Windows 2000 single label domain problem

Discussion:

Windows 2000 single label domain problem

(too old to reply)

Gregg Hill

2010-02-13 07:16:21 UTC

Hello!

I have a new client who had a Win 2000 server set up years ago and it was
set up with a "single label" domain having no domain suffix, a "dot" domain,
and DNS pointing to the ISP's DNS servers. I ran into one of these YEARS ago
and found a script that corrected the single label domain issue. I then
fixed the rest of it. At least, I think that is how it went...MANY moons
ago.

For the life of me (I've been Googling for hours), I cannot find an article
on how to FIX a single label domain. There are a ton of articles regarding
doing workarounds to clients, but that is not my goal. I want to fix it so
that AD works properly. I thought it had something to do with changing a
registry setting and then running a VB script, possibly the one listed here
http://support.microsoft.com/kb/257623.

This is a single server domain, just Windows 2000 Server Standard without
Exchange. After I fix it, I will add a Windows 2008 R2 server.

Any ideas?

Thank you!

Gregg Hill
--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!

Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Meinolf Weber [MVP-DS]

2010-02-13 07:29:22 UTC

Hello Gregg Hill,

Maybe this helps you further:
http://support.microsoft.com/kb/300684

Basically you cannot really fix it without renaming the domain, which isn't
possible within windows server 2000. So i would think about using ADMT to
migrate to Windows server 2008 with the correct name, that way it will be
safe for the future.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
Hello!
I have a new client who had a Win 2000 server set up years ago and it
was set up with a "single label" domain having no domain suffix, a
"dot" domain, and DNS pointing to the ISP's DNS servers. I ran into
one of these YEARS ago and found a script that corrected the single
label domain issue. I then fixed the rest of it. At least, I think
that is how it went...MANY moons ago.
For the life of me (I've been Googling for hours), I cannot find an
article on how to FIX a single label domain. There are a ton of
articles regarding doing workarounds to clients, but that is not my
goal. I want to fix it so that AD works properly. I thought it had
something to do with changing a registry setting and then running a VB
script, possibly the one listed here
http://support.microsoft.com/kb/257623.
This is a single server domain, just Windows 2000 Server Standard
without Exchange. After I fix it, I will add a Windows 2008 R2 server.
Any ideas?
Thank you!
Gregg Hill
First of all, what does a peeve look like, and why would anyone want
one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Gregg Hill

2010-02-13 16:39:11 UTC

Meinolf,

That is one of the articles to which I was referring when I mentioned that
they say how to make a client workaround.

I am going back today to make sure it is not just a DNS problem. When I look
at the computer properties on the Network Identification tab, it shows the
"Full computer name" as

rkserver.rknet1.

where it should be

rkserver.rknet1.local or some other suffix.

In this case, there is NO suffix.

An ipconfig /all shows

Primary Dns Suffix . . . . . . . : rknet1

without a suffix. Because it is a domain controller, I cannot get to the
normal spot to change the DNS suffix, i.e., the "Change primary DNS suffix
when domain membership changes" check box, but it can be done in the
registry (at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NV
Domain), which I believe is what I did many years ago on another botched Win
2000 setup.

Ultimately, I want to add a Windows Server 2008 R2 server and make it the
DC, move all data, and then format and make the Win 2000 a terminal server
(as a member server). They also want to get 14 new Windows 7 workstations,
but not all at once, so I have to keep the old Windows 2000 Pro workstations
on line.

At first, I thought I could create a whole new properly-configured domain on
the 2008 server, create a trust between the two, and be on my way. However,
the botched DNS and the (possible) single label domain name are preventing
the trust. Running dcdiag and netdiag have them throwing up all over
themselves, due at least to the "dot" domain and the DNS pointing to their
ISP's DNS servers. Dumping the "dot" domain and fixing the DNS to point to
itself is no big deal and I will do that today, but I need to get the domain
to show a suffix in DNS, too. This problem MAY just be that DNS is screwed
up and not showing the suffix. I have to take a closer look today.

Gregg Hill
--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!

Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Meinolf Weber [MVP-DS]
Hello Gregg Hill,
http://support.microsoft.com/kb/300684
Basically you cannot really fix it without renaming the domain, which
isn't possible within windows server 2000. So i would think about using
ADMT to migrate to Windows server 2008 with the correct name, that way it
will be safe for the future.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
Hello!
I have a new client who had a Win 2000 server set up years ago and it
was set up with a "single label" domain having no domain suffix, a
"dot" domain, and DNS pointing to the ISP's DNS servers. I ran into
one of these YEARS ago and found a script that corrected the single
label domain issue. I then fixed the rest of it. At least, I think
that is how it went...MANY moons ago.
For the life of me (I've been Googling for hours), I cannot find an
article on how to FIX a single label domain. There are a ton of
articles regarding doing workarounds to clients, but that is not my
goal. I want to fix it so that AD works properly. I thought it had
something to do with changing a registry setting and then running a VB
script, possibly the one listed here
http://support.microsoft.com/kb/257623.
This is a single server domain, just Windows 2000 Server Standard
without Exchange. After I fix it, I will add a Windows 2008 R2 server.
Any ideas?
Thank you!
Gregg Hill
First of all, what does a peeve look like, and why would anyone want
one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Meinolf Weber [MVP-DS]

2010-02-13 18:22:50 UTC

Hello Gregg Hill" greggmhill at please do not spam me at yahoo dot com,

I have never heard about fixing the single label domain name problem with
a registry key for the DC/domain itself. Maybe you are mixing the disjoint
namespace problem with this? That can be solved with a change in the registry
keys.
http://technet.microsoft.com/en-us/library/aa998420(EXCHG.80).aspx

The only way i know is domain renaming and following the article i already
posted for the domain members.

The trust can only be created if the domain names are different, is that
the case? Please post an unedited ipconfig /all from both DCs so we can also
check this ones.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
Meinolf,
That is one of the articles to which I was referring when I mentioned
that they say how to make a client workaround.
I am going back today to make sure it is not just a DNS problem. When
I look at the computer properties on the Network Identification tab,
it shows the "Full computer name" as
rkserver.rknet1.
where it should be
rkserver.rknet1.local or some other suffix.
In this case, there is NO suffix.
An ipconfig /all shows
Primary Dns Suffix . . . . . . . : rknet1
without a suffix. Because it is a domain controller, I cannot get to
the normal spot to change the DNS suffix, i.e., the "Change primary
DNS suffix when domain membership changes" check box, but it can be
done in the registry (at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
NV Domain), which I believe is what I did many years ago on another
botched Win 2000 setup.
Ultimately, I want to add a Windows Server 2008 R2 server and make it
the DC, move all data, and then format and make the Win 2000 a
terminal server (as a member server). They also want to get 14 new
Windows 7 workstations, but not all at once, so I have to keep the old
Windows 2000 Pro workstations on line.
At first, I thought I could create a whole new properly-configured
domain on the 2008 server, create a trust between the two, and be on
my way. However, the botched DNS and the (possible) single label
domain name are preventing the trust. Running dcdiag and netdiag have
them throwing up all over themselves, due at least to the "dot" domain
and the DNS pointing to their ISP's DNS servers. Dumping the "dot"
domain and fixing the DNS to point to itself is no big deal and I will
do that today, but I need to get the domain to show a suffix in DNS,
too. This problem MAY just be that DNS is screwed up and not showing
the suffix. I have to take a closer look today.
Gregg Hill
First of all, what does a peeve look like, and why would anyone want
one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Meinolf Weber [MVP-DS]
Hello Gregg Hill,
http://support.microsoft.com/kb/300684
Basically you cannot really fix it without renaming the domain, which
isn't possible within windows server 2000. So i would think about
using ADMT to migrate to Windows server 2008 with the correct name,
that way it will be safe for the future.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
Hello!
I have a new client who had a Win 2000 server set up years ago and
it was set up with a "single label" domain having no domain suffix,
a "dot" domain, and DNS pointing to the ISP's DNS servers. I ran
into one of these YEARS ago and found a script that corrected the
single label domain issue. I then fixed the rest of it. At least, I
think that is how it went...MANY moons ago.
For the life of me (I've been Googling for hours), I cannot find an
article on how to FIX a single label domain. There are a ton of
articles regarding doing workarounds to clients, but that is not my
goal. I want to fix it so that AD works properly. I thought it had
something to do with changing a registry setting and then running a
VB script, possibly the one listed here
http://support.microsoft.com/kb/257623.
This is a single server domain, just Windows 2000 Server Standard
without Exchange. After I fix it, I will add a Windows 2008 R2 server.
Any ideas?
Thank you!
Gregg Hill
First of all, what does a peeve look like, and why would anyone want
one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Gregg Hill

2010-02-13 23:35:40 UTC

This is a single server domain and was set up by an old school NT guy. It
had a
"dot domain" and it was pointing to the ISP's DNS servers, and both of those
errors have been corrected today. I now have only one error in either dcdiag
or
netdiag, and that is a warning that the File Replication Service is not
running.

