We are currently running a single active directory doamin/forest. Our interanl domain is ad.compnay.com. This internal domain is actualy different than our external domain of company2.com. We have come across some issues with the fact that our internal domain is actualy regsitered external to another compnay especialy with IE7 where it seems to try to connect to this companies proxy automatically unless we run the configuration to not auto detect a proxy. In any case for this and other reasons we want to build a entirely new forest/domain dor our new Windows 2003 R2 structure and eventually take decommison the Windows 2000 domian/forest. The question is it bad securtity practice to have the same external and internal domain especially if the domain is the same as the domian for email? Would it better to change the internal domain to something like comapny3.local instead of company2.com? Also should we have out domain further down int he structure to include an ad.company3.local as well?