Single Authentication Domain

Similar Messages

• Single Label domain names

  Greetz!
  I would like clarification on Single Label Domain names in SP 2013 web applications.
  When I set up my A record I can set the Name, FQDN and IP Address. If I leave Name blank it will use whatever is in the FQDN?When I enter the FQDN I should use something like "Company.Local" or "SP.Company.Local" and not "Company"
  When I set up my root Web Application, I will use the FQDN that I gave in the A record and I will not leave the ":80" on the end of it.
  My intention is to setup a single web application and run HNSCs off the default zone. I will use Windows Authentication with basic Kerberos. I'll have a root site collection but we won't be using it.
  Am I thinking straight about avoiding the use of single label domain names?
  Thanks!
  Love them all...regardless. - Buddha

  "Single Label Domain names" has specific meaning and that applies to Active Directory (SLDs are not supported by SharePoint).
  You will want to use an FQDN as your Host-Named Site Collections will be present underneath the root domain (e.g. if you create a Web Application using "root.company.com", your sites will be "portal.company.com", "teams.company.com",
  as a couple of examples). Your Web Application will be created without a host name (see PowerShell example here: https://technet.microsoft.com/en-us/library/cc424952.aspx#section2).
  Your "root.company.com", in my example, with be a path-based Site Collection as the "Root" Site Collection, which is required for all SharePoint Web Apps. That is described here: https://technet.microsoft.com/en-us/library/cc424952.aspx#section2b.
  They use the WFE URL, but I prefer using the FQDN.
  Another advantage of using FQDNs + SSL is that you don't have two different URLs for internal and external access, thus SharePoint Alerts will always have the correct URL, etc.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Authentication domain in peoplesoft

  Hi All,
  Here am using PeopleTools 8.52.12 & HRMS 91 FP2
  I have created PeopleSoft Setup successfully.
  now i want to configure the Authentication domain.i know i to configure but i have some doubts
  details :
  computer name : psftdmo
  full computer name : psftdmo.oralce.in
  here can i use authentication domain " .oracle.in" or not
  Could you please help me on this ASAP
  Thanks Advance
  Shiva

  Hi All,
  Here am using PeopleTools 8.52.12 & HRMS 91 FP2
  I have created PeopleSoft Setup successfully.
  now i want to configure the Authentication domain.i know i to configure but i have some doubts
  details :
  computer name : psftdmo
  full computer name : psftdmo.oralce.in
  here can i use authentication domain " .oracle.in" or not
  Could you please help me on this ASAP
  Thanks Advance
  Shiva

• Authentication Domain for PeopleTools 8.48

  I know there is very little reason to change the authentication domain name; however, there are situations where the issue may arise when this needs to be done. In 8.48, how do you change this without having to totally rebuild the weblogic 8.1 webservers?
  We have an issue where the customer's resumes and applicant information goes to their main company webpage instead of the domain that was created for their PeopleSoft Applications, yes they have two domains and no one knows why, but apparently that went live with another domain name.
  Thanks...

  It needs to be updated in the weblogic.xml file located in the webserver
  under the PeopleSoftHome\webserv\peoplesoft\applications\portal\web-inf.
  The paramter name is cookiedomain.

• Resolving Single-Name Domain on DC

  So I have a domain lets call it CONTOSO its a single-label domain name. 
  I can currently join computers to the domain but when you do an NSLOOKUP for the domain it doesn't resolve. Im trying to figure out if theres something wrong with the DNS settings since no client not even the DC can resolve the domain name via NSLOOKUP.
  It also doesn't resolve if I add CONTOSO.local.
  Is this normal behavior? I am planning a domain migration to corp.contoso.com to get it as a FQDN and I have been unable to setup a trust between them eventhough I gone through setting up secondary zones and conditional forwarders.
  I think that there may be an issue with the forest dns records. If I run from the CONTOSO Domain Controller:
  nltest /dsgetfti:CONTOSO
  Geting forest trust information failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
  But running:
  nltest /dsgetdc:CONTOSO
  Works properly.
  Any thoughts?

  Hi Jorge,
  Would you please run ipconfig/all
  command on the DC, then post out the results for further analyzing?
  Ipconfig
  http://technet.microsoft.com/en-us/library/bb490921.aspx
  Best Regards,
  Amy Wang

• Trusted Forest (Single Label Domain)

  We have a forest "Domain1.com with SCCM 2012 R2 installed. This forest has a Trusted relation with another forest "Domain2". "Domain2" is "Single Label Domain"
  1) Could I discover computers on "Domain2" Domain??
  2) Must I configure "Domain2" Domain as "Disjoint Namespace" ??
  3) Must I configure something on "Domain1.com" ?

