Domain Names are a critical part of your Windows Environment. The DNS (Domain Name System) is a foundation upon which Active Directories and Resources rely upon. It can be a real problem if you need to go back and change your Domain Name.
So, before building your Windows domain it is important to choose the “correct” domain name. Wherever possible you need to try and plan ahead, of course you cannot plan for company name changes or, a take over in years to come, because you simply don’t know about them. But….we can plan to be flexible, and we must consider technical and ownership issues at the same time.
Choosing your domain name
Whilst most people believe that the internal windows domain name needs
to be something.local
this isn’t strictly true. While it is often easier if the suffix is .local
, strictly speaking, it doesn’t have to be. Let’s consider that point…
Some of the largest enterprises in the world use their external domain name on their internal network. The most important consideration is that if you use domainname.com
that you actually own domainname.com
Why is this important? One of the main reasons that this is becoming a problem in recent days is because of 3rd Party SSL Certificates that are used to secure Small Business Server and/or Exchange 2007/2010. One of the default requirements for these systems is using the internal fully qualified domain name of your Exchange Server.
So by way of example let’s say you have an internal domain name of virtualdomain.com and your external domain name is abc.com.
When setting up an Exchange 2007/2010 server you would need to request an SSL Certificate that contained the following names:
When you request a certificate with these names in the first thing the Certificate Authority (CA) will do is perform a WHOIS lookup on the names you have requested. Anything .abc.com will show as your company owning the registration. EXCHANGSERVER isn’t a problem because this is recognised as the CA as an internal name.
However when the CA performs a WHOIS lookup on exchangserver.virtualdomain.com they find that the registrant of this domain is a different company and therefore send them a request to authorise the name. Worse, if they don't find a registrant for the domain then it is removed from the certificate request.
Can you see the problem? If you own virtualdomain.com then by all means use it in your internal domain name. If you don’t own it then don’t use it.
This is why most consultants will opt to use the .local suffix on internal domains. Because when the CA receives a request .local they know it’s not an internet suffix and they will authorise it.
Now what about the dreaded company rename?.....Another common misconception is that when setting up a Windows Domain you must use the domain name for which you want to receive email for. This is completely untrue.
You can configure Small Business Server and all versions of Microsoft Exchange Server to receive emails for any domain name, regardless of your internal domain name.
So let us now consider calling your internal domain name mydomain.local?
It is not linked to a specific company name
it will allow you to receive emails for your abc.com email domain
if you change your company name you don’t need to worry about trying to change the domain name so the new owner (or existing one) doesn’t have to see the old company name day in day out?
because it has a .local suffix you will never run in to problems in the future with SSL Certificates
Conclusion With wider use of SSL certificates and a few common misconceptions created by the industry, it is important to deliberate over your internal domain name selection. It’s also important to think ahead.
What might be a good idea or even a bit of a laugh now, could come back to bite you in the rear in a few year's time. So, be careful and conservative when choosing your name.
I personally like to give my domains something non-descript, because I do a lot of work for small businesses which can and often do get taken over. I had one company that was bought out twice within the space of 3 years. I also had one company that split in to 2 companies and then both renamed themselves.
It can get messy and especially with Small Business Server where the internal domain name cannot be renamed, it can be impractical to use company specific domain names.
Of course there is always the case where the owner wants this but it’s our job as consultants to advise them why this isn’t a good idea. And if they still want it then get it in writing :)