Some question regarding the domain name of Windows 2003 Active Directory

Dear all experts,

  Last Saturday, I've upgrade my Windows NT 4 domain to Windows 2003 active directory and it seems everythings work fine.  However, I found that I did one thing wrong which is related to the internal domain name of my Active Directory.

  My friend told me in order to create an active directory, the internal domain name should contains a word named "local", for example if the netbios domain name is "microsoft", the AD domain name should be  I miss a word "local".  He told me by adding a word "local", it should prevent the conflict between internal domain name and external domain name.

  Now, I've the following questions and hope all for the experts give me some advice:

  - Should I use domain rename tools to rename my internal domain name?
  - By using this tools, will it brings me another problem?  It seems there will have a lot of changes on registery and DNS, I'm afraid it will bring me another problem.
  - If I keep using the old internal domain name, will it bring me a big trouble?  I'm going to install Exchange 2003 Server and ISA 2004 in this environment

   Please give me some advice, thank you.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I think what your friend was getting at was using .local as the domain suffix instead of .com .org etc.   Your domain name should be microsoft.local instead of   As you've said it works that way but I'm not positive how much Exchange is going to like it.  Not too familiar with the domain rename tools but it's probably your only option right now besides doing a complete reinstall.  Definitely make sure you have a good backup and do this on the weekend so you have time to recover if necessary.  Using a .local shouldn't bring you any problems as far as Exchange sending a receiving mail, etc.  I use it on a few of my clients and have never had a problem.  As long as your DNS points to the right address you should be fine.  
Chris DentPowerShell DeveloperCommented:

The main reason the .local (or any other private suffix) is suggested over the use of a public one is the administrative overhead of maintaining a copy of your Public DNS Records internally.

That is, imagine you have a website hosted by an ISP on with a www entry on your external DNS. Because your internal server doesn't know anything about the www address it will say it doesn't exist to internal clients. This www address would have to be manually added to your own DNS to get it to work again internally.

The use of a .local suffix bypasses this because your server is no longer responsible for, instead it owns mydomain.local so the public requests go off to the authority for the domain (most often your ISPs DNS).

Exchange won't mind what domain name you use really as long as it can happily resolve external addresses. Of course if you do use .local then you will have to change the Default Recipient Policy to the .com (or other public suffix) variant so your users have the correct e-mail addressing on their accounts (this should be checked either way really).

So, depending on how far into the Domain Setup you are I wouldn't recommend changing the name unless you feel the administrative overhead of manually updating the internal DNS with external records is too high. The Domain Rename tool is an option, but the process isn't all that easy (unless you have a lot of experience).

For the rest I think Cnewgaard has it covered :)
The company I work has over 200 sites with some hundreds servers and over 4000 workstations, and the internal and external domain name is the same, no problem. Noone from the outside can access the internal network, because of the firewall configurations, and no zone transfer is done in dns between the internal part of the domain and the outside world.

In other words, you haven't done anything wrong, as the other experts has emphasised.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LegalITAuthor Commented:
Thanks all experts
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.