  Hi,
  Please make sure the specified account has Read permission to Domain2.
   And here is a blog about discover computers in another trusted domain, although it is for SCCM 2007. Hope this could be helpful.
  SCCM | Discover Another Trusted Domain
  Best Regards,
  Joyce Li
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Single Label Domain - Corss Forest trust issue!

  Hello There
  We have a single label root domain ex: "abc" trying to establish the external trust with the other forest's root domain which is FQDN ex: xyz.com. The trust seems to be working fine from abc to xyz.com however the trust from xyz.com to abc is an
  issue.
  We are not able to resolve/ping domain abc from xyz.com DC. We are able to ping DCs in abc from xyz.com.
  On xyz.com DNS forwarder are pointing to abc DNS server and WINS has been configured to route to abc WINS. Everytime when I ping abc from xyz.com DC its pointing to some unknown IP.
  on the xyz.com DC tried setting up the registry key AllowSingleLabelDnsDomain, updated the LMHOSTS and host file with abc domain but still unable to resolve the single label domain. We could not suspect that its an issue with the network as we are able to
  ping abc domain DCs from xyz.com
  Thanks in advance.

  Hi,
  It’s not recommended to use LMHOSTS file. Instead, we can use conditional forwarders or secondary DNS zones for DNS resolution between the
  two forests. Besides, we need to open required ports for building inter-forest trust.
  Regarding how to configure name resolution between two forests, the following article can be referred to for more information.
  Trust relationship between Two external forest / Name Resolution
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/f0f384c5-f421-4592-88db-409c171b0567/trust-relationship-between-two-external-forest-name-resolution?forum=winserverDS
  Best regards,
  Frank Shen

• Support for Single Labeled Domain

  Question - When will Microsoft stop supporting "Single Label Domains"?  Now with Windows Server 8 in the horizon, I would like to know if it will let you upgrade your current AD infrastructure if it is setup as a Single Label Domain.

  I'm sorry, but I truly don't know. The reason that I don't know, is I've never tested it or let an AD infrastructure remain as a single label name for this length of time. I've fixed a number of them in the distant past with renames. I'm not aware of anyone
  currently with a single label name until I saw this thread.
  From what I see, I don't really think so if it hasn't caused any issues up to this point.
  Besides, why do you want to bump the levels up? Is there something you are trying to introduce that requires the levels at 2008 R2? If it's DNS based, it may fail anyway due to the single label name, because the basis of the single label name is DNS *thinks*
  it's a TLD, such as "COM," "NET," etc. That's why it's problematic. DNS is hierarchal and requires a minimum of a two level domain name.
  So if you have a computer, called computer1, and your domain name is DOMAIN. Then the computer's FQDN is computer1.domain. But that looks like a domain name. Make sense?
  Anyway, I'm sure you've heard this and read that in my blog. I'm curious ... Will you be planning on renaming your domain?
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• SCCM 2012 R2 and single lable domain

  Hello,
  we have a followng case: root forest domain is single label domain such as ABC, it has child domain CORP.ABC. In the technet article just a little information about it, it says what SCCM supports site systems and clients, can we install SCCM in the single
  lable domain? Or in the child domain when forest domain is single label domain? Will schema be extended without problems and MP data published?

  Extending the schema is independent of the domain being single labled.
  SLD restrictions are listed here:
  http://technet.microsoft.com/de-de/library/gg682077.aspx#BKMK_SupConfigSLD
  Torsten Meringer | http://www.mssccmfaq.de

• Set up Migration Endpoint to single-label Domain/Forest

  I'm in the process of migrating a company from a single-label domain & forest, "domainname," to a new "newdomainname.local" domain & forest. EX2013 single-server installed and working on both domains, including autodiscover. Trust
  is set up and works, cross-domain DNS works from both sides. However...
  I can create a Migration Endpoint on ex2013.domainname that points to ex2013.newdomainname.local, but when I try to add a mailbox created in newdomainname.local, none are displayed.
  I can't create a Migration Endpoint at all on ex2013.newdomainname.local. I get a message that starts, "We couldn't detect your server settings. Please enter them. AutoDiscover failed with a configuration error: The migration service failed to detect
  the migration endpoint using the Autodiscover service."
  I'm prompted for the FQDN of the other Exchange server. When I enter ex2013.domainname, I get, "Error: The connection to the server 'ex2013.domainname' could not be completed."
  Is this expected when one server is on a single-label domain? Is there a way to enable me to use mailbox migration?
  TIA

  Thank you for your post.
  This is a quick note to let you know that we are performing research on this issue
  Niko Cheng
  TechNet Community Support

• Setup of endeca servers for single data domain / low traffic

  Hello,
  We are planning to have a single data domain that will be rebuilt nightly using a scheduled Integrator run. It will be used by, at most, 20 people at a time (more like 1-2 at a time) via EQL calls through one web app server within the same firewall/secret zone.
  One or two people may also interact with the domain via Studio. I have 3 servers available. The idea presented so far is to install Endeca Server on servers 1,2, and 3, and to put Studio on 1 and 2, and Integrator on 2 and 3.  What is the best configuration to go with as far as clustering and load balancing between the web app server and the three Endeca servers.
  Can the EQL queries be simply directed to the server with the leader node. Do I really need a load balancer between the web app server and endeca servers ( like this proposed config.)?
  Thanks in advance for any help!

