[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 189
  • Last Modified:

Some question regarding the domain name of Windows 2003 Active Directory

Dear all experts,

  Last Saturday, I've upgrade my Windows NT 4 domain to Windows 2003 active directory and it seems everythings work fine.  However, I found that I did one thing wrong which is related to the internal domain name of my Active Directory.

  My friend told me in order to create an active directory, the internal domain name should contains a word named "local", for example if the netbios domain name is "microsoft", the AD domain name should be microsoft.com.local.  I miss a word "local".  He told me by adding a word "local", it should prevent the conflict between internal domain name and external domain name.

  Now, I've the following questions and hope all for the experts give me some advice:

  - Should I use domain rename tools to rename my internal domain name?
  - By using this tools, will it brings me another problem?  It seems there will have a lot of changes on registery and DNS, I'm afraid it will bring me another problem.
  - If I keep using the old internal domain name, will it bring me a big trouble?  I'm going to install Exchange 2003 Server and ISA 2004 in this environment

   Please give me some advice, thank you.

3 Solutions
I think what your friend was getting at was using .local as the domain suffix instead of .com .org etc.   Your domain name should be microsoft.local instead of microsoft.com.local   As you've said it works that way but I'm not positive how much Exchange is going to like it.  Not too familiar with the domain rename tools but it's probably your only option right now besides doing a complete reinstall.  Definitely make sure you have a good backup and do this on the weekend so you have time to recover if necessary.  Using a .local shouldn't bring you any problems as far as Exchange sending a receiving mail, etc.  I use it on a few of my clients and have never had a problem.  As long as your DNS points to the right address you should be fine.  
Chris DentPowerShell DeveloperCommented:

The main reason the .local (or any other private suffix) is suggested over the use of a public one is the administrative overhead of maintaining a copy of your Public DNS Records internally.

That is, imagine you have a website hosted by an ISP on www.mydomain.com with a www entry on your external DNS. Because your internal server doesn't know anything about the www address it will say it doesn't exist to internal clients. This www address would have to be manually added to your own DNS to get it to work again internally.

The use of a .local suffix bypasses this because your server is no longer responsible for mydomain.com, instead it owns mydomain.local so the public requests go off to the authority for the domain (most often your ISPs DNS).

Exchange won't mind what domain name you use really as long as it can happily resolve external addresses. Of course if you do use .local then you will have to change the Default Recipient Policy to the .com (or other public suffix) variant so your users have the correct e-mail addressing on their accounts (this should be checked either way really).

So, depending on how far into the Domain Setup you are I wouldn't recommend changing the name unless you feel the administrative overhead of manually updating the internal DNS with external records is too high. The Domain Rename tool is an option, but the process isn't all that easy (unless you have a lot of experience).

For the rest I think Cnewgaard has it covered :)
The company I work has over 200 sites with some hundreds servers and over 4000 workstations, and the internal and external domain name is the same, no problem. Noone from the outside can access the internal network, because of the firewall configurations, and no zone transfer is done in dns between the internal part of the domain and the outside world.

In other words, you haven't done anything wrong, as the other experts has emphasised.
LegalITAuthor Commented:
Thanks all experts

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now