A Single-labeled DNS Domain was Detected

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at https://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2011-01-26

The Microsoft Exchange Best Practices Analyzer Tool queries the Active Directory directory service to determine whether DomainPrep was run in the given domain. The version number of DomainPrep acts as the Exchange signature for the domain. The Exchange Analyzer tool examines the objectVersion attribute of the given domain's Exchange System Objects object. The following are the valid integers:

  • For Exchange 2000 Server, the objectVersion value is 4406.

  • For Exchange Server 2003, the objectVersion value is 6936.

  • For Exchange Server 2007, the objectVersion value is 10628.

Additionally, the Exchange Analyzer queries the Active Directory directory service to determine the value of the dnsRoot attribute. The value of the dnsRoot attribute represents the uppermost DNS domain name assigned to a domain/directory partition. This is set on a crossRef object and is used, among other things, for referral generation. When a search is run through a whole domain tree, the search must be initiated at the DNS-Root object.

If the Exchange Analyzer finds that the following conditions are true, the Exchange Analyzer displays one of the following warnings:

  • Exchange Server 2007 DomainPrep was run in the given Active Directory domain.

  • The value of the dnsRoot attribute indicates that the uppermost DNS domain name assigned to the domain/directory partition is a single-label DNS domain name.

Single-label DNS domain names are DNS names that do not contain a suffix such as .com, .corp, .net, or .org. An example of a single-label DNS domain name would be "Contoso" instead of a Fully Qualified Domain Name (FQDN) such as "Contoso.com" or "Contoso.local".

For more information about the Microsoft support policy for single-label domain names, see Microsoft Knowledge Base article 2269838, Microsoft Exchange compatibility with Single Label Domains, Disjointed Namespaces, and Discontiguous Namespaces.

To resolve this problem, we strongly recommended that you review the information in Microsoft Knowledge Base article 2269838 before you install Exchange in a domain that has a single-label domain.

Note

Because Exchange 2007 has already been installed into the organization that contains Exchange 2003, or because the Exchange 2007 /prepare setup switches have been applied in the domain, you cannot perform a domain rename even if Exchange 2007 servers are removed from the organization. This is because Exchange 2007 setup creates new Active Directory objects that will not be correctly renamed by the Exchange 2003 domain rename fixup script. For more information about this issue, see Microsoft Knowledge Base article 300684, Information about configuring Windows for domains with single-label DNS names.

To migrate Exchange 2007 into a domain that has an FQDN, there are two options:

  • Migrate users, computers, and security groups from your single-labeled DNS domain to a new domain by using an FQDN in the same Active Directory forest, and then install Exchange 2007 into that domain.

  • Migrate users, computers, and security groups from your single-labeled DNS domain to a new domain that has an FQDN in a different Active Directory forest, and then install Exchange 2007 in that domain.

To migrate Exchange 2007 to a fully supported configuration

  1. If it is needed, create a new domain by using an FQDN.

  2. Use the Active Directory Migration Tool v3.0 (ADMT v3.0) to migrate users, computers, and security groups from your single-label DNS domain to a new domain that has an FQDN in the same Active Directory forest, or migrate users, computers, and security groups from your single-label DNS domain to a new domain that has an FQDN in a different Active Directory forest.

  3. Install Exchange 2007 into the new domain.

    Note   For detailed information about how to migrate individual server roles to the new domain, see the "Procedures for Individual Server Role Migration" section of the topic "Migrating Exchange 2007 on Windows Server 2003 to Exchange 2007 SP1 on Windows Server 2008" (https://go.microsoft.com/fwlink/?LinkId=112028).

  4. Move the user mailboxes following the guidance in the Exchange Server 2007 product documentation topic, "Moving Mailboxes" (https://go.microsoft.com/fwlink/?LinkId=85754).

Note

In some environments, using database portability instead of the Move Mailbox process may reduce the downtime experienced by users. For example, if the storage that contains the databases can be disconnected from the original server and then reconnected to the new server, database portability would likely be much faster and create less downtime than a Move Mailbox operation would be.

For more information about known issues that affect Exchange Server 2007 Service Pack 1 (SP1) and single-label DNS domain names, see the Exchange Team blog post, "Single-label Domain Names and Exchange Server 2007 SP1" (https://go.microsoft.com/fwlink/?LinkId=113961).

For information about how to create a new domain for Windows Server 2003, see "Deploying Additional Domain Controllers in a New Regional Domain" (https://go.microsoft.com/fwlink/?LinkId=113981).

For information about how to move users, computers, and security groups across Active Directory domains or forests, see the following Active Directory resources:

For information about how to migrate an Exchange 2007 environment to another domain, see "Migrating Exchange 2007 on Windows Server 2003 to Exchange 2007 SP1 on Windows Server 2008" (https://go.microsoft.com/fwlink/?LinkId=112028).