single-label DNS names Windows 10 Pro Bulid 1803 or later cannot join domain solution

 

最近因為有客人的AD是由Singal-Label domain name組成.

現在domain name一般是: domain.local / domain.com / domain.net etc組合而成.
但是Windows 2000之前的domain name可能只有domain (without .local/.com/.net後綴),由於win2000 upgrade to win2003, windows 2008, windows 2012之類,仍保持了singal-label domain
因此在Windows 10 Bulid 1803之後的version default不再support single-label dns的domain name (cannot join domain),所以要人手修改registry才可以順利進行.

Method 1: Use Registry Editor

Domain controller locator configuration for Windows XP Professional and later versions of Windows

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows

On a Windows-based computer, an Active Directory domain member requires additional configuration to support single-label DNS names for domains. Specifically, the domain controller locator on the Active Directory domain member does not use the DNS server service to locate domain controllers in a domain that has a single-label DNS name unless that Active Directory domain member is joined to a forest that contains at least one domain, and this domain has a single-label DNS name.

To enable an Active Directory domain member to use DNS to locate domain controllers in domains that have single-label DNS names that are in other forests, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following subkey:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
3. In the details pane, locate the AllowSingleLabelDnsDomain entry. If the AllowSingleLabelDnsDomain entry does not exist, follow these steps:
   1. On the Edit menu, point to New, and then click DWORD Value.
   2. Type AllowSingleLabelDnsDomain as the entry name, and then press ENTER.
4. Double-click the AllowSingleLabelDnsDomain entry.
5. In the Value data box, type 1, and then click OK.
6. Exit Registry Editor.

DNS client configuration

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows

Active Directory domain members and domain controllers that are in a domain that has a single-label DNS name typically must dynamically register DNS records in a single-label DNS zone that matches the DNS name of that domain. If an Active Directory forest root domain has a single-label DNS name, all domain controllers in that forest typically must dynamically register DNS records in a single-label DNS zone that matches the DNS name of the forest root.

By default, Windows-based DNS client computers do not attempt dynamic updates of the root zone "." or of single-label DNS zones. To enable Windows-based DNS client computers to try dynamic updates of a single-label DNS zone, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following subkey:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DnsCache\Parameters
3. In the details pane, locate the UpdateTopLevelDomainZones entry. If the UpdateTopLevelDomainZones entry does not exist, follow these steps:
   1. On the Edit menu, point to New, and then click DWORD Value.
   2. Type UpdateTopLevelDomainZones as the entry name, and then press ENTER.
4. Double-click the UpdateTopLevelDomainZones entry.
5. In the Value data box, type 1, and then click OK.
6. Exit Registry Editor.

These configuration changes should be applied to all domain controllers and members of a domain that have single-label DNS names. If a domain that has a single-label domain name is a forest root, these configuration changes should be applied to all the domain controllers in the forest, unless the separate zones _msdcs.ForestName, _sites.ForestName, _tcp.ForestName, and _udp.ForestName are delegated from the ForestName zone.

For the changes to take effect, restart the computers where you changed the registry entries.

Notes

• For Windows Server 2003 and later versions, the UpdateTopLevelDomainZones entry has moved to the following registry subkey:
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient
• On a Microsoft Windows 2000 SP4-based domain controller, the computer will report the following name registration error in the System event log if the UpdateTopLevelDomainZones setting is not enabled:
• On a Windows 2000 SP4-based domain controller, you must restart your computer after you add the UpdateTopLevelDomainZones setting.

 詳情可以參閱Microsoft的文献:
https://support.microsoft.com/en-us/help/300684/deployment-and-operation-of-active-directory-domains-that-are-configur