+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
Windows Server 2012 Thread, Can I create an Active Directory domain with external DNS name? in Technical; Hey guys, I'm creating a new domain for a department in the district who has a separate setup than the ...
  1. #1
    link470's Avatar
    Join Date
    Nov 2007
    Location
    Canada
    Posts
    252
    Thank Post
    86
    Thanked 8 Times in 6 Posts
    Rep Power
    15

    Can I create an Active Directory domain with external DNS name?

    Hey guys,

    I'm creating a new domain for a department in the district who has a separate setup than the rest of our district, and I've always used .local domains in the past. However, for this setup I'm thinking of using the actual domain name, <department.district.province.country>. Now, if I use that domain name when I configure this new server running Windows Server 2012 Standard when I'm adding the Active Directory role, can anyone see any downsides? This server also hosts the website for this department via IIS [previously 6 on 2003, now will be 8 on 2012], which is accessed at <department.district.province.country>, the same domain. As I said, in the past, I've used .local on their last network [XP/Server 2003, which I'm currently switching them from and then updating their laptops to Windows 7 and connecting to the new domain once I've configured it].

    Does anyone see a problem with using the same domain name as the internal Active Directory Domain? I'd usually think not, but I seem to remember in University at one point our instructor saying "if you make the domain name the same as your external domain name you may have some issues". Any advice would be great! I plan to install the Active Directory roll today. Thanks in advance!
    Last edited by link470; 18th July 2013 at 09:05 PM.

  2. #2

    Join Date
    Oct 2010
    Location
    Norfolk
    Posts
    120
    Thank Post
    1
    Thanked 20 Times in 19 Posts
    Rep Power
    11
    I have seen this done in a academy trust, it enabled user to login with an email address, ie user@school.trust.co.uk, I also agree with remember somebody saying about problems. Having said that, it may have been on older 2003 servers.

  3. #3
    mmoseley's Avatar
    Join Date
    Apr 2007
    Location
    Birmingham
    Posts
    752
    Thank Post
    109
    Thanked 105 Times in 80 Posts
    Blog Entries
    2
    Rep Power
    44
    Most places I have seen use their external DNS name as their internal domain name, All I have found is you have to create an A record for 'www' to point to your web hosting for your externally hosted website. Other than that, I don't see a problem

  4. #4
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    1,016
    Thank Post
    42
    Thanked 84 Times in 80 Posts
    Rep Power
    22
    Would it only be an issue if subdomain.domain.com was the same as computer.domain.com I thought the .local suffix can cause issues.

  5. #5
    Mr.Ben's Avatar
    Join Date
    Jan 2008
    Location
    A Pirate Ship
    Posts
    942
    Thank Post
    182
    Thanked 157 Times in 126 Posts
    Blog Entries
    2
    Rep Power
    65
    Just built a new domain with the external domain name as the dn. Life is so much easier with the ad UPN of users being their email address. All that was needed was a DNS pointer for www.

  6. #6

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 285 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    We changed from a .local to a public DNS 7 months ago. All of the supposed downsides to doing so turned out to be illusions, but the benefits were substantial for us. We have quite a few Macs and iPads and improvements for those systems were immediate and dramatic (.local and Apple mDNS don't mix well, some other systems have similar problems). Besides that, it just makes maintaining DNS records easier with one less domain to update.

  7. #7
    link470's Avatar
    Join Date
    Nov 2007
    Location
    Canada
    Posts
    252
    Thank Post
    86
    Thanked 8 Times in 6 Posts
    Rep Power
    15
    Awesome, that's exactly the kind of responses I was hoping for : D Very glad to hear you are all having positive experiences with using the external domain name. Just installed Active Directory on Server 2012 and went with the external domain name myself. I think as long as I add the right host header name and one for www in IIS, and add a www cname to DNS, I should be set.

    Quote Originally Posted by seawolf View Post
    We have quite a few Macs and iPads and improvements for those systems were immediate and dramatic (.local and Apple mDNS don't mix well, some other systems have similar problems).
    I'm glad I'm not the only one, I've definitely heard of the exact same issues with Mountain Lion completely dropping support for .local and some other strange apple related issues. Seems the .local TLD is on its way out.

    Thanks again!
    Last edited by link470; 18th July 2013 at 10:55 PM.

  8. #8

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,635
    Thank Post
    49
    Thanked 463 Times in 338 Posts
    Rep Power
    140
    The .local syndrome and never use your FQDN on your internal network myth all came about from ye olde NT4 W2K migration days when most SME's had domain names owned and poorly managed by web designers, local authority or hosting companies that just wanted to screw every last penny they could from the Domain Owner.
    DNS management through cpanels was voodo and NAT Traversal was still something only seen in Star Trek...

    Fortunately we have evolved and DNS is almost idiot proof so using your FQDN and its umpteen variants has become the norm.

