Naming Active Directory Forest Root Domain and Sub Domains in Windows Server 2008 R2

When you are designing or re-structuring your Active Directory Infrastructure, you’ll have to decide upon choosing appropriate naming so as to span your Active Directory Infrastructure for your future.

Naming Active Directory Forest Root Domain and Sub Domains

Minimum number of characters length for naming a AD Forest Root Domain is 1 characters and it should be an alpha numeric.  Say 1.lan, a.lan, etc., but you should have at least one alphabet in the top domain name say xyw.a001, abc.01a,etc.,

image

—————————

Deployment Configuration

Verification of forest name failed. The domain DNS name “.lan” has an invalid format.

DNS names can contain letters, numbers, and hyphens, but not spaces. Periods are used to separate domain labels, which can be no longer than 63 bytes. The top-level domain name must contain at least one non-numeric character.

Characters that are not allowed include: ! ” # $  & ( ) * + , ‘ / : ; < = > ? @ [ \ ] ^ ` { | } ~

Example: domain-1.microsoft.com.

OK
—————————

Top domain name (say .lan), should at least include one alphabet.  If not, you’ll have below error.image

Maximum number of characters length for naming a AD Forest Root Domain is 64 characters or 155 UTF-8 bytes.

image

—————————

Deployment Configuration

Verification of forest name failed. The DNS name “vfvfvvfvssdfsdfdfsvvffvfvdvvfvrfvfvfdvfdvfvvdfvfdjdfhjfhdsjfbsbvnsbhdbhfasdhwjewiejiojcxcnjncvvfvfvfv.lan” is too long. The name can contain a maximum of 64 characters, or 155 UTF-8 bytes.

OK
—————————

Quick reference: From MS KB article 245809.

Prior to Windows 2000 Release Candidate 3, the Dcpromo.exe tool limited Active Directory domain names to 155 UTF-8 bytes. This was due to the fact that the maximum length of a DNS name is 255 UTF-8 bytes, but the locator attached various prefixes (domain GUIDs, site names, and so on) to the records entered in DNS, making the longest possible fully qualified Active Directory domain name 155 UTF-8 bytes long.

Win32 file APIs permit file paths, including UNC paths, to be up to 260 characters (MAX_PATH) in length. Given a Windows 2000 tree several domains deep, each with long Active Directory domain names, a UNC path including a DNS name can exceed the 260 character MAX_PATH limit.
The MAX_PATH limit is important to Group Policy which references files in the SYSVOL using UNC paths. A typical UNC path used by group policy might look like this:

\<domain-name>\sysvol\<domain-name>\Policies\<GUID>\<Machine|User>\<GroupPolicy-Extension-Specific-Path>

If the length of a policy UNC path exceeds MAX_PATH, Policy cannot be read and then applied to Windows 2000 domain controllers, servers and workstations.
This limits the fully qualified DNS domain name of an Active Directory domain to less than 64 UTF-8 bytes, where the exact number of characters allowed depends on the characters used.

References:

Leave a Reply

Your email address will not be published. Required fields are marked *