[Last Call] Learn how to a build a cloud-first strategyRegister Now


Will my Active Directory DNS conflict with external DNS servers

Posted on 2009-02-19
Medium Priority
Last Modified: 2012-05-06
Hello all,

I am about to start setting up Active Directory on Windows 2008 in the coming weeks. My setup will be a standard AD procedure with 2 DC Servers and a few weeks later down the line creating a child DC in another country, all connected together.

I am planning to use the company's own domain as the forest name for example company.com. Now this domain already exists as has a mailserver, web server hosted with a 3rd party company and I plan to keep it this way.

My question is, will using the same domain affect my AD Dns with the public Dns worldwide. Keep in mind I also plan to connect a domain server set up in another country. If problem arises I would just use company.local instead but I rather use the proper one to be more streamlined.

I hope my question was understandable and I thank you fin advance for any feedback given. Cheers!
Question by:devereandpartners
LVL 12

Expert Comment

ID: 23684768
According to Microsoft this isn't the best practice.  However, I have seen it done plenty of times without any problems.  

Accepted Solution

blahphish earned 1600 total points
ID: 23684810
Yes, you can do this if you like. You can name your AD domain the same as your external domain - the only thing you will need to be mindful of is that you will configure your DNS servers to be authoritative for the domain and so you can set DNS to point outside your network for services like your website if its hosted externally. For the website example you would set an A record of www to point to the external IP of your website.

Assisted Solution

blahphish earned 1600 total points
ID: 23684847
To be more clear on what I just put - you will likely have two DNS systems to manage. One that is internet side where your domain is registered that will point to your MX records and website (if hosted externally) and then theres your internal DNS servers, which will differ in some situations such as if your mail server is a server on your network and not hosted by a 3rd party then in this case your internal DNS server will have a local IP for your mail server where as the DNS on the internet side will point to the external IP address you setup for your server.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Assisted Solution

smashpmk712 earned 400 total points
ID: 23684875
That is the same setup that I have inherited at my company. (company.com for the domain) The only gotcha that I found is I had to add an entry to my DNS to allow users to brows to our hosted website. If I had the choice I would have made it company.local, I would suggest this for you as well unless you were planning on bringing the website in house in the future. and even then it would not be a big deal.
LVL 85

Expert Comment

ID: 23684904
Your name choice has nothing to do with being "streamlined". Your *internet* presence has nothing at all to do with your *management* domain. You should keep these apart, so as to avoid any possible confusion which is which. Note that even if you're using a suffix like .local, you can still run Exchange or whatever with your normal email addresses, and you can even add an alternate UPN suffix so that users can, for example, logon to your AD domain.local using their email address user@domain.com.
The following article is not limited to SBS, it applies to most AD installations:
The Domain Name System name recommendations for Small Business Server 2000 and Windows Small Business Server 2003
LVL 18

Expert Comment

ID: 23685129
You should not use the same name of your internal AD domain as your external domain name. It is bad practice and create confusion as well as create extra work and troubleshooting down the road...why bother.

Why not just come up with a unique name, like oBdA suggested, you can always create UPN suffix and allow user to logon with username same as their email address which user will have less to complain with.

Author Closing Comment

ID: 31548903
Thanks alot for all the feedback. I will take the most secure option and go with company.local Will avoid needless complication for just adding .com. Cheers

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question