In ADUC, instead of showing a domain with a suffix, such as rknet1.lan, it
only
shows "rknet1" as the domain name. Same thing for AD Domains and Trusts.

There are DNS resolution issues still, as I can ping by NetBIOS name from
the
old "rkserver1" to the new server's "dc01" name or by IP, but not by the new
server's FQDN of dc01.office.lan.

It is an AD integrated server, but the server name is listed as on the SOA
and Name Servers tabs as "rkserver1.rknet1." instead of having an FQDN such
as
"rkserver1.rknet1.lan" for the name. It's missing the domain suffix.

I am setting up LogMeIn Rescue so I can work remotely...it's time for lunch
and play
with wife time!

I will look at fixing the missing DNS suffix and hope that it will work in
spite of being a single label domain. I have a few articles that show how to
do it.

http://support.microsoft.com/kb/888048

This one may have something to do with it as well:
http://support.microsoft.com/kb/257623

Once I get the name resolution, I'll try to set up a trust. If that fails,
I'll
be forced to punt!
--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!

Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Meinolf Weber [MVP-DS]
Hello Gregg Hill" greggmhill at please do not spam me at yahoo dot com,
I have never heard about fixing the single label domain name problem with
a registry key for the DC/domain itself. Maybe you are mixing the disjoint
namespace problem with this? That can be solved with a change in the
registry keys.
http://technet.microsoft.com/en-us/library/aa998420(EXCHG.80).aspx
The only way i know is domain renaming and following the article i already
posted for the domain members.
The trust can only be created if the domain names are different, is that
the case? Please post an unedited ipconfig /all from both DCs so we can
also check this ones.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
Meinolf,
That is one of the articles to which I was referring when I mentioned
that they say how to make a client workaround.
I am going back today to make sure it is not just a DNS problem. When
I look at the computer properties on the Network Identification tab,
it shows the "Full computer name" as
rkserver.rknet1.
where it should be
rkserver.rknet1.local or some other suffix.
In this case, there is NO suffix.
An ipconfig /all shows
Primary Dns Suffix . . . . . . . : rknet1
without a suffix. Because it is a domain controller, I cannot get to
the normal spot to change the DNS suffix, i.e., the "Change primary
DNS suffix when domain membership changes" check box, but it can be
done in the registry (at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
NV Domain), which I believe is what I did many years ago on another
botched Win 2000 setup.
Ultimately, I want to add a Windows Server 2008 R2 server and make it
the DC, move all data, and then format and make the Win 2000 a
terminal server (as a member server). They also want to get 14 new
Windows 7 workstations, but not all at once, so I have to keep the old
Windows 2000 Pro workstations on line.
At first, I thought I could create a whole new properly-configured
domain on the 2008 server, create a trust between the two, and be on
my way. However, the botched DNS and the (possible) single label
domain name are preventing the trust. Running dcdiag and netdiag have
them throwing up all over themselves, due at least to the "dot" domain
and the DNS pointing to their ISP's DNS servers. Dumping the "dot"
domain and fixing the DNS to point to itself is no big deal and I will
do that today, but I need to get the domain to show a suffix in DNS,
too. This problem MAY just be that DNS is screwed up and not showing
the suffix. I have to take a closer look today.
Gregg Hill
First of all, what does a peeve look like, and why would anyone want
one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Meinolf Weber [MVP-DS]
Hello Gregg Hill,
http://support.microsoft.com/kb/300684
Basically you cannot really fix it without renaming the domain, which
isn't possible within windows server 2000. So i would think about
using ADMT to migrate to Windows server 2008 with the correct name,
that way it will be safe for the future.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
Hello!
I have a new client who had a Win 2000 server set up years ago and
it was set up with a "single label" domain having no domain suffix,
a "dot" domain, and DNS pointing to the ISP's DNS servers. I ran
into one of these YEARS ago and found a script that corrected the
single label domain issue. I then fixed the rest of it. At least, I
think that is how it went...MANY moons ago.
For the life of me (I've been Googling for hours), I cannot find an
article on how to FIX a single label domain. There are a ton of
articles regarding doing workarounds to clients, but that is not my
goal. I want to fix it so that AD works properly. I thought it had
something to do with changing a registry setting and then running a
VB script, possibly the one listed here
http://support.microsoft.com/kb/257623.
This is a single server domain, just Windows 2000 Server Standard
without Exchange. After I fix it, I will add a Windows 2008 R2 server.
Any ideas?
Thank you!
Gregg Hill
First of all, what does a peeve look like, and why would anyone want
one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Meinolf Weber [MVP-DS]

2010-02-13 23:47:24 UTC

Hello Gregg Hill" greggmhill at please do not spam me at yahoo dot com,

Now i am a bit confused, as in the first posting you wrote about a single
label domain name and now it isn't according to (It
had a "dot domain")?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
This is a single server domain and was set up by an old school NT guy. It
had a
"dot domain" and it was pointing to the ISP's DNS servers, and both of those
errors have been corrected today. I now have only one error in either dcdiag
or
netdiag, and that is a warning that the File Replication Service is not
running.
In ADUC, instead of showing a domain with a suffix, such as
rknet1.lan, it
only
shows "rknet1" as the domain name. Same thing for AD Domains and Trusts.
There are DNS resolution issues still, as I can ping by NetBIOS name from
the
old "rkserver1" to the new server's "dc01" name or by IP, but not by the new
server's FQDN of dc01.office.lan.
It is an AD integrated server, but the server name is listed as on the SOA
and Name Servers tabs as "rkserver1.rknet1." instead of having an FQDN such
as
"rkserver1.rknet1.lan" for the name. It's missing the domain suffix.
I am setting up LogMeIn Rescue so I can work remotely...it's time for lunch
and play
with wife time!
I will look at fixing the missing DNS suffix and hope that it will
work in spite of being a single label domain. I have a few articles
that show how to do it.
http://support.microsoft.com/kb/888048
http://support.microsoft.com/kb/257623
Once I get the name resolution, I'll try to set up a trust. If that fails,
I'll
be forced to punt!
First of all, what does a peeve look like, and why would anyone want
one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Meinolf Weber [MVP-DS]
Hello Gregg Hill" greggmhill at please do not spam me at yahoo dot com,
I have never heard about fixing the single label domain name problem
with a registry key for the DC/domain itself. Maybe you are mixing
the disjoint namespace problem with this? That can be solved with a
change in the registry keys.
http://technet.microsoft.com/en-us/library/aa998420(EXCHG.80).aspx
The only way i know is domain renaming and following the article i
already posted for the domain members.
The trust can only be created if the domain names are different, is
that the case? Please post an unedited ipconfig /all from both DCs so
we can also check this ones.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
Meinolf,
That is one of the articles to which I was referring when I
mentioned that they say how to make a client workaround.
I am going back today to make sure it is not just a DNS problem.
When I look at the computer properties on the Network Identification
tab, it shows the "Full computer name" as
rkserver.rknet1.
where it should be
rkserver.rknet1.local or some other suffix.
In this case, there is NO suffix.
An ipconfig /all shows
Primary Dns Suffix . . . . . . . : rknet1
without a suffix. Because it is a domain controller, I cannot get to
the normal spot to change the DNS suffix, i.e., the "Change primary
DNS suffix when domain membership changes" check box, but it can be
done in the registry (at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameter
s\ NV Domain), which I believe is what I did many years ago on
another botched Win 2000 setup.
Ultimately, I want to add a Windows Server 2008 R2 server and make
it the DC, move all data, and then format and make the Win 2000 a
terminal server (as a member server). They also want to get 14 new
Windows 7 workstations, but not all at once, so I have to keep the
old Windows 2000 Pro workstations on line.
At first, I thought I could create a whole new properly-configured
domain on the 2008 server, create a trust between the two, and be on
my way. However, the botched DNS and the (possible) single label
domain name are preventing the trust. Running dcdiag and netdiag
have them throwing up all over themselves, due at least to the "dot"
domain and the DNS pointing to their ISP's DNS servers. Dumping the
"dot" domain and fixing the DNS to point to itself is no big deal
and I will do that today, but I need to get the domain to show a
suffix in DNS, too. This problem MAY just be that DNS is screwed up
and not showing the suffix. I have to take a closer look today.
Gregg Hill
First of all, what does a peeve look like, and why would anyone want
one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Meinolf Weber [MVP-DS]
Hello Gregg Hill,
http://support.microsoft.com/kb/300684
Basically you cannot really fix it without renaming the domain, which
isn't possible within windows server 2000. So i would think about
using ADMT to migrate to Windows server 2008 with the correct name,
that way it will be safe for the future.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
Hello!
I have a new client who had a Win 2000 server set up years ago and
it was set up with a "single label" domain having no domain
suffix, a "dot" domain, and DNS pointing to the ISP's DNS servers.
I ran into one of these YEARS ago and found a script that
corrected the single label domain issue. I then fixed the rest of
it. At least, I think that is how it went...MANY moons ago.
For the life of me (I've been Googling for hours), I cannot find
an article on how to FIX a single label domain. There are a ton of
articles regarding doing workarounds to clients, but that is not
my goal. I want to fix it so that AD works properly. I thought it
had something to do with changing a registry setting and then
running a VB script, possibly the one listed here
http://support.microsoft.com/kb/257623.
This is a single server domain, just Windows 2000 Server Standard
without Exchange. After I fix it, I will add a Windows 2008 R2 server.
Any ideas?
Thank you!
Gregg Hill
First of all, what does a peeve look like, and why would anyone
want one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Gregg Hill