    As others have stated all you need is to look after your internal DNS properly and it's easy to use whatever you want.

    It's only harder for those that inherited legacy Netbios single label domains or split domains (Netbios Domain and AD Domain using entirely different formats) Don't laugh, I have a legacy 2003 domain set up by one of the very well known educational suppliers that has a Netbios name (NT Domain name) using a 5 letter acronym and the AD using the FQDN... It works but is so confusing for the users.

    If your building from new, use your FQDN and never look back.

  9. Thanks to m25man from:

    link470 (19th July 2013)

  10. #9

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    FQDN as AD domain and using hairpin NAT rather than split DNS. No issues at all.

  11. #10
    link470's Avatar
    Join Date
    Nov 2007
    Location
    Canada
    Posts
    252
    Thank Post
    86
    Thanked 8 Times in 6 Posts
    Rep Power
    15
    Thanks again everyone, trying to figure out something else now that could potentially pose a problem, but I'm sure there's a workaround in DNS. Let's say that I have the website, <department.district.province.countryTLD>, hosted outside of this windows domain on a central web server running websites for our whole school district. Right now, since I'm using FQDN for the internal Active Directory domain name, if I go to a test domain member and type in http://department.district.province.country, I of course reach the default IIS 8 page for the domain controller. Pings from inside the domain network for <department.district.province.country> resolve to the domain controller. If I add an A record for www and point it to the district web server IP address, I can ONLY use the www. prefix before the web address to access the site, and even then the page doesn't load any CSS or images because the page redirects to http://department.district.province.country without the www's because we're trying to get people away from using www's in front of subdomains.

    Is there a change I can make in DNS somehow for this to happen? Or now that I'm using the FQDN for the domain controller, do I HAVE to have the website hosted on the domain controller? There has to be a way to redirect outside the network, even without www's.

    Thanks!

  12. #11

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 285 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    Why are you using the same FQDN for your website as for the domain controller? You're domain controller should have a FQDN of something.doman.com and the website should be either www.domain.com or somethingelse.domain.com. If you insist on the website having the same FQDN as you have given the domain controller, then yes you will have to make the DC the web server as well. You could use DNS to make it work externally (public domain), but all queries internally would still resolve to the DC and not the website otherwise.

    However, I've never seen such a thing done, am highly against it, and suggest you not do it.

  13. #12
    link470's Avatar
    Join Date
    Nov 2007
    Location
    Canada
    Posts
    252
    Thank Post
    86
    Thanked 8 Times in 6 Posts
    Rep Power
    15
    Ah, too bad. I totally thought this is what everyone was recommending I do, I didn't know I should have made a subdomain instead. Does anyone else have any ideas of how this could be done? I'd prefer to not completely scrap the domain and restart, but I guess I could if I have to.

  14. #13
    link470's Avatar
    Join Date
    Nov 2007
    Location
    Canada
    Posts
    252
    Thank Post
    86
    Thanked 8 Times in 6 Posts
    Rep Power
    15
    Just a quick update, I rebuilt the domain controller today and used a subdomain of the FQDN. I think this should work ok. I'm able to access the externally hosted website now at least from the domain controller so I think I'm set.

  15. Thanks to link470 from:

    xenonive (23rd July 2013)

  16. #14

    Join Date
    Jul 2010
    Posts
    106
    Thank Post
    0
    Thanked 14 Times in 14 Posts
    Rep Power
    11
    I dont think thats what seawolf was getting at.

    Creating a sub domain of your external domain name is now Microsofts best practice this is so you avoid split brain dns and the few issues it brings like the www problem mentioned above.

    So for best practice you should have internal.external.com for your Active Directory name and your DC could be DC01.internal.external.com.

    You can still have the users logon with there email address e.g. user@external.com you just create a upn suffix in domains and trusts.

  17. #15
    link470's Avatar
    Join Date
    Nov 2007
    Location
    Canada
    Posts
    252
    Thank Post
    86
    Thanked 8 Times in 6 Posts
    Rep Power
    15
    Yup, I ended up using a subdomain of the external domain name when I did the rebuild a week ago, and that server is currently in production now and working great, with the website hosted externally outside the network.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. [MS Office - 2010] Users can't create lookup tables with wizard in Access. Permission denied!
    By reggiep in forum Office Software
    Replies: 0
    Last Post: 8th October 2012, 12:52 PM
  2. wireless card for domain with wpa-tkip
    By strawberry in forum Wireless Networks
    Replies: 3
    Last Post: 30th August 2007, 02:06 PM
  3. Replies: 10
    Last Post: 6th May 2007, 09:40 AM
  4. Can only do an upgrade with Schools Agreement?
    By sidewinder in forum Windows Vista
    Replies: 11
    Last Post: 20th March 2007, 10:16 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •