?
Solved

Choosing domain name for AD 2003 domain

Posted on 2009-05-03
12
Medium Priority
?
336 Views
Last Modified: 2012-08-13
Hi people!,

   I am planning a network for a company, and I am wandering how to choose domain name, as I am a bit new to the whole concept.

   I am having problems finding good answers to how should I name the domain, and untill half an hour ago I've ashing about generally recommended company.local AD name.

   However, as the company will probably grow, it seems to me that it is more logical to create domain name like: town.company.tdl (company.tdl is registered). - Now, I am wondering how should I set up domain, etc for this to work? Would this naming scheme, given that computers will have computer-name.town.company.tdl name, would that interfere accessing the web site company.tdl? And what about som services like terminal1.company.tdl, terminal2.company.tdl, services.company.tdl that point to different DSL modems? (DSL connection multiplication for cheap and very fast internet access)

Thanks!
0
Comment
Question by:mrmut
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
12 Comments
 
LVL 1

Assisted Solution

by:wpgwiggum
wpgwiggum earned 400 total points
ID: 24291829
You generally want to keep things as simple as possible. Start off with just city.company.tdl.

For services that you will have serving the entire company, you can place those services in the city domain that they are in. It will help when you have mail servers in multiple cities.

If your company will have DataCenters, you might want to have your servers listed in the datacenter...and have workstations listed wherever. It's always easier to move workstations than servers in a domain hierarchy.
0
 
LVL 4

Assisted Solution

by:Macros82
Macros82 earned 400 total points
ID: 24291846
There should be no problem with what name your domain it is how you structure it.
I suppose it depends on how the company is segmented and the liklihood of growth.

It may be a good idea to creat subdomains for each physical location for ease of management and scalability.

So a popular naming convention is (remembering FQDN structure):
ComputerName.ChildDomain.ParentDomain

This allows for upwards scaling
0
 
LVL 17

Accepted Solution

by:
OriNetworks earned 1000 total points
ID: 24291875
internal domain can be named anything you would like. Usually companies make it company.local

So company ABC Inc. might make their domain abc.local  Ending a domain in .local is a best practice from microsoft for DNS reasons. Some companies also use their website name as their internal domain so if your website is abctech.com then you might make it abc.local but you can also keep it abc.com if you wanted becuase again .local is only a best practice.

If you wanted to have subdomains like town.company.local you will have to have an additional domain controller. You would first have to create the initial parent domain named company.local and then create a new child domain on a new domain controller for town.company.local.

.local vs .tld
The difference between using .local versus other TLDs is that local cant really be resolved over the internet which is better from a security perspective. If you name your domain with .local you have better separation of internal records vs public records. If you name your internal domain with a TLD such as .com you will have to make sure than no internal computer names conflict with names that you want to be accessible from the internet otherwise you might have some trouble configuring DNS records.
0
Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

 
LVL 18

Assisted Solution

by:Americom
Americom earned 200 total points
ID: 24292118
I agree pretty much what oriNetworks suggested above. keep your internal and public domain separate to avoid confusions and elminiate conflicts and administrative overhead on later troubleshooting DNS configuration. In addiition, the only reason to create child domain is where there's a namespace and secuirty requirements. Creating a domain name space just for a physical location is not legitimate, financially and technically.
0
 
LVL 4

Assisted Solution

by:Macros82
Macros82 earned 400 total points
ID: 24292140
Yea i dont know what i was thinking when i wrote that. Please disregard my post!!
0
 

Author Comment

by:mrmut
ID: 24293992
Americom, OriNetworks;

   - as I see it the most simple and practical way to do this domain naming is to actually go for domain.local. - How do I than name the second domain in other down?
             - town2.domain.local?


Thank you!
0
 
LVL 1

Assisted Solution

by:wpgwiggum
wpgwiggum earned 400 total points
ID: 24294000
Yes. It can be that easy.
0
 

Author Comment

by:mrmut
ID: 24296301
OK.

So, I have my first outpost, with domain name company.local in city1
And the second outpost is city2.domain.local

But at one point things will start to get confusing, as the company.local should actually be city1.company.local

What strategy would you advise?
0
 
LVL 17

Assisted Solution

by:OriNetworks
OriNetworks earned 1000 total points
ID: 24300621
If you are wiling to use additional domain controllers to host these child domain you certainly can but you will have to have the parent domain.local. For example, you can create domain.local at first and only put admin or helpdesk users in that domain. From there you can create 2 child domains named city1 and city2.

So then you would have domain.local, city1.domain.local, and city2.domain.local and you would need atleast 3  separate domain controllers, one or more for each domain.
0
 

Author Comment

by:mrmut
ID: 24309287
OK, I've done more research.

MS explicitly states that .local is not recommended: http://technet.microsoft.com/en-us/library/cc738121.aspx

"Using single label names or unregistered suffixes, such as .local, is not recommended."

Can someone please explain why is that?


Now, what is good wrong in actually godin with MS recommendation, but with a few tweaks:

If I actually go and choose domain.tdl as AD domain name, all computers, servers, resources, etc would be resource.domain.tdl.
Regarding the fact that I won't delegate domain DNS handling to company DNS server (http://dynamicnetworkservices.com/ host our domain), all "working" hostnames would point to specific IPs of DSL modems (most plausible solution currently):

terminal.domain.tdl -> DSL1
services.domain.tdl -> DSL2
...
and domain.tdl to a specific web server that host our company's web site, - would I have problems internally if I route those connections to the local service providing server?

I hope I have been clear enough, this is being a big PITA for me.

Here is a diagram what I am trying to accomplish - any criticism is really welcome.

diagram.jpg
0
 
LVL 17

Assisted Solution

by:OriNetworks
OriNetworks earned 1000 total points
ID: 24310197
Wow I am astonished. All over i've seen examples and best practices to use .local and now they claim the opposite. After doing some research I understand why. They claim using publicly registered DNS namespaces will reduce problems in cases of merging domains or if your company is planning on using Mac Panther OS becuase they do not route the .local namespace. So unless you are worried about merging your domain with someone who has the same internal domain name and if you dont have mac, then you're ok to use anything!

I have 2 domains that I've been using .local with for many years. If you do choose to use .local you will probably use split-dns. This means that your DNS servers will host mycompany.local and mycompany.com but only for internal users. You will have mycompany.com hosted externally by someone elses servers but internally you will have an additional one. If you do this you can assign different IP addresses. So you can make intranet.mycompany.com go to your public webserver to anyone trying to reach it outside and at the same time anyone trying to reach that name from inside can be directed to an internal webserver. Probably a bad example but I hope you know what I mean.

Either way, .local or .tld it doesnt really matter much. I just always thought it was a best practice. I wonder what made microsoft change their mind! Regardless, I'm still using .local
0
 

Author Comment

by:mrmut
ID: 24312088
OK, I've decided this is enough, I will open another question for more specific issues.

Thanks to all, I will share points amongst you.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question