup a trust between them eventhough I gone through setting up secondary zones and conditional forwarders.
  I think that there may be an issue with the forest dns records. If I run from the CONTOSO Domain Controller:
  nltest /dsgetfti:CONTOSO
  Geting forest trust information failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
  But running:
  nltest /dsgetdc:CONTOSO
  Works properly.
  Any thoughts?

  Hi Jorge,
  Would you please run ipconfig/all
  command on the DC, then post out the results for further analyzing?
  Ipconfig
  http://technet.microsoft.com/en-us/library/bb490921.aspx
  Best Regards,
  Amy Wang

• SCCM 2012 R2 and single lable domain

  Hello,
  we have a followng case: root forest domain is single label domain such as ABC, it has child domain CORP.ABC. In the technet article just a little information about it, it says what SCCM supports site systems and clients, can we install SCCM in the single
  lable domain? Or in the child domain when forest domain is single label domain? Will schema be extended without problems and MP data published?

  Extending the schema is independent of the domain being single labled.
  SLD restrictions are listed here:
  http://technet.microsoft.com/de-de/library/gg682077.aspx#BKMK_SupConfigSLD
  Torsten Meringer | http://www.mssccmfaq.de

• Trouble Creating Migration Endpoint

  We are attempting to migrate from an SBS 2003 Exchange environment to Exchange Online.  When we run the
  Exchange Remote Connectivity Analyzer, we pass everything with one warning:
  "The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows
  if the "Update Root Certificates" feature isn't enabled."
  However, when trying to create an end-point using the same criteria and credentials, we are unable to get it to succeed and receive this message:
  "We couldn't discover the migration endpoint. Consider using the Exchange Remote Connectivity Analyzer (https://testexchangeconnectivity.com) to diagnose the connectivity issues."
  I have tried changing the mail-box login rights to allow full access to a particular user.  I have also tried giving full mailbox rights to the Domain Admin and using this id's credentials to no avail. 
  Any help would be appreciated.  I've been trying to figure this out for hours on end and am stumped.
  Thanks,
  Paul

  Problem solved.  The website's security settings were set to deny all with exceptions.  I had added exceptions for the connectivity test, but forgot that this was also needed for the migration tool.  Once the ip address range was added as
  an exception, the tool ran just fine.
  Paul

• Two-way forest trust between two (single domain) forests with multiple identical user ID's

  Domain and forest levels - Windows 2003 (they both have one 2008 R2 DC)
  We need to create a two-way forest trust between two separate single-domain forests. The problem is that these two forests already access each others resources through a S2S. Users have the same login names and passwords on both forests/domains. Now, we
  are combining their infrastructures and need to set up a trust. From what I'm reading, you can't create forest trusts if you have the same SIDs, user ID's, or computer name in each of the forests.
  I'm looking into AD migration tool to copy the userSIDs (SID history?) between forest/domain, deleting the user ID's in the domain we migrated from, and then setting up the trust, but I'm leery about doing it this way as there is no easy 'recovery' should
  something go wrong. 
  Any suggestions for the easiest way to setup this forest trust?

  Hi,
  To eliminate your worries, two user accounts have the same user name doesn’t mean that they have the same SID. Moreover, the user’s SID remains the same even after it has been renamed.
  The SID for domain account/group consists of a
  Domain Identifier and a Relative Identifier. Domain Identifier is unique in every domain within a forest, and a Relative Identifier is unique within domain. It is unlikely that two user accounts with or without the same account
  name from two forests have the same SID.
  The Technet article you mentioned is talking about duplicate SIDs instead of “duplicate computer name or user account”, I will submit a change request to Microsoft about this.
  If there are duplicate SIDs when you create forest trust, you need to delete one of them as the article guides.
  Here are some related articles below for your references:
  How Security Identifiers Work
  http://technet.microsoft.com/en-us/library/cc778824(v=WS.10).aspx
  Security Identifier Structure
  http://technet.microsoft.com/en-us/library/cc962011.aspx
  Security Identifier
  http://en.wikipedia.org/wiki/Security_Identifier
  I hope this helps.
  Amy Wang

