Solved

Choosing domain name for AD 2003 domain

Posted on 2009-05-03
12
329 Views
Last Modified: 2012-08-13
Hi people!,

   I am planning a network for a company, and I am wandering how to choose domain name, as I am a bit new to the whole concept.

   I am having problems finding good answers to how should I name the domain, and untill half an hour ago I've ashing about generally recommended company.local AD name.

   However, as the company will probably grow, it seems to me that it is more logical to create domain name like: town.company.tdl (company.tdl is registered). - Now, I am wondering how should I set up domain, etc for this to work? Would this naming scheme, given that computers will have computer-name.town.company.tdl name, would that interfere accessing the web site company.tdl? And what about som services like terminal1.company.tdl, terminal2.company.tdl, services.company.tdl that point to different DSL modems? (DSL connection multiplication for cheap and very fast internet access)

Thanks!
0
Comment
Question by:mrmut
  • 4
  • 3
  • 2
  • +2
12 Comments
 
LVL 1

Assisted Solution

by:wpgwiggum
wpgwiggum earned 100 total points
Comment Utility
You generally want to keep things as simple as possible. Start off with just city.company.tdl.

For services that you will have serving the entire company, you can place those services in the city domain that they are in. It will help when you have mail servers in multiple cities.

If your company will have DataCenters, you might want to have your servers listed in the datacenter...and have workstations listed wherever. It's always easier to move workstations than servers in a domain hierarchy.
0
 
LVL 4

Assisted Solution

by:Macros82
Macros82 earned 100 total points
Comment Utility
There should be no problem with what name your domain it is how you structure it.
I suppose it depends on how the company is segmented and the liklihood of growth.

It may be a good idea to creat subdomains for each physical location for ease of management and scalability.

So a popular naming convention is (remembering FQDN structure):
ComputerName.ChildDomain.ParentDomain

This allows for upwards scaling
0
 
LVL 17

Accepted Solution

by:
OriNetworks earned 250 total points
Comment Utility
internal domain can be named anything you would like. Usually companies make it company.local

So company ABC Inc. might make their domain abc.local  Ending a domain in .local is a best practice from microsoft for DNS reasons. Some companies also use their website name as their internal domain so if your website is abctech.com then you might make it abc.local but you can also keep it abc.com if you wanted becuase again .local is only a best practice.

If you wanted to have subdomains like town.company.local you will have to have an additional domain controller. You would first have to create the initial parent domain named company.local and then create a new child domain on a new domain controller for town.company.local.

.local vs .tld
The difference between using .local versus other TLDs is that local cant really be resolved over the internet which is better from a security perspective. If you name your domain with .local you have better separation of internal records vs public records. If you name your internal domain with a TLD such as .com you will have to make sure than no internal computer names conflict with names that you want to be accessible from the internet otherwise you might have some trouble configuring DNS records.
0
 
LVL 18

Assisted Solution

by:Americom
Americom earned 50 total points
Comment Utility
I agree pretty much what oriNetworks suggested above. keep your internal and public domain separate to avoid confusions and elminiate conflicts and administrative overhead on later troubleshooting DNS configuration. In addiition, the only reason to create child domain is where there's a namespace and secuirty requirements. Creating a domain name space just for a physical location is not legitimate, financially and technically.
0
 
LVL 4

Assisted Solution

by:Macros82
Macros82 earned 100 total points
Comment Utility
Yea i dont know what i was thinking when i wrote that. Please disregard my post!!
0
 

Author Comment

by:mrmut
Comment Utility
Americom, OriNetworks;

   - as I see it the most simple and practical way to do this domain naming is to actually go for domain.local. - How do I than name the second domain in other down?
             - town2.domain.local?


Thank you!
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 1

Assisted Solution

by:wpgwiggum
wpgwiggum earned 100 total points
Comment Utility
Yes. It can be that easy.
0
 

Author Comment

by:mrmut
Comment Utility
OK.

So, I have my first outpost, with domain name company.local in city1
And the second outpost is city2.domain.local

But at one point things will start to get confusing, as the company.local should actually be city1.company.local

What strategy would you advise?
0
 
LVL 17

Assisted Solution

by:OriNetworks
OriNetworks earned 250 total points
Comment Utility
If you are wiling to use additional domain controllers to host these child domain you certainly can but you will have to have the parent domain.local. For example, you can create domain.local at first and only put admin or helpdesk users in that domain. From there you can create 2 child domains named city1 and city2.

So then you would have domain.local, city1.domain.local, and city2.domain.local and you would need atleast 3  separate domain controllers, one or more for each domain.
0
 

Author Comment

by:mrmut
Comment Utility
OK, I've done more research.

MS explicitly states that .local is not recommended: http://technet.microsoft.com/en-us/library/cc738121.aspx

"Using single label names or unregistered suffixes, such as .local, is not recommended."

Can someone please explain why is that?


Now, what is good wrong in actually godin with MS recommendation, but with a few tweaks:

If I actually go and choose domain.tdl as AD domain name, all computers, servers, resources, etc would be resource.domain.tdl.
Regarding the fact that I won't delegate domain DNS handling to company DNS server (http://dynamicnetworkservices.com/ host our domain), all "working" hostnames would point to specific IPs of DSL modems (most plausible solution currently):

terminal.domain.tdl -> DSL1
services.domain.tdl -> DSL2
...
and domain.tdl to a specific web server that host our company's web site, - would I have problems internally if I route those connections to the local service providing server?

I hope I have been clear enough, this is being a big PITA for me.

Here is a diagram what I am trying to accomplish - any criticism is really welcome.

diagram.jpg
0
 
LVL 17

Assisted Solution

by:OriNetworks
OriNetworks earned 250 total points
Comment Utility
Wow I am astonished. All over i've seen examples and best practices to use .local and now they claim the opposite. After doing some research I understand why. They claim using publicly registered DNS namespaces will reduce problems in cases of merging domains or if your company is planning on using Mac Panther OS becuase they do not route the .local namespace. So unless you are worried about merging your domain with someone who has the same internal domain name and if you dont have mac, then you're ok to use anything!

I have 2 domains that I've been using .local with for many years. If you do choose to use .local you will probably use split-dns. This means that your DNS servers will host mycompany.local and mycompany.com but only for internal users. You will have mycompany.com hosted externally by someone elses servers but internally you will have an additional one. If you do this you can assign different IP addresses. So you can make intranet.mycompany.com go to your public webserver to anyone trying to reach it outside and at the same time anyone trying to reach that name from inside can be directed to an internal webserver. Probably a bad example but I hope you know what I mean.

Either way, .local or .tld it doesnt really matter much. I just always thought it was a best practice. I wonder what made microsoft change their mind! Regardless, I'm still using .local
0
 

Author Comment

by:mrmut
Comment Utility
OK, I've decided this is enough, I will open another question for more specific issues.

Thanks to all, I will share points amongst you.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Learn about cloud computing and its benefits for small business owners.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now