Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows Domain Creation with offsite web server

Posted on 2009-07-06
4
Medium Priority
?
291 Views
Last Modified: 2012-05-07
I am going to be setting up a new domain for a company rollover. Going to start from scratch using all new Windows 2008 servers. All servers will be in house except for the web server (DC, DNS, DHCP, WINS, Exchange etc.) Management has decided to go with an offsite web development company and they insist on hosting the site on their web servers due to ease of change, complexity etc..
So what do I need to watch for or do differently since this web server is offsite while I am creating this new domain environment?  They will be only using the C Name of the domain name.
Can I still use the domainname.com and not have any issues?  I really don't want to use domainname.local for example.

Please advise.
0
Comment
Question by:BattleDogg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 20

Expert Comment

by:Rick Fee
ID: 24787394
Nothing...if the server is off site it should be a standalone server.    No need to be part of the domain.     Public DNS will take care of the resolution by going to www.domainname.com.     Unless you have this domainname.com planned for your AD domain, which I would have a .local you will be fine.     Since you will be using a CNAME you already have a A record.    
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 1000 total points
ID: 24787783

The external web server should not be a member of the domain. This works from several security angles:
It means the Web Hosting Company do not have access to the rest of your network.
It means you don't need a VPN connection between the hosting company and the main network.
It means your domain is secured from any sort of 'hacking' attempt from the outside by exploiting any bugs in the web server software.

You will have problems accessing your web site internally if you use domainname.com as both your internal AD domain and your external web site address. This is because domainname.com *must* resolve to the IP address(es) if your internal AD domain controller(s). If it doesn't, you have a major Active Directory DNS issue.

Using a domain name such as corp.domainname.com for the internal AD domain is much more suitable and means your public web site will still be accessible internally. As a matter of interest, Microsoft use corp.microsoft.com for the root of their forest, so there is no harm in doing so.

With a new deployment you should cure any foreseeable problem before it becomes one, rather than try to work around it afterwards.

-Matt
0
 

Author Comment

by:BattleDogg
ID: 24787983
Thanks tigermatt:

Your last two paragraphs summed up what I needed to know.  I couldn't remember but I thought there was an issue in being setup this way.  Your third paragraph summed it up.
I will be going with corp.domainname.com then for the AD environment.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24788599
Good to hear. Thanks!
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question