Solved

Windows Domain Creation with offsite web server

Posted on 2009-07-06
4
283 Views
Last Modified: 2012-05-07
I am going to be setting up a new domain for a company rollover. Going to start from scratch using all new Windows 2008 servers. All servers will be in house except for the web server (DC, DNS, DHCP, WINS, Exchange etc.) Management has decided to go with an offsite web development company and they insist on hosting the site on their web servers due to ease of change, complexity etc..
So what do I need to watch for or do differently since this web server is offsite while I am creating this new domain environment?  They will be only using the C Name of the domain name.
Can I still use the domainname.com and not have any issues?  I really don't want to use domainname.local for example.

Please advise.
0
Comment
Question by:BattleDogg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 20

Expert Comment

by:EndureKona
ID: 24787394
Nothing...if the server is off site it should be a standalone server.    No need to be part of the domain.     Public DNS will take care of the resolution by going to www.domainname.com.     Unless you have this domainname.com planned for your AD domain, which I would have a .local you will be fine.     Since you will be using a CNAME you already have a A record.    
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 250 total points
ID: 24787783

The external web server should not be a member of the domain. This works from several security angles:
It means the Web Hosting Company do not have access to the rest of your network.
It means you don't need a VPN connection between the hosting company and the main network.
It means your domain is secured from any sort of 'hacking' attempt from the outside by exploiting any bugs in the web server software.

You will have problems accessing your web site internally if you use domainname.com as both your internal AD domain and your external web site address. This is because domainname.com *must* resolve to the IP address(es) if your internal AD domain controller(s). If it doesn't, you have a major Active Directory DNS issue.

Using a domain name such as corp.domainname.com for the internal AD domain is much more suitable and means your public web site will still be accessible internally. As a matter of interest, Microsoft use corp.microsoft.com for the root of their forest, so there is no harm in doing so.

With a new deployment you should cure any foreseeable problem before it becomes one, rather than try to work around it afterwards.

-Matt
0
 

Author Comment

by:BattleDogg
ID: 24787983
Thanks tigermatt:

Your last two paragraphs summed up what I needed to know.  I couldn't remember but I thought there was an issue in being setup this way.  Your third paragraph summed it up.
I will be going with corp.domainname.com then for the AD environment.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24788599
Good to hear. Thanks!
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A procedure for exporting installed hotfix details of remote computers using powershell
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question