2010-02-14 04:15:55 UTC

No, it had a "dot domain" in DNS in addition to its single label domain name
AND it is a single label domain AND it had the ISP's DNS servers instead of
its own IP address in the NIC properties. The dot domain has been deleted
and proper DNS for the NIC is fixed, but it is still a single label domain.

Triple play! Strike three, I am OUT!

Gregg
--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!

Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Meinolf Weber [MVP-DS]
Hello Gregg Hill" greggmhill at please do not spam me at yahoo dot com,
Now i am a bit confused, as in the first posting you wrote about a single
label domain name and now it isn't according to (It had a "dot domain")?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
This is a single server domain and was set up by an old school NT guy. It
had a
"dot domain" and it was pointing to the ISP's DNS servers, and both of those
errors have been corrected today. I now have only one error in either dcdiag
or
netdiag, and that is a warning that the File Replication Service is not
running.
In ADUC, instead of showing a domain with a suffix, such as
rknet1.lan, it
only
shows "rknet1" as the domain name. Same thing for AD Domains and Trusts.
There are DNS resolution issues still, as I can ping by NetBIOS name from
the
old "rkserver1" to the new server's "dc01" name or by IP, but not by the new
server's FQDN of dc01.office.lan.
It is an AD integrated server, but the server name is listed as on the SOA
and Name Servers tabs as "rkserver1.rknet1." instead of having an FQDN such
as
"rkserver1.rknet1.lan" for the name. It's missing the domain suffix.
I am setting up LogMeIn Rescue so I can work remotely...it's time for lunch
and play
with wife time!
I will look at fixing the missing DNS suffix and hope that it will
work in spite of being a single label domain. I have a few articles
that show how to do it.
http://support.microsoft.com/kb/888048
http://support.microsoft.com/kb/257623
Once I get the name resolution, I'll try to set up a trust. If that fails,
I'll
be forced to punt!
First of all, what does a peeve look like, and why would anyone want
one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Meinolf Weber [MVP-DS]
Hello Gregg Hill" greggmhill at please do not spam me at yahoo dot com,
I have never heard about fixing the single label domain name problem
with a registry key for the DC/domain itself. Maybe you are mixing
the disjoint namespace problem with this? That can be solved with a
change in the registry keys.
http://technet.microsoft.com/en-us/library/aa998420(EXCHG.80).aspx
The only way i know is domain renaming and following the article i
already posted for the domain members.
The trust can only be created if the domain names are different, is
that the case? Please post an unedited ipconfig /all from both DCs so
we can also check this ones.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
Meinolf,
That is one of the articles to which I was referring when I
mentioned that they say how to make a client workaround.
I am going back today to make sure it is not just a DNS problem.
When I look at the computer properties on the Network Identification
tab, it shows the "Full computer name" as
rkserver.rknet1.
where it should be
rkserver.rknet1.local or some other suffix.
In this case, there is NO suffix.
An ipconfig /all shows
Primary Dns Suffix . . . . . . . : rknet1
without a suffix. Because it is a domain controller, I cannot get to
the normal spot to change the DNS suffix, i.e., the "Change primary
DNS suffix when domain membership changes" check box, but it can be
done in the registry (at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameter
s\ NV Domain), which I believe is what I did many years ago on
another botched Win 2000 setup.
Ultimately, I want to add a Windows Server 2008 R2 server and make
it the DC, move all data, and then format and make the Win 2000 a
terminal server (as a member server). They also want to get 14 new
Windows 7 workstations, but not all at once, so I have to keep the
old Windows 2000 Pro workstations on line.
At first, I thought I could create a whole new properly-configured
domain on the 2008 server, create a trust between the two, and be on
my way. However, the botched DNS and the (possible) single label
domain name are preventing the trust. Running dcdiag and netdiag
have them throwing up all over themselves, due at least to the "dot"
domain and the DNS pointing to their ISP's DNS servers. Dumping the
"dot" domain and fixing the DNS to point to itself is no big deal
and I will do that today, but I need to get the domain to show a
suffix in DNS, too. This problem MAY just be that DNS is screwed up
and not showing the suffix. I have to take a closer look today.
Gregg Hill
First of all, what does a peeve look like, and why would anyone want
one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Meinolf Weber [MVP-DS]
Hello Gregg Hill,
http://support.microsoft.com/kb/300684
Basically you cannot really fix it without renaming the domain, which
isn't possible within windows server 2000. So i would think about
using ADMT to migrate to Windows server 2008 with the correct name,
that way it will be safe for the future.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
Hello!
I have a new client who had a Win 2000 server set up years ago and
it was set up with a "single label" domain having no domain
suffix, a "dot" domain, and DNS pointing to the ISP's DNS servers.
I ran into one of these YEARS ago and found a script that
corrected the single label domain issue. I then fixed the rest of
it. At least, I think that is how it went...MANY moons ago.
For the life of me (I've been Googling for hours), I cannot find
an article on how to FIX a single label domain. There are a ton of
articles regarding doing workarounds to clients, but that is not
my goal. I want to fix it so that AD works properly. I thought it
had something to do with changing a registry setting and then
running a VB script, possibly the one listed here
http://support.microsoft.com/kb/257623.
This is a single server domain, just Windows 2000 Server Standard
without Exchange. After I fix it, I will add a Windows 2008 R2 server.
Any ideas?
Thank you!
Gregg Hill
First of all, what does a peeve look like, and why would anyone
want one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Meinolf Weber [MVP-DS]

2010-02-14 12:59:13 UTC

Hello Gregg Hill" greggmhill at please do not spam me at yahoo dot com,

I was just confused from your description.

Using the ip address of the ISPs DNS server on the NIC, especially on a DC
will create problems. You should always use only the domain DNS server on
the NIC and configure the FORWARDERS on the DNS server properties in the
DNS management console. To configure the Forwarders the root (.) has to be
deleted first in the DNS management console, as you stated in your postings
also.

As you mentioned SBS versions in your postings, hopefully the Windows server
2000 or Windows server 2008 are NOT SBS versions. A SBS server isn't able
to create a trust to another forest/domain, one of it's limitations.

To create a trust between the normal versions make sure there is no firewall
activated, default on Windows server 2008. Also see this article, if you
scroll down Windows server 2000 is also mentioned:
http://support.microsoft.com/kb/942564

