locked
External and internal domain name RRS feed

  • Question

  • Hi

    I am debating with few management people how we should make our first Active directory domain name.

    We already have external domain that is externally registered as for example mycompany.com. Now we are going to deploy active directory for a first time but debate is about whether name space should be the same as external domain for example same mycompany.com or for example mycompany.local or any other suffix other than com.

    I have seen some implementations where external and internal names are the same however some Microsoft articles suggest against that practice.

    External namespace for mycompany.com is managed separately basically it is just few web facing servers that are registered externally.

    Now since we increased number of servers it becomes hard to manage if it is all by IP address. We want to deploy Active Directory infrastructure but just wondering is it OK to use the same name as external domain or it is better to go as some suggest for example mycompany.local or even some kind of child domain like corp.mycompany.com

    Thanks


    Dalibor Bosic

    Thursday, May 5, 2016 3:58 PM

Answers

All replies

  • Hey hi..

    I would recommend you to go through Ace Article :

    What’s in an Active Directory DNS Name? Choosing the Same As Your Public Domain Name, a ".net" Version of Your Public Name, or ".local"

    http://blogs.msmvps.com/acefekay/2009/09/07/what-s-in-an-active-directory-dns-name-choosing-a-domain-name/

    Also this..

    https://blog.varonis.com/active-directory-domain-naming-best-practices/

    My suggestion would be to  name an Active Directory domain is to create a subdomain that is the delegation of a parent domain that you have registered and have control over.


    Devaraj G | Technical solution architect



    • Edited by Devaraj G Thursday, May 5, 2016 4:42 PM
    • Proposed as answer by Richard MuellerMVP Thursday, May 5, 2016 6:06 PM
    • Marked as answer by Jay Gu Friday, May 27, 2016 5:29 AM
    Thursday, May 5, 2016 4:35 PM
  • Hi

     You can use same name as internal and external without an issue,just then configure Split Zone,check these for,

    http://blogs.msmvps.com/acefekay/2009/09/03/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-name/

    https://blogs.technet.microsoft.com/networking/2015/05/12/split-brain-dns-deployment-using-windows-dns-server-policies/


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Marked as answer by Jay Gu Friday, May 27, 2016 5:30 AM
    Thursday, May 5, 2016 5:01 PM
  • Hi Dalibor,

    Are there any updates?

    If the reply above has resolved your problem, please mark it as answer as it would be helpful to anyone who encounters similar issues.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 9, 2016 7:35 AM
  • Yes this answered my question I will use different internal name that is different than internal name

    Dalibor Bosic

    Friday, May 27, 2016 1:44 PM