Choosing domain name for AD 2003 domain

Hi people!,

   I am planning a network for a company, and I am wandering how to choose domain name, as I am a bit new to the whole concept.

   I am having problems finding good answers to how should I name the domain, and untill half an hour ago I've ashing about generally recommended company.local AD name.

   However, as the company will probably grow, it seems to me that it is more logical to create domain name like: (company.tdl is registered). - Now, I am wondering how should I set up domain, etc for this to work? Would this naming scheme, given that computers will have name, would that interfere accessing the web site company.tdl? And what about som services like,, that point to different DSL modems? (DSL connection multiplication for cheap and very fast internet access)

Who is Participating?
internal domain can be named anything you would like. Usually companies make it company.local

So company ABC Inc. might make their domain abc.local  Ending a domain in .local is a best practice from microsoft for DNS reasons. Some companies also use their website name as their internal domain so if your website is then you might make it abc.local but you can also keep it if you wanted becuase again .local is only a best practice.

If you wanted to have subdomains like you will have to have an additional domain controller. You would first have to create the initial parent domain named company.local and then create a new child domain on a new domain controller for

.local vs .tld
The difference between using .local versus other TLDs is that local cant really be resolved over the internet which is better from a security perspective. If you name your domain with .local you have better separation of internal records vs public records. If you name your internal domain with a TLD such as .com you will have to make sure than no internal computer names conflict with names that you want to be accessible from the internet otherwise you might have some trouble configuring DNS records.
You generally want to keep things as simple as possible. Start off with just

For services that you will have serving the entire company, you can place those services in the city domain that they are in. It will help when you have mail servers in multiple cities.

If your company will have DataCenters, you might want to have your servers listed in the datacenter...and have workstations listed wherever. It's always easier to move workstations than servers in a domain hierarchy.
There should be no problem with what name your domain it is how you structure it.
I suppose it depends on how the company is segmented and the liklihood of growth.

It may be a good idea to creat subdomains for each physical location for ease of management and scalability.

So a popular naming convention is (remembering FQDN structure):

This allows for upwards scaling
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

I agree pretty much what oriNetworks suggested above. keep your internal and public domain separate to avoid confusions and elminiate conflicts and administrative overhead on later troubleshooting DNS configuration. In addiition, the only reason to create child domain is where there's a namespace and secuirty requirements. Creating a domain name space just for a physical location is not legitimate, financially and technically.
Yea i dont know what i was thinking when i wrote that. Please disregard my post!!
mrmutAuthor Commented:
Americom, OriNetworks;

   - as I see it the most simple and practical way to do this domain naming is to actually go for domain.local. - How do I than name the second domain in other down?
             - town2.domain.local?

Thank you!
Yes. It can be that easy.
mrmutAuthor Commented:

So, I have my first outpost, with domain name company.local in city1
And the second outpost is city2.domain.local

But at one point things will start to get confusing, as the company.local should actually be

What strategy would you advise?
If you are wiling to use additional domain controllers to host these child domain you certainly can but you will have to have the parent domain.local. For example, you can create domain.local at first and only put admin or helpdesk users in that domain. From there you can create 2 child domains named city1 and city2.

So then you would have domain.local, city1.domain.local, and city2.domain.local and you would need atleast 3  separate domain controllers, one or more for each domain.
mrmutAuthor Commented:
OK, I've done more research.

MS explicitly states that .local is not recommended:

"Using single label names or unregistered suffixes, such as .local, is not recommended."

Can someone please explain why is that?

Now, what is good wrong in actually godin with MS recommendation, but with a few tweaks:

If I actually go and choose domain.tdl as AD domain name, all computers, servers, resources, etc would be resource.domain.tdl.
Regarding the fact that I won't delegate domain DNS handling to company DNS server ( host our domain), all "working" hostnames would point to specific IPs of DSL modems (most plausible solution currently):

terminal.domain.tdl -> DSL1
services.domain.tdl -> DSL2
and domain.tdl to a specific web server that host our company's web site, - would I have problems internally if I route those connections to the local service providing server?

I hope I have been clear enough, this is being a big PITA for me.

Here is a diagram what I am trying to accomplish - any criticism is really welcome.

Wow I am astonished. All over i've seen examples and best practices to use .local and now they claim the opposite. After doing some research I understand why. They claim using publicly registered DNS namespaces will reduce problems in cases of merging domains or if your company is planning on using Mac Panther OS becuase they do not route the .local namespace. So unless you are worried about merging your domain with someone who has the same internal domain name and if you dont have mac, then you're ok to use anything!

I have 2 domains that I've been using .local with for many years. If you do choose to use .local you will probably use split-dns. This means that your DNS servers will host mycompany.local and but only for internal users. You will have hosted externally by someone elses servers but internally you will have an additional one. If you do this you can assign different IP addresses. So you can make go to your public webserver to anyone trying to reach it outside and at the same time anyone trying to reach that name from inside can be directed to an internal webserver. Probably a bad example but I hope you know what I mean.

Either way, .local or .tld it doesnt really matter much. I just always thought it was a best practice. I wonder what made microsoft change their mind! Regardless, I'm still using .local
mrmutAuthor Commented:
OK, I've decided this is enough, I will open another question for more specific issues.

Thanks to all, I will share points amongst you.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.