• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1285
  • Last Modified:

Will my Active Directory DNS conflict with external DNS servers

Hello all,

I am about to start setting up Active Directory on Windows 2008 in the coming weeks. My setup will be a standard AD procedure with 2 DC Servers and a few weeks later down the line creating a child DC in another country, all connected together.

I am planning to use the company's own domain as the forest name for example company.com. Now this domain already exists as has a mailserver, web server hosted with a 3rd party company and I plan to keep it this way.

My question is, will using the same domain affect my AD Dns with the public Dns worldwide. Keep in mind I also plan to connect a domain server set up in another country. If problem arises I would just use company.local instead but I rather use the proper one to be more streamlined.

I hope my question was understandable and I thank you fin advance for any feedback given. Cheers!
0
devereandpartners
Asked:
devereandpartners
3 Solutions
 
nsx106052Commented:
According to Microsoft this isn't the best practice.  However, I have seen it done plenty of times without any problems.  
0
 
blahphishCommented:
Yes, you can do this if you like. You can name your AD domain the same as your external domain - the only thing you will need to be mindful of is that you will configure your DNS servers to be authoritative for the domain and so you can set DNS to point outside your network for services like your website if its hosted externally. For the website example you would set an A record of www to point to the external IP of your website.
0
 
blahphishCommented:
To be more clear on what I just put - you will likely have two DNS systems to manage. One that is internet side where your domain is registered that will point to your MX records and website (if hosted externally) and then theres your internal DNS servers, which will differ in some situations such as if your mail server is a server on your network and not hosted by a 3rd party then in this case your internal DNS server will have a local IP for your mail server where as the DNS on the internet side will point to the external IP address you setup for your server.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
smashpmk712Commented:
That is the same setup that I have inherited at my company. (company.com for the domain) The only gotcha that I found is I had to add an entry to my DNS to allow users to brows to our hosted website. If I had the choice I would have made it company.local, I would suggest this for you as well unless you were planning on bringing the website in house in the future. and even then it would not be a big deal.
0
 
oBdACommented:
Your name choice has nothing to do with being "streamlined". Your *internet* presence has nothing at all to do with your *management* domain. You should keep these apart, so as to avoid any possible confusion which is which. Note that even if you're using a suffix like .local, you can still run Exchange or whatever with your normal email addresses, and you can even add an alternate UPN suffix so that users can, for example, logon to your AD domain.local using their email address user@domain.com.
The following article is not limited to SBS, it applies to most AD installations:
The Domain Name System name recommendations for Small Business Server 2000 and Windows Small Business Server 2003
http://support.microsoft.com/kb/296250
0
 
AmericomCommented:
You should not use the same name of your internal AD domain as your external domain name. It is bad practice and create confusion as well as create extra work and troubleshooting down the road...why bother.

Why not just come up with a unique name, like oBdA suggested, you can always create UPN suffix and allow user to logon with username same as their email address which user will have less to complain with.
0
 
devereandpartnersAuthor Commented:
Thanks alot for all the feedback. I will take the most secure option and go with company.local Will avoid needless complication for just adding .com. Cheers
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell┬« is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now