• How to set Compatibility Mode for a single site in ie10

  This question was originally posted on the Answers forum -
  http://answers.microsoft.com/en-us/ie/forum/ie10-windows_7/how-to-set-compatibility-mode-for-a-single-site-in/187152e3-142a-4d96-8d1b-af82ef571eec
  I am having problem with getting ie10 to set ie9 compatibility for a single site (sharepoint.contoso.com).
  When I add this website in Compatibility View Settings (Alt > Tools > Compatibility View Settings > 'Add this Website') it adds the domain 'contoso.com' and not the individual website (sharepoint.contoso.com).
  This cause other sites (www.contoso.com) to be configured to use compatibility mode. Because this is a separate site (different web server) to the site sharepoint.contoso.com (sharepoint 2010 server) we need different compatibility settings.
  Using a different example to explain the issue -
  Microsoft has three websites that are different websites created by different developers written in different programming languages and they only work with certain browsers.
  microsoft.com (Website1 created by Developer1) - compatible with ie8/ie9/ie10
  msdn.microsoft.com (Website2 created by Developer2) - compatible with ie8/ie9
  technet.microsoft.com (Website3 website created by Developer3) - compatible only with ie10
  The only thing the three website share is the URL contains 'microsoft.com'.
  Marking 'msdn.microsoft.com' to run in compatibility mode affects the other 2 websites - mainly technet.microsoft.com which will not work now since it only runs in pure ie10 mode. 
  Should you be able to add an individual site to the compatibility list instead of all sites that have  .microsoft.com in the URL? Am I missing a simple setting in the ie10?
  As a workaround I am using the F12 Developer Tools to set the Browser Mode which temporary sets the compatibility mode. However this is not a nice solution to the end users at our organisation. 

  problem is not solved for non corporate environments...
  You could start your own thread.  Then if you got that answer and it was marked Answered you would have the ability to unmark it.  The OP of this one seems satisfied.  Also note that this is TechNet.  Consumers can get help on Answers
  forums.
  Robert Aldwinckle
  Oh! I wrote it wrong: I should have said: This is not solved for NON-AD environments. No demands what so ever to use Window 7/8 professional in a small corporation or on a big corporation with Island of smaller departments for example offshore.
  The problem is that the thread is not "Answered" by the OP, its is marked answered by a moderator (and same moderator that did the answer) so no way of telling if the OP is satisfied.
  But you are right in the fact that I am almost kidnapping the thread. But a complete answer would benefit all in this case I would presume.
  Regards
  /Aldus

• Any way to pass Multiple Values for a single Label in the Parameter?

  I have a Report that Contains 2 Parameters, @Customer & @Area. When trying to set up the Available Values for @Area, I'm having issues using multiple values for one Label, i.e. = "4006" Or "4610"
  One of the Filters in the Report is an Operation number, which is the [OPERATION] field, which is setup as a filter on the Tablix referencing the @Area parameter. 
  PROBLEM: I cannot retrieve any data when trying to use the ‘Or’ Operator here. If I simply put “4006” or “4610” I retrieve data, but when trying to combine it returns no data.
  Example, I need to allow a user to select ‘Chassis Incoming’, which would include data from Operations 4006 & 4610.
  QUESTION:
  Any way to pass Multiple Values for a single Label in the Parameter?
  I realize the typical solution may be to use ‘Multi-Value’ selection, but in this case we want the User to select the Area and the multiple values for Filtering will be automatically determined for them. Otherwise, they are subject to not getting
  it correct.
  I have tried several different ways, such as =”4006” Or “4610”, =(“4006”, “4610”), = In(“4006”, “4610”), etc….
  Note: We are using Report Builder 3.0