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
No, it had a "dot domain" in DNS in addition to its single label
domain name AND it is a single label domain AND it had the ISP's DNS
servers instead of its own IP address in the NIC properties. The dot
domain has been deleted and proper DNS for the NIC is fixed, but it is
still a single label domain.
Triple play! Strike three, I am OUT!
Gregg
First of all, what does a peeve look like, and why would anyone want
one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Meinolf Weber [MVP-DS]
Hello Gregg Hill" greggmhill at please do not spam me at yahoo dot com,
Now i am a bit confused, as in the first posting you wrote about a
single label domain name and now it isn't according to (It had a "dot
domain")?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
This is a single server domain and was set up by an old school NT
guy.
It
had a
"dot domain" and it was pointing to the ISP's DNS servers, and both
of
those
errors have been corrected today. I now have only one error in
either
dcdiag
or
netdiag, and that is a warning that the File Replication Service is not
running.
In ADUC, instead of showing a domain with a suffix, such as
rknet1.lan, it
only
shows "rknet1" as the domain name. Same thing for AD Domains and Trusts.
There are DNS resolution issues still, as I can ping by NetBIOS name from
the
old "rkserver1" to the new server's "dc01" name or by IP, but not by the new
server's FQDN of dc01.office.lan.
It is an AD integrated server, but the server name is listed as on
the
SOA
and Name Servers tabs as "rkserver1.rknet1." instead of having an
FQDN
such
as
"rkserver1.rknet1.lan" for the name. It's missing the domain suffix.
I am setting up LogMeIn Rescue so I can work remotely...it's time
for
lunch
and play
with wife time!
I will look at fixing the missing DNS suffix and hope that it will
work in spite of being a single label domain. I have a few articles
that show how to do it.
http://support.microsoft.com/kb/888048
http://support.microsoft.com/kb/257623
Once I get the name resolution, I'll try to set up a trust. If that fails,
I'll
be forced to punt!
First of all, what does a peeve look like, and why would anyone want
one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Meinolf Weber [MVP-DS]
Hello Gregg Hill" greggmhill at please do not spam me at yahoo dot com,
I have never heard about fixing the single label domain name
problem with a registry key for the DC/domain itself. Maybe you are
mixing the disjoint namespace problem with this? That can be solved
with a change in the registry keys.
http://technet.microsoft.com/en-us/library/aa998420(EXCHG.80).aspx
The only way i know is domain renaming and following the article i
already posted for the domain members.
The trust can only be created if the domain names are different, is
that the case? Please post an unedited ipconfig /all from both DCs
so we can also check this ones.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
Meinolf,
That is one of the articles to which I was referring when I
mentioned that they say how to make a client workaround.
I am going back today to make sure it is not just a DNS problem.
When I look at the computer properties on the Network
Identification tab, it shows the "Full computer name" as
rkserver.rknet1.
where it should be
rkserver.rknet1.local or some other suffix.
In this case, there is NO suffix.
An ipconfig /all shows
Primary Dns Suffix . . . . . . . : rknet1
without a suffix. Because it is a domain controller, I cannot get
to the normal spot to change the DNS suffix, i.e., the "Change
primary DNS suffix when domain membership changes" check box, but
it can be done in the registry (at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Paramet
er s\ NV Domain), which I believe is what I did many years ago on
another botched Win 2000 setup.
Ultimately, I want to add a Windows Server 2008 R2 server and make
it the DC, move all data, and then format and make the Win 2000 a
terminal server (as a member server). They also want to get 14 new
Windows 7 workstations, but not all at once, so I have to keep the
old Windows 2000 Pro workstations on line.
At first, I thought I could create a whole new properly-configured
domain on the 2008 server, create a trust between the two, and be
on my way. However, the botched DNS and the (possible) single
label domain name are preventing the trust. Running dcdiag and
netdiag have them throwing up all over themselves, due at least to
the "dot" domain and the DNS pointing to their ISP's DNS servers.
Dumping the "dot" domain and fixing the DNS to point to itself is
no big deal and I will do that today, but I need to get the domain
to show a suffix in DNS, too. This problem MAY just be that DNS is
screwed up and not showing the suffix. I have to take a closer
look today.
Gregg Hill
First of all, what does a peeve look like, and why would anyone
want one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Meinolf Weber [MVP-DS]
Hello Gregg Hill,
http://support.microsoft.com/kb/300684
Basically you cannot really fix it without renaming the domain, which
isn't possible within windows server 2000. So i would think about
using ADMT to migrate to Windows server 2008 with the correct name,
that way it will be safe for the future.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
Hello!
I have a new client who had a Win 2000 server set up years ago
and it was set up with a "single label" domain having no domain
suffix, a "dot" domain, and DNS pointing to the ISP's DNS
servers. I ran into one of these YEARS ago and found a script
that corrected the single label domain issue. I then fixed the
rest of it. At least, I think that is how it went...MANY moons
ago.
For the life of me (I've been Googling for hours), I cannot find
an article on how to FIX a single label domain. There are a ton
of articles regarding doing workarounds to clients, but that is
not my goal. I want to fix it so that AD works properly. I
thought it had something to do with changing a registry setting
and then running a VB script, possibly the one listed here
http://support.microsoft.com/kb/257623.
This is a single server domain, just Windows 2000 Server
Standard without Exchange. After I fix it, I will add a Windows
2008 R2 server.
Any ideas?
Thank you!
Gregg Hill
First of all, what does a peeve look like, and why would anyone
want one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will
be correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color
is
blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready
to
throttle
me for this peeve!

Gregg Hill

2010-02-14 05:13:09 UTC

When I first ran dcdiag and netdiag, there were too many errors to even
bother checking, as I knew most likely were caused by the ISP's DNS servers
being used and the dot domain (properly called the "root zone" per
http://support.microsoft.com/kb/298148). It had no root hints, forwarders
were grayed out and empty, etc. I now have a completely error-free dcdiag
and netdiag output.

However, as you can see from the start of the netdiag command, the domain
has no suffix, hence it being a single label domain name.

D:\Program Files\Support Tools>netdiag /q
.....................................

Computer Name: RKSERVER1
DNS Host Name: RKSERVER1.rknet1
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
List of installed hotfixes :

Here is the ipconfig output:

D:\Program Files\Support Tools>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : RKSERVER1
Primary DNS Suffix . . . . . . . : rknet1
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : rknet1

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Network
Connect
ion
Physical Address. . . . . . . . . : 00-C0-9F-90-A2-BB
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.254.200
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.254.1
DNS Servers . . . . . . . . . . . : 192.168.254.200

When I do that on my SBS 2003 server or a client's SBS 2000 server (yikes!),
I see a domain with a suffix.

C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : sbs2003
Primary Dns Suffix . . . . . . . : hillservices.internal
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : hillservices.internal

Ethernet adapter Server LAN Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 GT Desktop Adapter
Physical Address. . . . . . . . . : 00-0E-0C-A0-F5-52
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.4
DNS Servers . . . . . . . . . . . : 192.168.16.10
Primary WINS Server . . . . . . . : 192.168.16.10

I now need to research to see if I can create a trust between the two
servers. My only other option is to take all the workstations (14 of them)
off of the old domain, join the new domain, demote the Win 2000 to a
stand-alone, and then join it to the 2008 domain as a member server so that
they can still use some law apps that are not yet 64-bit compatible.

Gregg Hill
--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!

Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Meinolf Weber [MVP-DS]
Hello Gregg Hill" greggmhill at please do not spam me at yahoo dot com,
Now i am a bit confused, as in the first posting you wrote about a single
label domain name and now it isn't according to (It had a "dot domain")?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
This is a single server domain and was set up by an old school NT guy. It
had a
"dot domain" and it was pointing to the ISP's DNS servers, and both of those
errors have been corrected today. I now have only one error in either dcdiag
or
netdiag, and that is a warning that the File Replication Service is not
running.
In ADUC, instead of showing a domain with a suffix, such as
rknet1.lan, it
only
shows "rknet1" as the domain name. Same thing for AD Domains and Trusts.
There are DNS resolution issues still, as I can ping by NetBIOS name from
the
old "rkserver1" to the new server's "dc01" name or by IP, but not by the new
server's FQDN of dc01.office.lan.
It is an AD integrated server, but the server name is listed as on the SOA
and Name Servers tabs as "rkserver1.rknet1." instead of having an FQDN such
as
"rkserver1.rknet1.lan" for the name. It's missing the domain suffix.
I am setting up LogMeIn Rescue so I can work remotely...it's time for lunch
and play
with wife time!
I will look at fixing the missing DNS suffix and hope that it will
work in spite of being a single label domain. I have a few articles
that show how to do it.
http://support.microsoft.com/kb/888048
http://support.microsoft.com/kb/257623
Once I get the name resolution, I'll try to set up a trust. If that fails,
I'll
be forced to punt!
First of all, what does a peeve look like, and why would anyone want
one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Meinolf Weber [MVP-DS]
Hello Gregg Hill" greggmhill at please do not spam me at yahoo dot com,
I have never heard about fixing the single label domain name problem
with a registry key for the DC/domain itself. Maybe you are mixing
the disjoint namespace problem with this? That can be solved with a
change in the registry keys.
http://technet.microsoft.com/en-us/library/aa998420(EXCHG.80).aspx
The only way i know is domain renaming and following the article i
already posted for the domain members.
The trust can only be created if the domain names are different, is
that the case? Please post an unedited ipconfig /all from both DCs so
we can also check this ones.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
Meinolf,
That is one of the articles to which I was referring when I
mentioned that they say how to make a client workaround.
I am going back today to make sure it is not just a DNS problem.
When I look at the computer properties on the Network Identification
tab, it shows the "Full computer name" as
rkserver.rknet1.
where it should be
rkserver.rknet1.local or some other suffix.
In this case, there is NO suffix.
An ipconfig /all shows
Primary Dns Suffix . . . . . . . : rknet1
without a suffix. Because it is a domain controller, I cannot get to
the normal spot to change the DNS suffix, i.e., the "Change primary
DNS suffix when domain membership changes" check box, but it can be
done in the registry (at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameter
s\ NV Domain), which I believe is what I did many years ago on
another botched Win 2000 setup.
Ultimately, I want to add a Windows Server 2008 R2 server and make
it the DC, move all data, and then format and make the Win 2000 a
terminal server (as a member server). They also want to get 14 new
Windows 7 workstations, but not all at once, so I have to keep the
old Windows 2000 Pro workstations on line.
At first, I thought I could create a whole new properly-configured
domain on the 2008 server, create a trust between the two, and be on
my way. However, the botched DNS and the (possible) single label
domain name are preventing the trust. Running dcdiag and netdiag
have them throwing up all over themselves, due at least to the "dot"
domain and the DNS pointing to their ISP's DNS servers. Dumping the
"dot" domain and fixing the DNS to point to itself is no big deal
and I will do that today, but I need to get the domain to show a
suffix in DNS, too. This problem MAY just be that DNS is screwed up
and not showing the suffix. I have to take a closer look today.
Gregg Hill
First of all, what does a peeve look like, and why would anyone want
one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Meinolf Weber [MVP-DS]
Hello Gregg Hill,
http://support.microsoft.com/kb/300684
Basically you cannot really fix it without renaming the domain, which
isn't possible within windows server 2000. So i would think about
using ADMT to migrate to Windows server 2008 with the correct name,
that way it will be safe for the future.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
Hello!
I have a new client who had a Win 2000 server set up years ago and
it was set up with a "single label" domain having no domain
suffix, a "dot" domain, and DNS pointing to the ISP's DNS servers.
I ran into one of these YEARS ago and found a script that
corrected the single label domain issue. I then fixed the rest of
it. At least, I think that is how it went...MANY moons ago.
For the life of me (I've been Googling for hours), I cannot find
an article on how to FIX a single label domain. There are a ton of
articles regarding doing workarounds to clients, but that is not
my goal. I want to fix it so that AD works properly. I thought it
had something to do with changing a registry setting and then
running a VB script, possibly the one listed here
http://support.microsoft.com/kb/257623.
This is a single server domain, just Windows 2000 Server Standard
without Exchange. After I fix it, I will add a Windows 2008 R2 server.
Any ideas?
Thank you!
Gregg Hill
First of all, what does a peeve look like, and why would anyone
want one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Gregg Hill

