Microsoft have published an excellent document on Single-Label-Domains in Active Directory Domain Services (AD DS) – Considerations, Migration, and Co-existence. It is well worth a read, even if you are not impacted by this issue.
An Active Directory domain name that contains one or more labels separated by a dot is referred to as a fully qualified domain name with two or more names and it will be referred as FQDN in this document. In contrast there is the concept of single-label domain (SLD), which refers to Active Directory domain names with only one label.
Given that SLD is not a commonly deployed configuration and that many Microsoft and third-party applications have not been tested under an SLD configuration, Microsoft recommends FQDN Active Directory deployments. For companies who have deployed SLD, they should transition to an FQDN Active Directory deployment. This will ensure that they get the most value out of their deployed applications.
For companies that will be evaluating transition to FQDN from SLD configurations, this document describes the options and considerations that they will need to take into account. In particular it describes Domain Migration and Domain Rename operations and explains the different considerations of these two options, so that companies can build a transition plan that makes sense to them.
Long-term, the goal of Microsoft is to have customer infrastructures using common, tested configurations to minimize costs and effort to administrate the Active Directory (AD) and DNS environment. The use of multi-label names is Microsoft’s recommended naming configuration.
Organizations that have SLD configurations should begin by analyzing their current environment to find out the best mitigation option.
Domain rename operations might be feasible in certain scenarios, mainly for smaller organizations or those that can tolerate some outage while removing and reinstalling applications that are incompatible with domain rename.
The migration into a non-SLD forest and domain structure should be well aligned with the product lifecycle and the future IT infrastructure roadmap of the organization.
The transition from a single label to a fully qualified Active Directory domain namespace puts your clients, servers, domain controllers, the operating systems and applications in a namespace configuration that can deliver the following benefits:
- Provides the broadest application support, including the ability to deploy applications on day 1 after release without fear that support will be deprecated in a future release, will be deferred until a future release, or will never support forests configured with SLDs, possibly even blocking installation in SLDs.
- Receives the highest number of test passes by Microsoft and third-party application developers
- Requires the least additional configuration to register and resolve DNS names of interest
- Delivers the lowest total cost of ownership (TCO) by reducing complex configurations and by consolidating forest and domain structures
- Enables enhanced security capabilities of new versions of AD DS
- Aligns the namespace assigned to your forest with same type of namespace assigned to the top thousands of domains deployed and operated by other customers over the last decade or more
- Receive Microsoft cloud support, because only domains with fully qualified DNS names are supported by Microsoft cloud services such as BPOS and Office 365