Single Label Domain (SLD) and Azure AD Connect

The SLD Azure AD case

Some time ago I was at this customer where I needed to setup Azure AD from 2 forests and 7 domains. Essentially this customer wanted to move to Office 365 Exchange Online. When I was making an inventory of these domains I came across a Single Label Domain (SLD). And me at the age of 30 had never heard of this one.

Single label Domain (SLD)

So what is a single label domain. SLD is a name that is used to describe domains which have only a single name, and no suffix. As example, your Active Directory domain might have a name like company.local, but if it were Single Label, it might be just company.

Either way SLD or Single label domains are a pretty grey area when it comes to support when you need Microsoft. So some advice is to avoid them at all times.

Ok lets go back on topic. We have 2 Active Directory Forests One of these forest is Single label and we have 7 domains and one of these 7 domains is a Single label domain. All the rest is just a normal FQDN like company.local.

Now we get back to the part Microsoft that Microsoft does not support this.

Setting up Azure AD

When you start configuring Azure AD you get to a certain point that AzureAD is asks for you domain forest(s) to give in so it can discover the domain underneath. Both Forests will be discovered yes even the Single label One. And Yes it discovers all FQDN domain names underneath. Except the Single label domain that one will not be discovered.

I understand that this was a little confusing so see the table below :).

Forest.local

Discoverd

Forest.

Discoverd

Domain.local1

Yes

Domain.local5

Yes

Domain.local2

Yes

Domain.local6

Yes

Domain.local3

Yes

Domain.

No

Domain.local4

Yes

I tried some different kind of things to get the Domain. Discovered within Azure AD connect. In the end I found out that with creating a Host file gets it the domain discovered in Azure AD connect. So we moved to the next setup screen in Azure AD connect and that is letting Azure AD discover anything what is inside the domain and then I mean the objects itself.

This is never going to work even with the setup of the hosts file it doesn’t work. So this quest came to a end and we needed to figure out something else.

So what we did is we made a decision to create a new Forest with a new domain and move all the users to that domain. For this task we used ADMT. ADMT is a tool from Microsoft that provides a “copy” action to move Active Directory object from and to different type of domains.

Active Directory Migration Tool (ADMT)

Microsoft developed ADMT to speed the migration process and reduce the chance of errors. ADMT performs object migrations and security translations in a way to limit disruptions to let users access network resources while the migration is underway.

Check this URL if you want to start with ADMT.

https://www.microsoft.com/en-us/download/details.aspx?id=19188

Please follow and like us:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.