  Disclaimer: I don't work for Oracle.
  I simply don't think this is true. 
  1) Oracle has never said this on paper, I think it's something that someone said off-hand once and it seems to have spread like wildfire.  Everytime I hear that statement from a partner or a prospect, they can never tell me the origin.  It's a popular myth, maybe because it's a round number? 
  2) Quite simply, in our experience, the number of records is not the right metric in most use cases due to the columnar nature of OEID.  The number of assignments is much more of a driving factor than the number of records. 
  3) Also, given that this rumor has been going around for at least 2 years, even if it were true then, it's not true any longer if you think about how much the software has changed since 2.2.
  If you have enough bare-metal hardware (memory, I/O, CPU), I don't foresee 100 million records as a barrier at all.  If these 100 million records are each 5000 attributes wide, then you're going to need more hardware than say 100 million records with 15 attributes.
  Patrick Rafferty
  Branchbird

• REN Server : Authentication Domain

  Hi
  Currently we are running PeopleSoft Financials with the Authentication Domain as the null string.
  Due to this the following navigation path fails even though the REN Server Browser URL does not have the domain
  PeopleTools -> REN Server COnfiguration - REN Server Cluster -> Ping Test
  However, when i add the authentication domain i find that if i login into DEV peoplesoft instance and start an operation and open another browser session of UAT peoplesoft instance.
  When i come back to the DEV peoplesoft instance browser session it prompts for userid password again.
  The below are the steps
  1. Set a non-null authentication domain
  2. bounce the application/web servers
  3. Open the browser session and connect to DEV peoplesoft instance
  4. Open another browser session and connect to UAT peoplesoft instance
  5. Come back to the DEV peoplesoft instance browser session
  6. the DEV peoplesoft instance displays the peoplesoft login page prompting for userid and password
  Can you please help me understand this phenomenon better?
  Also currently in this peoplesoft instance the buffer test works fine but the ping test is not working.
  So can you please let me know if the REN server is working fine or is there a better way to figure out if the REN server working
  Thanks a lot for your patience
  cyril

  tools patch 8.49.23 solved everything ..
  tools patch 8.49.16 is the last patch for this kind of issue.
  please apply the patch 49.23 to resolve the issue. this issue is seen with the developer instances , system admins may not be facing this.
  Thnks!

• SCCM and Single Label Domains

  Hi,
  I have SCCM in DomainA.local. It's have trust to DomainB - it's the Single Label Domains.
  How can i add DomainB to SCCM and deploy client?
  Thanks.

  You can find the requirements for single label domains here:
  https://technet.microsoft.com/en-us/library/gg682077.aspx?f=255&MSPPError=-2147217396#BKMK_SupConfigSLD
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Can iDSIE (Meta-directory) be used as a single authentication point from iPlanet Web Server for multiple databases using direct "or" indirect connectors?

  Basically, the latest release of iPlanet Web Server forces the user/group information source to be an LDAP database. Currently, the user accounts are in Active Directory, NT, Oracle and NetWare Directory Service in this heterogeneous environment.
  What I am looking for is a meta-directory product which can do two things:
  1-Single authentiation point for users in mulitple databases from iPlanet Web Server.
  2-Single administration point for all of the databases listed above.
  For example, can I add/modify/delete a user account at the meta-directory level and have this propagate to all of the databases listed above reducing the administration to one meta-directory product?

  With an Virtual Directory solution, you can authenticate Iplanet Web Server against nearly anything including any LDAPv3 Directory Server, Microsoft Active Directory, Windows NT Domains, Oracle RDBMS, IBM DB2 RDBMS, Microsoft SQL, and others.
  All of this is done dynamically and doesn't require any heavyweight synchronization process. The Virtual Directory acts as a dynamic schema / DIT / data translation engine for different types of repositories.
  OctetString's Virtual Directory Engine is one such example. You can download a 30 day evaluation copy at:
  http://www.octetstring.com
  It will take you all of 30 minutes to get iPlanet Web Server authenticated against and using groups from things like Oracle RDBMS, Windows NT Domains, or Active Directory.