2010-02-14 09:22:33 UTC

Regarding the trust relationship, I first tried it (after the DNS fixes)
from the Win 2000 server and it kept failing. So, I tried from the 2008
server with its wizard, and it took less than a minute to create. It says
that it confirmed it in both directions, and the settings show up on both
servers. I will go back on Monday to check how it is working, then start in
on new workstations.

So far, things look good!

Gregg Hill
--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!

Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Meinolf Weber [MVP-DS]
Hello Gregg Hill" greggmhill at please do not spam me at yahoo dot com,
Now i am a bit confused, as in the first posting you wrote about a single
label domain name and now it isn't according to (It had a "dot domain")?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
This is a single server domain and was set up by an old school NT guy. It
had a
"dot domain" and it was pointing to the ISP's DNS servers, and both of those
errors have been corrected today. I now have only one error in either dcdiag
or
netdiag, and that is a warning that the File Replication Service is not
running.
In ADUC, instead of showing a domain with a suffix, such as
rknet1.lan, it
only
shows "rknet1" as the domain name. Same thing for AD Domains and Trusts.
There are DNS resolution issues still, as I can ping by NetBIOS name from
the
old "rkserver1" to the new server's "dc01" name or by IP, but not by the new
server's FQDN of dc01.office.lan.
It is an AD integrated server, but the server name is listed as on the SOA
and Name Servers tabs as "rkserver1.rknet1." instead of having an FQDN such
as
"rkserver1.rknet1.lan" for the name. It's missing the domain suffix.
I am setting up LogMeIn Rescue so I can work remotely...it's time for lunch
and play
with wife time!
I will look at fixing the missing DNS suffix and hope that it will
work in spite of being a single label domain. I have a few articles
that show how to do it.
http://support.microsoft.com/kb/888048
http://support.microsoft.com/kb/257623
Once I get the name resolution, I'll try to set up a trust. If that fails,
I'll
be forced to punt!
First of all, what does a peeve look like, and why would anyone want
one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Meinolf Weber [MVP-DS]
Hello Gregg Hill" greggmhill at please do not spam me at yahoo dot com,
I have never heard about fixing the single label domain name problem
with a registry key for the DC/domain itself. Maybe you are mixing
the disjoint namespace problem with this? That can be solved with a
change in the registry keys.
http://technet.microsoft.com/en-us/library/aa998420(EXCHG.80).aspx
The only way i know is domain renaming and following the article i
already posted for the domain members.
The trust can only be created if the domain names are different, is
that the case? Please post an unedited ipconfig /all from both DCs so
we can also check this ones.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
Meinolf,
That is one of the articles to which I was referring when I
mentioned that they say how to make a client workaround.
I am going back today to make sure it is not just a DNS problem.
When I look at the computer properties on the Network Identification
tab, it shows the "Full computer name" as
rkserver.rknet1.
where it should be
rkserver.rknet1.local or some other suffix.
In this case, there is NO suffix.
An ipconfig /all shows
Primary Dns Suffix . . . . . . . : rknet1
without a suffix. Because it is a domain controller, I cannot get to
the normal spot to change the DNS suffix, i.e., the "Change primary
DNS suffix when domain membership changes" check box, but it can be
done in the registry (at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameter
s\ NV Domain), which I believe is what I did many years ago on
another botched Win 2000 setup.
Ultimately, I want to add a Windows Server 2008 R2 server and make
it the DC, move all data, and then format and make the Win 2000 a
terminal server (as a member server). They also want to get 14 new
Windows 7 workstations, but not all at once, so I have to keep the
old Windows 2000 Pro workstations on line.
At first, I thought I could create a whole new properly-configured
domain on the 2008 server, create a trust between the two, and be on
my way. However, the botched DNS and the (possible) single label
domain name are preventing the trust. Running dcdiag and netdiag
have them throwing up all over themselves, due at least to the "dot"
domain and the DNS pointing to their ISP's DNS servers. Dumping the
"dot" domain and fixing the DNS to point to itself is no big deal
and I will do that today, but I need to get the domain to show a
suffix in DNS, too. This problem MAY just be that DNS is screwed up
and not showing the suffix. I have to take a closer look today.
Gregg Hill
First of all, what does a peeve look like, and why would anyone want
one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Meinolf Weber [MVP-DS]
Hello Gregg Hill,
http://support.microsoft.com/kb/300684
Basically you cannot really fix it without renaming the domain, which
isn't possible within windows server 2000. So i would think about
using ADMT to migrate to Windows server 2008 with the correct name,
that way it will be safe for the future.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Post by Gregg Hill
Hello!
I have a new client who had a Win 2000 server set up years ago and
it was set up with a "single label" domain having no domain
suffix, a "dot" domain, and DNS pointing to the ISP's DNS servers.
I ran into one of these YEARS ago and found a script that
corrected the single label domain issue. I then fixed the rest of
it. At least, I think that is how it went...MANY moons ago.
For the life of me (I've been Googling for hours), I cannot find
an article on how to FIX a single label domain. There are a ton of
articles regarding doing workarounds to clients, but that is not
my goal. I want to fix it so that AD works properly. I thought it
had something to do with changing a registry setting and then
running a VB script, possibly the one listed here
http://support.microsoft.com/kb/257623.
This is a single server domain, just Windows 2000 Server Standard
without Exchange. After I fix it, I will add a Windows 2008 R2 server.
Any ideas?
Thank you!
Gregg Hill
First of all, what does a peeve look like, and why would anyone
want one as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be
correct more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Ace Fekay [MVP-DS, MCT]

2010-02-14 16:56:23 UTC

"Gregg Hill" <greggmhill at please do not spam me at yahoo dot com> wrote in

Post by Gregg Hill
Regarding the trust relationship, I first tried it (after the DNS fixes)
from the Win 2000 server and it kept failing. So, I tried from the 2008
server with its wizard, and it took less than a minute to create. It says
that it confirmed it in both directions, and the settings show up on both
servers. I will go back on Monday to check how it is working, then start
in on new workstations.
So far, things look good!
Gregg Hill

I'm trying to read through all the posts in this thread and get caught up.
Meinolf did provide that one KB that explains what you can do with a single
label domain name. However, what I would like to add, if the Primary DNS
Suffix is incorrect, meaning it doesn't match the actual AD DNS domain name,
a script exists that will correct the Primary DNS Suffix on a domain
controller. So if the two do not match, this scenario is called a
'disjointed namespace' scenario. The script was created by Dean Wells many
years ago to correct this, and is now part of Microsoft Technet. However,
what it does do is sets the Primary DNS Suffix based on what it reads out of
Active Directory. If AD's DNS domain name is single label, then the script
won't help. You can view AD's DNS domain name by opening Active Directory
Users and Computers. At the top left in the nav pane, it shows the AD domain
name. Is that single label?