  Based on my experience, there's no way to 'intercept' the query that gets passed back to SQL Server, so a Split wouldn't work.
  Try creating either a function or stored procedure using the code below (compliments to
  http://www.dotnetspider.com/resources/4680-Parse-comma-separated-string-SQL.aspx) to parse the string: 
  CREATE FUNCTION dbo.Parse(@Array VARCHAR(1000), @Separator VARCHAR(10))
  RETURNS @ResultTable TABLE (ParseValue VARCHAR(100))AS
  BEGIN
  DECLARE @SeparatorPosition INT
  DECLARE @ArrayValue VARCHAR(1000)
  SET @Array = @Array + @Separator
  WHILE PATINDEX('%' + @Separator + '%' , @Array) <> 0
  BEGIN
  SELECT @SeparatorPosition = PATINDEX('%' + @Separator + '%', @Array)
  SELECT @ArrayValue = LEFT(@Array, @SeparatorPosition - 1)
  INSERT @ResultTable VALUES (CAST(@ArrayValue AS VARCHAR))
  SELECT @Array = STUFF(@Array, 1, @SeparatorPosition, '')
  END
  RETURN
  END
  Once created you can do things like this:
  SELECT * FROM Parse('John,Bill,David,Thomas', ',')
  SELECT * FROM (SELECT 'John' AS TestName union select 'David' AS TestName) AS Main
  WHERE TestName IN (SELECT ParseValue FROM dbo.Parse('John,Bill,David,Thomas', ','))
  This is what your SQL query would probably look like:
  SELECT OperationID, OperationName FROM dbo.Operations
  WHERE AreaID IN (SELECT ParseValue FROM dbo.Parse(@Area, ','))
  You may need to fiddle around with the Separator depending on whether SQL Server inserts a space between the comma and next value.

• How to migrate DB from single node 10gR2 to RAC 11gR2 on diff platform?

  How to migrate DB from single node 10gR2 to RAC 11gR2 on different platform with possible minimum downtime? We have a situation of upgrade/migrate oracle 10gR2 single instance DB to 2-node RAC 11gR. The source OS is Solaris 10 on SPARC and the target OS is Linux (the target servers could be changed to Solaris 11 x86 if needed). What is the best solution on that?
  Thanks,

  Technically, can do the following for upgrading and migration?
  1. Create 11gR2 oracle home on the same server and upgrade the database from 10gR2 to 11gR2 by running conversion (2 hour down time?)
  2. Set up Heterogeneous Primary and Physical Standbys by RMAN. The standby is the RAC with ASM. No need down time. (from Solaris Space to Linux - this may be a problem)
  3. At the cutoff time, activate the standby DB from the RAC ASM.
  If feasible, do we have some detail guild line for each step?

• Single Authentication Domain

  Hi,
  I am creating a new environment on PT 8.50 for Portal 9.1 with DB as Oracle 11G R2 on Linux OS which is on domain xyz.com and i have an old environment of portal8.8 on domain abc.com.WE are trying to provide a link from Portal9.1 to Portal8.8 which is on a different domain.Is it possible to establish a single authentication domain between them as both the domains are different?
  Webserver being used is IBM Websphere
  Thanks
  Vijay

  If I understand your question correctly, I think the answer is no.
  You can't establish a PeopleSoft single signon relationship between a PIA site that's on domain xyz.com with one that's on abc.com.
  Single signon requires PSTOKEN authentication to work, and browsers will not forward cookies across domains (this would be a security vulnerability), so this can't happen because the target site would never get a PSTOKEN cookie to authenticate against when clicking the link.
  But you can do something like this:
  site 1 = company1.corporation.com
  site 2 = company2.us.corporation.com
  If your names were set up this way, then you could set your cookie domains and AuthTokenDomain to .corporation.com and set them up with single signon links to each other. The key is what is the domain associated with the PSTOKEN at the time it was issued, and will it be allowed to be forwarded to and accepted by the other site?
  Theoretically, you could also set up .com as the authtoken domain, but that would be really bad from a security perspective, because you would basically be allowing anybody on the Internet to send you a PSTOKEN.

• Error Creating New Migration Endpoint: Staged Migration from Exchange 2003 to Office 365

  I am unable to create a new migration endpoint, receiving the following message:
  ***BEGINQUOTE***
  error
  We couldn't discover the migration endpoint. Consider using the Exchange Remote Connectivity Analyzer (https://testexchangeconnectivity.com) to diagnose the connectivity issues.
  ***END QUOTE***
  When I visit the test connectivity site and perform the Outlook Anywhere (RPC over HTTP) test, I don't get any errors.
   Where do I go from here? 

  Well... I think I may look silly.
  I kept pounding at this problem and discovered the following: in the exchange server box I needed to put the local computer name of my exchange server instance.  In the RPC Proxy server, I needed to put the public domain name of the server.  So
  in the first box I just have "mycomputername" and in the second box I have "mail.mydomain.com"  Now it works... I think.
  (I tried to insert an image, but apparently my account is not confirmed)