• Secondary Domain Controller Not Authenticating Domain Users

  Hi.
  I have a primary domain controller running Win Srv 2012 in USA and i added a secondary domain controller 2012 in the same domain from a different location India, through VPN.so that India user accounts can authenticate by the secondary DC instead of primary
  DC USA
  Installation & replication of AD went fine
  India domain users login is damn slow.
  When i ran the command echo %logonserver% from a india client machine,it displays the USA Primary DC name which means its authenticating the users from USA primary DC.
  Preferred DNS for india client machine is Secondary DC IP and alternate is Primary DC IP USA.
  Please find the dcdiag results below and any help much appreciated
  Performing initial setup:
     Trying to find home server...
     Home Server = server2
     * Identified AD Forest.
     Done gathering initial info.
  Doing initial required tests
     Testing server: INDIA\server2
        Starting test: Connectivity
           ......................... server2 passed test Connectivity
  Doing primary tests
     Testing server: INDIA\server2
        Starting test: Advertising
     Warning: DsGetDcName returned information for \\server1.tst.mycompany.com, when we were trying to reach
     server2.
     SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
           ......................... server2 failed test Advertising
        Starting test: FrsEvent
           ......................... server2 passed test FrsEvent
        Starting test: DFSREvent
           There are warning or error events within the last 24 hours after th
           replication problems may cause Group Policy problems.
           ......................... server2 failed test DFSREvent
        Starting test: SysVolCheck
           ......................... server2 passed test SysVolCheck
        Starting test: KccEvent
           ......................... server2 passed test KccEvent
        Starting test: KnowsOfRoleHolders
           ......................... server2 passed test KnowsOfRoleHolders
        Starting test: MachineAccount
           ......................... server2 passed test MachineAccount
        Starting test: NCSecDesc
           ......................... server2 passed test NCSecDesc
        Starting test: NetLogons
           Unable to connect to the NETLOGON share! (\\server2\netlogon)
           [server2] An net use or LsaPolicy operation failed with error 67,
           ......................... server2 failed test NetLogons
        Starting test: ObjectsReplicated
           ......................... server2 passed test ObjectsReplicated
        Starting test: Replications
           ......................... server2 passed test Replications
        Starting test: RidManager
           ......................... server2 passed test RidManager
        Starting test: Services
           ......................... server2 passed test Services
        Starting test: SystemLog
           A warning event occurred.  EventID: 0xA004001B
              Time Generated: 02/22/2015   17:10:30
              Event String: Intel(R) 82574L Gigabit Network Connection
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 02/22/2015   17:11:24
              Event String: The WinRM service is not listening for WS-Manageme
           An error event occurred.  EventID: 0x0000271A
              Time Generated: 02/22/2015   17:11:24
              Event String:
              The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not regist
           A warning event occurred.  EventID: 0xA004001B
              Time Generated: 02/22/2015   17:12:41
              Event String: Intel(R) 82574L Gigabit Network Connection
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 02/22/2015   17:19:36
              Event String:
              Name resolution for the name mycompany.com timed out after none
           A warning event occurred.  EventID: 0x00001796
              Time Generated: 02/22/2015   17:28:54
              Event String:
              Microsoft Windows Server has detected that NTLM authentication i
  his server. This event occurs once per boot of the server on the first time
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 02/22/2015   17:33:35
              Event String: The WinRM service is not listening for WS-Manageme
           A warning event occurred.  EventID: 0x00001796
              Time Generated: 02/22/2015   17:35:54
              Event String:
              Microsoft Windows Server has detected that NTLM authentication i
  his server. This event occurs once per boot of the server on the first time
           ......................... server2 failed test SystemLog
        Starting test: VerifyReferences
           ......................... server2 passed test VerifyReferences
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test CrossRefValida
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test CrossRefValida
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidat
     Running partition tests on : tst
        Starting test: CheckSDRefDom
           ......................... tst passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... tst passed test CrossRefValidation
     Running enterprise tests on : tst.mycompany.com
        Starting test: LocatorCheck
           ......................... tst.mycompany.com passed test LocatorChec
        Starting test: Intersite
           ......................... tst.mycompany.com passed test Intersite

  Hi.
  I have a primary domain controller running Win Srv 2012 in USA and i added a secondary domain controller 2012 in the same domain from a different location India, through VPN.so that India user accounts can authenticate by the secondary DC instead of primary
  DC USA
  Installation & replication of AD went fine
  India domain users login is damn slow.
  When i ran the command echo %logonserver% from a india client machine,it displays the USA Primary DC name which means its authenticating the users from USA primary DC.
  Preferred DNS for india client machine is Secondary DC IP and alternate is Primary DC IP USA.
  Firstly make sure that you have configured sites and subnets correctly. According to your information which you have two locations, you should have at least 2 sites and 2 subnets associated to them. If you have forgotten to configure subnets of India in your
  site and services and assigned them to the India site you are experiencing this issue. Also make sure if clients in India has appropriate network connectivity to the domain controllers in India.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?