Surprised that you were able to create a trust to an SBS domain.
--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.

Bill Grant

2010-02-14 22:38:00 UTC

Post by Ace Fekay [MVP-DS, MCT]

Post by Gregg Hill
Regarding the trust relationship, I first tried it (after the DNS fixes)
from the Win 2000 server and it kept failing. So, I tried from the 2008
server with its wizard, and it took less than a minute to create. It says
that it confirmed it in both directions, and the settings show up on both
servers. I will go back on Monday to check how it is working, then start
in on new workstations.
So far, things look good!
Gregg Hill

I'm trying to read through all the posts in this thread and get caught up.
Meinolf did provide that one KB that explains what you can do with a
single label domain name. However, what I would like to add, if the
Primary DNS Suffix is incorrect, meaning it doesn't match the actual AD
DNS domain name, a script exists that will correct the Primary DNS Suffix
on a domain controller. So if the two do not match, this scenario is
called a 'disjointed namespace' scenario. The script was created by Dean
Wells many years ago to correct this, and is now part of Microsoft
Technet. However, what it does do is sets the Primary DNS Suffix based on
what it reads out of Active Directory. If AD's DNS domain name is single
label, then the script won't help. You can view AD's DNS domain name by
opening Active Directory Users and Computers. At the top left in the nav
pane, it shows the AD domain name. Is that single label?
Surprised that you were able to create a trust to an SBS domain.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit
among responding engineers, and to help others benefit from your
resolution.
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
If you feel this is an urgent issue and require immediate assistance,
please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

Just one thing to add here regarding the use of forwarders that Meinolf
mentioned. If your DNS has a dot at the top of the tree (as mentioned
somewhere here), you have to delete the dot before you can enable
forwarders. With the dot at the top, the local DNS thinks it is the end of
the universe and won't forward.

Gregg Hill

2010-02-15 03:11:57 UTC

One answer for everyone:

Yes, I knew it had the root zone "dot" domain and the ISP's DNS servers,
both of which should not be done, and both of which I have seen a few times
before. Due to the dot domain, it had no root hint servers (grayed out and
empty), forwarders were grayed out and empty, etc. I'll bet that is why the
guy put in the ISP's DNS servers...in order to get Internet access...rather
than fix the real problem. These people have had this network for eight
years and have been complaining about it, but the in-house IT guy was not
getting it handled, so one of their people finally got me in the door after
a year of trying (the in-house IT guy is a friend of the owner).

Their in-house IT guy argued with me that the server was set up by a guy
"with 20 years experience who really knows his stuff" and works at the local
college it IT, so "trust me, he knows what he is doing." That was a fun
conversation! Anyway, those were the first things that I corrected. As
mentioned earlier, this server was set up by an old-school NT guy, and I
have seen several with the same DNS errors when done by the guys who did not
read up on AD and just installed as though it were still NT 4. I started in
NT 4 as well, but when AD came out, I read until my brain bled before
installing my first AD server! Now I need to get my hands on their router
password to turn off DHCP and move it to the server.

The other item, as mentioned before, is that it is indeed a single label
domain as it shows in ADUC, AD Domains and Trusts, and in DNS, also a common
problem I have seen when done by more experienced NT techs. Unfortunately,
there is nothing I can do about it. Fortunately, the old server is plain
2000 and the new server is Server 2008 and not SBS 2008, so the trust was
set up successfully when done from the 2008 server (would not work from 2000
server, even with firewall off...could not contact the domain), or so the
wizard stated. I need to go on site tomorrow to confirm it works. I
**thought** I had read that a single label domain would prevent creating a
trust, which turns out not to be true, at least not with 2008. Of course, I
do a lot of my reading at 3:00AM, so that may be a factor!

I have seen that script to correct the registry, and used it or a similar
one years ago to correct a botched DNS. That one was not a single label
domain, but I did not remember that until a few days ago. I was remembering
using it to correct the single label problem, but that was not true; it
merely corrected the DNS suffix problem. Just for giggles, I ran it anyway,
but it made no changes, as it doesn't fix the single label issue.

I am not going to mess with workstations, as they are all being replaced
soon. Some of them have the ISP's DNS servers, some have static addresses
with the AD server's DNS...a real cluster f....!

The mention of SBS versions was just a note of where I had seen the problem
before. There is no SBS in this domain...yet.

Thank you for all of your suggestions!

Gregg Hill
--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!

Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Bill Grant

Post by Ace Fekay [MVP-DS, MCT]

Post by Gregg Hill
Regarding the trust relationship, I first tried it (after the DNS fixes)
from the Win 2000 server and it kept failing. So, I tried from the 2008
server with its wizard, and it took less than a minute to create. It
says that it confirmed it in both directions, and the settings show up
on both servers. I will go back on Monday to check how it is working,
then start in on new workstations.
So far, things look good!
Gregg Hill

I'm trying to read through all the posts in this thread and get caught
up. Meinolf did provide that one KB that explains what you can do with a
single label domain name. However, what I would like to add, if the
Primary DNS Suffix is incorrect, meaning it doesn't match the actual AD
DNS domain name, a script exists that will correct the Primary DNS Suffix
on a domain controller. So if the two do not match, this scenario is
called a 'disjointed namespace' scenario. The script was created by Dean
Wells many years ago to correct this, and is now part of Microsoft
Technet. However, what it does do is sets the Primary DNS Suffix based on
what it reads out of Active Directory. If AD's DNS domain name is single
label, then the script won't help. You can view AD's DNS domain name by
opening Active Directory Users and Computers. At the top left in the nav
pane, it shows the AD domain name. Is that single label?
Surprised that you were able to create a trust to an SBS domain.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit
among responding engineers, and to help others benefit from your
resolution.
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
If you feel this is an urgent issue and require immediate assistance,
please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

Just one thing to add here regarding the use of forwarders that Meinolf
mentioned. If your DNS has a dot at the top of the tree (as mentioned
somewhere here), you have to delete the dot before you can enable
forwarders. With the dot at the top, the local DNS thinks it is the end of
the universe and won't forward.

Ace Fekay [MVP-DS, MCT]

2010-02-15 04:04:38 UTC

"Gregg Hill" <greggmhill at please do not spam me at yahoo dot com> wrote in

Post by Gregg Hill
Yes, I knew it had the root zone "dot" domain and the ISP's DNS servers,
both of which should not be done, and both of which I have seen a few
times before. Due to the dot domain, it had no root hint servers (grayed
out and empty), forwarders were grayed out and empty, etc. I'll bet that
is why the guy put in the ISP's DNS servers...in order to get Internet
access...rather than fix the real problem. These people have had this
network for eight years and have been complaining about it, but the
in-house IT guy was not getting it handled, so one of their people finally
got me in the door after a year of trying (the in-house IT guy is a friend
of the owner).
Their in-house IT guy argued with me that the server was set up by a guy
"with 20 years experience who really knows his stuff" and works at the
local college it IT, so "trust me, he knows what he is doing." That was a
fun conversation! Anyway, those were the first things that I corrected. As
mentioned earlier, this server was set up by an old-school NT guy, and I
have seen several with the same DNS errors when done by the guys who did
not read up on AD and just installed as though it were still NT 4. I
started in NT 4 as well, but when AD came out, I read until my brain bled
before installing my first AD server! Now I need to get my hands on their
router password to turn off DHCP and move it to the server.
The other item, as mentioned before, is that it is indeed a single label
domain as it shows in ADUC, AD Domains and Trusts, and in DNS, also a
common problem I have seen when done by more experienced NT techs.
Unfortunately, there is nothing I can do about it. Fortunately, the old
server is plain 2000 and the new server is Server 2008 and not SBS 2008,
so the trust was set up successfully when done from the 2008 server (would
not work from 2000 server, even with firewall off...could not contact the
domain), or so the wizard stated. I need to go on site tomorrow to confirm
it works. I **thought** I had read that a single label domain would
prevent creating a trust, which turns out not to be true, at least not
with 2008. Of course, I do a lot of my reading at 3:00AM, so that may be a
factor!
I have seen that script to correct the registry, and used it or a similar
one years ago to correct a botched DNS. That one was not a single label
domain, but I did not remember that until a few days ago. I was
remembering using it to correct the single label problem, but that was not
true; it merely corrected the DNS suffix problem. Just for giggles, I ran
it anyway, but it made no changes, as it doesn't fix the single label
issue.
I am not going to mess with workstations, as they are all being replaced
soon. Some of them have the ISP's DNS servers, some have static addresses
with the AD server's DNS...a real cluster f....!
The mention of SBS versions was just a note of where I had seen the
problem before. There is no SBS in this domain...yet.
Thank you for all of your suggestions!
Gregg Hill
--
First of all, what does a peeve look like, and why would anyone want one
as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Someone having 20 years of the *correct* experience would have done it
properly. The dot zone appeared in Windows 2000 when DCPROMO was run while
the machine did not have internet access. For some reason with Windows 2000
dcpromo, it was set by default to do that. As we all know, a simple deletion
takes care of it. Similar to Windows 2003 dcpromo where it automatically
puts in the loopback for DNS, where a simple deletion and entering its own
IP can take care of that.

Domain trusts, are NTLM based, whereas Forest trusts are DNS based, hence
why it works with single label name domains. And here I thought you got a
trust to work with SBS until I just read it wasn't SBS!! :-)

Those peeves regarding "it" and versions of "you" are commonplace. I'm
willing to bet that one day Websters will have an "SMS version" for correct
texting syntax and spelling. :-) Can't fight progress, if you want to call
it that! LOL!

Ace

Gregg Hill

2010-02-15 04:18:53 UTC

I agree with the "correct" experience statement. Some people just keep
plugging along the same old way because it worked for 20 years, why change
now?

Regarding the peeves, my all-time favorite is "prolly" instead of
"probably." I have heard it in conversation and not just seen it in web
forums.

Gregg
--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!

Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Ace Fekay [MVP-DS, MCT]

Post by Gregg Hill
Yes, I knew it had the root zone "dot" domain and the ISP's DNS servers,
both of which should not be done, and both of which I have seen a few
times before. Due to the dot domain, it had no root hint servers (grayed
out and empty), forwarders were grayed out and empty, etc. I'll bet that
is why the guy put in the ISP's DNS servers...in order to get Internet
access...rather than fix the real problem. These people have had this
network for eight years and have been complaining about it, but the
in-house IT guy was not getting it handled, so one of their people
finally got me in the door after a year of trying (the in-house IT guy is
a friend of the owner).
Their in-house IT guy argued with me that the server was set up by a guy
"with 20 years experience who really knows his stuff" and works at the
local college it IT, so "trust me, he knows what he is doing." That was a
fun conversation! Anyway, those were the first things that I corrected.
As mentioned earlier, this server was set up by an old-school NT guy, and
I have seen several with the same DNS errors when done by the guys who
did not read up on AD and just installed as though it were still NT 4. I
started in NT 4 as well, but when AD came out, I read until my brain bled
before installing my first AD server! Now I need to get my hands on their
router password to turn off DHCP and move it to the server.
The other item, as mentioned before, is that it is indeed a single label
domain as it shows in ADUC, AD Domains and Trusts, and in DNS, also a
common problem I have seen when done by more experienced NT techs.
Unfortunately, there is nothing I can do about it. Fortunately, the old
server is plain 2000 and the new server is Server 2008 and not SBS 2008,
so the trust was set up successfully when done from the 2008 server
(would not work from 2000 server, even with firewall off...could not
contact the domain), or so the wizard stated. I need to go on site
tomorrow to confirm it works. I **thought** I had read that a single
label domain would prevent creating a trust, which turns out not to be
true, at least not with 2008. Of course, I do a lot of my reading at
3:00AM, so that may be a factor!
I have seen that script to correct the registry, and used it or a similar
one years ago to correct a botched DNS. That one was not a single label
domain, but I did not remember that until a few days ago. I was
remembering using it to correct the single label problem, but that was
not true; it merely corrected the DNS suffix problem. Just for giggles, I
ran it anyway, but it made no changes, as it doesn't fix the single label
issue.
I am not going to mess with workstations, as they are all being replaced
soon. Some of them have the ISP's DNS servers, some have static addresses
with the AD server's DNS...a real cluster f....!
The mention of SBS versions was just a note of where I had seen the
problem before. There is no SBS in this domain...yet.
Thank you for all of your suggestions!
Gregg Hill
--
First of all, what does a peeve look like, and why would anyone want one
as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to
throttle me for this peeve!

Someone having 20 years of the *correct* experience would have done it
properly. The dot zone appeared in Windows 2000 when DCPROMO was run while
the machine did not have internet access. For some reason with Windows
2000 dcpromo, it was set by default to do that. As we all know, a simple
deletion takes care of it. Similar to Windows 2003 dcpromo where it
automatically puts in the loopback for DNS, where a simple deletion and
entering its own IP can take care of that.
Domain trusts, are NTLM based, whereas Forest trusts are DNS based, hence
why it works with single label name domains. And here I thought you got a
trust to work with SBS until I just read it wasn't SBS!! :-)
Those peeves regarding "it" and versions of "you" are commonplace. I'm
willing to bet that one day Websters will have an "SMS version" for
correct texting syntax and spelling. :-) Can't fight progress, if you
want to call it that! LOL!
Ace

Ace Fekay [MVP-DS, MCT]

2010-02-16 00:54:57 UTC

"Gregg Hill" <greggmhill at please do not spam me at yahoo dot com> wrote in

Post by Gregg Hill
I agree with the "correct" experience statement. Some people just keep
plugging along the same old way because it worked for 20 years, why change
now?
Regarding the peeves, my all-time favorite is "prolly" instead of
"probably." I have heard it in conversation and not just seen it in web
forums.
Gregg

A younger friend of mine uses "prolly." I had to ask him what it meant. :-)

Ace

Gregg Hill

2010-02-16 04:51:19 UTC

I hope you slapped him when he told you!

Gregg
--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!

Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Ace Fekay [MVP-DS, MCT]

Post by Gregg Hill
I agree with the "correct" experience statement. Some people just keep
plugging along the same old way because it worked for 20 years, why change
now?
Regarding the peeves, my all-time favorite is "prolly" instead of
"probably." I have heard it in conversation and not just seen it in web
forums.
Gregg

A younger friend of mine uses "prolly." I had to ask him what it meant. :-)
Ace

Ace Fekay [MVP-DS, MCT]

2010-02-16 07:24:20 UTC

"Gregg Hill" <greggmhill at please do not spam me at yahoo dot com> wrote in

Post by Gregg Hill
I hope you slapped him when he told you!
Gregg

I didn't know what to say. I just looked at him, as in thinking, WHAT???

Where are we with the single lable name?

Ace

Gregg Hill

2010-02-17 14:37:28 UTC

Going on site today to test the trust.

Gregg
--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!

Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Ace Fekay [MVP-DS, MCT]

Post by Gregg Hill
I hope you slapped him when he told you!
Gregg

I didn't know what to say. I just looked at him, as in thinking, WHAT???
Where are we with the single lable name?
Ace

Ace Fekay [MVP-DS, MCT]

2010-02-18 18:47:45 UTC

"Gregg Hill" <greggmhill at please do not spam me at yahoo dot com> wrote in

Post by Gregg Hill
Going on site today to test the trust.
Gregg

Let us know how you make out.

Ace

Gregg Hill

2010-03-02 07:34:14 UTC

Well, the trust worked fine going from a computer joined to the 2008 domain
to access the 2000 domain, but going from a computer joined to the 2000
domain to access files on the 2008 server fails and gets a login prompt. I
am fine with that, as I only need to have the new computers access the old
server until I can get all the new ones up and running while we wait for one
last program to be Win 7 64-bit compatible, which should be soon.

So I am good!

Gregg Hill
--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!

Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Ace Fekay [MVP-DS, MCT]

Post by Gregg Hill
Going on site today to test the trust.
Gregg

Let us know how you make out.
Ace

Ace Fekay [MVP-DS, MCT]

2010-03-02 14:48:01 UTC

Post by Gregg Hill
Well, the trust worked fine going from a computer joined to the 2008 domain
to access the 2000 domain, but going from a computer joined to the 2000
domain to access files on the 2008 server fails and gets a login prompt. I
am fine with that, as I only need to have the new computers access the old
server until I can get all the new ones up and running while we wait for one
last program to be Win 7 64-bit compatible, which should be soon.
So I am good!
Gregg Hill

Hmm, well at least communications is working across the trust. I assume you've cross-added the Domain Admins and Domain Users group to their respective counterparts on the other side and vice-versa?

Ace

Gregg Hill

2010-03-04 03:18:27 UTC

NO. I just left it where the Server 2008 had created the trust between the
two. I never looked to see what it actually did.
--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!

Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Ace Fekay [MVP-DS, MCT]

Post by Gregg Hill
Well, the trust worked fine going from a computer joined to the 2008 domain
to access the 2000 domain, but going from a computer joined to the 2000
domain to access files on the 2008 server fails and gets a login prompt. I
am fine with that, as I only need to have the new computers access the old
server until I can get all the new ones up and running while we wait for one
last program to be Win 7 64-bit compatible, which should be soon.
So I am good!
Gregg Hill

Hmm, well at least communications is working across the trust. I assume
you've cross-added the Domain Admins and Domain Users group to their
respective counterparts on the other side and vice-versa?
Ace

Gregg Hill

2010-03-04 03:27:55 UTC

Sorry, not SHOUTING, just fat-fingered the first word!

Gregg
--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!

Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

"Gregg Hill" <greggmhill at please do not spam me at yahoo dot com> wrote in

Post by Gregg Hill
NO. I just left it where the Server 2008 had created the trust between the
two. I never looked to see what it actually did.
--
First of all, what does a peeve look like, and why would anyone want one
as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Ace Fekay [MVP-DS, MCT]

Post by Gregg Hill
Well, the trust worked fine going from a computer joined to the 2008 domain
to access the 2000 domain, but going from a computer joined to the 2000
domain to access files on the 2008 server fails and gets a login prompt. I
am fine with that, as I only need to have the new computers access the old
server until I can get all the new ones up and running while we wait for one
last program to be Win 7 64-bit compatible, which should be soon.
So I am good!
Gregg Hill

Hmm, well at least communications is working across the trust. I assume
you've cross-added the Domain Admins and Domain Users group to their
respective counterparts on the other side and vice-versa?
Ace

Ace Fekay [MVP-DS, MCT]

2010-03-04 06:06:10 UTC

Post by Gregg Hill
Sorry, not SHOUTING, just fat-fingered the first word!
Gregg

I didn't think you were. I do that, too. As for the cross-domain group adds, that's all manual, but I think you already knew that. :)

Ace

Gregg Hill

2010-03-04 22:51:43 UTC

Heck, I haven't done a just since NT 4 about nine years ago...and forget
everything needed!

Gregg
--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!

Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Ace Fekay [MVP-DS, MCT]

Post by Gregg Hill
Sorry, not SHOUTING, just fat-fingered the first word!
Gregg

I didn't think you were. I do that, too. As for the cross-domain group
adds, that's all manual, but I think you already knew that. :)
Ace

Gregg Hill

2010-03-05 04:03:35 UTC

Well, there I go again! Can't type to save my life!

I meant that I have not done a "trust" in nine years...and "forgot"
everything needed.

Gregg
--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!

Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

"Gregg Hill" <greggmhill at please do not spam me at yahoo dot com> wrote in

Post by Gregg Hill
Heck, I haven't done a just since NT 4 about nine years ago...and forget
everything needed!
Gregg
--
First of all, what does a peeve look like, and why would anyone want one
as a pet?
Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.
Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!
Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Ace Fekay [MVP-DS, MCT]

Post by Gregg Hill
Sorry, not SHOUTING, just fat-fingered the first word!
Gregg

I didn't think you were. I do that, too. As for the cross-domain group
adds, that's all manual, but I think you already knew that. :)
Ace

Ace Fekay [MVP-DS, MCT]

2010-03-05 06:57:58 UTC

Post by Gregg Hill
Well, there I go again! Can't type to save my life!
I meant that I have not done a "trust" in nine years...and "forgot"
everything needed.
Gregg

Oh, ok. After doing a trust, and it's expected that both sides will be accessing various resources on the other side, including administration, the mindset is to usually add domain1's Domain Administrators group to domain2's domain local Administrators group, and domain1's Domain Users to domain2's domain local Users group, and vice versa.

I hope that helps. :-)

Ace

Gregg Hill

2010-03-06 04:21:45 UTC

Well, the 2008 domain admins and domain users can access the 2000 domain's
resources, but not the other way around. I just assumed it was due to the
2000 having a single-label domain. I'll check the settings on users and
groups next week.

Gregg
--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!

Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

Post by Ace Fekay [MVP-DS, MCT]

Post by Gregg Hill
Well, there I go again! Can't type to save my life!
I meant that I have not done a "trust" in nine years...and "forgot"
everything needed.
Gregg

Oh, ok. After doing a trust, and it's expected that both sides will be
accessing various resources on the other side, including administration,
the mindset is to usually add domain1's Domain Administrators group to
domain2's domain local Administrators group, and domain1's Domain Users to
domain2's domain local Users group, and vice versa.
I hope that helps. :-)
Ace

Ace Fekay [MVP-DS, MCT]

2010-03-07 02:44:59 UTC

Post by Gregg Hill
Well, the 2008 domain admins and domain users can access the 2000 domain's
resources, but not the other way around. I just assumed it was due to the
2000 having a single-label domain. I'll check the settings on users and
groups next week.
Gregg

Domain based trusts do not use DNS, so the single lable name wouldn't be the problem. It could be WINS is not setup properly between the two sides? Did you click on Validate trusts to insure the trusts are actually communicating?

Ace

Gregg Hill

2010-03-07 08:13:49 UTC

WINS works fine on both domains, and when I ran the 2008 wizard to create
the trust, it said it was working for both directions.

I'm not worried about it, because I really only need it to work for 2008
domain members to get to the 2000 domain until it goes away.

Gregg

Post by Ace Fekay [MVP-DS, MCT]

Post by Gregg Hill
Well, the 2008 domain admins and domain users can access the 2000 domain's
resources, but not the other way around. I just assumed it was due to the
2000 having a single-label domain. I'll check the settings on users and
groups next week.
Gregg

Domain based trusts do not use DNS, so the single lable name wouldn't be
the problem. It could be WINS is not setup properly between the two sides?
Did you click on Validate trusts to insure the trusts are actually
communicating?
Ace

Ace Fekay [MVP-DS, MCT]

2010-03-08 06:47:23 UTC

Post by Gregg Hill
WINS works fine on both domains, and when I ran the 2008 wizard to create
the trust, it said it was working for both directions.
I'm not worried about it, because I really only need it to work for 2008
domain members to get to the 2000 domain until it goes away.
Gregg

Ok, no problem, then. But I would be curious to get that working, you know, more out of a curiosity as to why it's not working in one direction. But if you don't need it, that's cool, too.

Ace

31 Replies
38 Views
Permalink to this page
Disable enhanced parsing

Thread Navigation

Gregg Hill 2010-02-13 07:16:21 UTC

Meinolf Weber [MVP-DS] 2010-02-13 07:29:22 UTC

Gregg Hill 2010-02-13 16:39:11 UTC

Meinolf Weber [MVP-DS] 2010-02-13 18:22:50 UTC

Gregg Hill 2010-02-13 23:35:40 UTC

Meinolf Weber [MVP-DS] 2010-02-13 23:47:24 UTC

Gregg Hill 2010-02-14 04:15:55 UTC

Meinolf Weber [MVP-DS] 2010-02-14 12:59:13 UTC

Gregg Hill 2010-02-14 05:13:09 UTC

Gregg Hill 2010-02-14 09:22:33 UTC

Ace Fekay [MVP-DS, MCT] 2010-02-14 16:56:23 UTC

Bill Grant 2010-02-14 22:38:00 UTC

Gregg Hill 2010-02-15 03:11:57 UTC

Ace Fekay [MVP-DS, MCT] 2010-02-15 04:04:38 UTC

Gregg Hill 2010-02-15 04:18:53 UTC

Ace Fekay [MVP-DS, MCT] 2010-02-16 00:54:57 UTC

Gregg Hill 2010-02-16 04:51:19 UTC

Ace Fekay [MVP-DS, MCT] 2010-02-16 07:24:20 UTC

Gregg Hill 2010-02-17 14:37:28 UTC

Ace Fekay [MVP-DS, MCT] 2010-02-18 18:47:45 UTC

Gregg Hill 2010-03-02 07:34:14 UTC

Ace Fekay [MVP-DS, MCT] 2010-03-02 14:48:01 UTC

Gregg Hill 2010-03-04 03:18:27 UTC

Gregg Hill 2010-03-04 03:27:55 UTC

Ace Fekay [MVP-DS, MCT] 2010-03-04 06:06:10 UTC

Gregg Hill 2010-03-04 22:51:43 UTC

Gregg Hill 2010-03-05 04:03:35 UTC

Ace Fekay [MVP-DS, MCT] 2010-03-05 06:57:58 UTC

Gregg Hill 2010-03-06 04:21:45 UTC

Ace Fekay [MVP-DS, MCT] 2010-03-07 02:44:59 UTC

Gregg Hill 2010-03-07 08:13:49 UTC

Ace Fekay [MVP-DS, MCT] 2010-03-08 06:47:23 UTC

about - legalese

Loading...