Windows Domain Creation with offsite web server

I am going to be setting up a new domain for a company rollover. Going to start from scratch using all new Windows 2008 servers. All servers will be in house except for the web server (DC, DNS, DHCP, WINS, Exchange etc.) Management has decided to go with an offsite web development company and they insist on hosting the site on their web servers due to ease of change, complexity etc..
So what do I need to watch for or do differently since this web server is offsite while I am creating this new domain environment?  They will be only using the C Name of the domain name.
Can I still use the domainname.com and not have any issues?  I really don't want to use domainname.local for example.

Please advise.
BattleDoggAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Nothing...if the server is off site it should be a standalone server.    No need to be part of the domain.     Public DNS will take care of the resolution by going to www.domainname.com.     Unless you have this domainname.com planned for your AD domain, which I would have a .local you will be fine.     Since you will be using a CNAME you already have a A record.    
0
tigermattCommented:

The external web server should not be a member of the domain. This works from several security angles:
It means the Web Hosting Company do not have access to the rest of your network.
It means you don't need a VPN connection between the hosting company and the main network.
It means your domain is secured from any sort of 'hacking' attempt from the outside by exploiting any bugs in the web server software.

You will have problems accessing your web site internally if you use domainname.com as both your internal AD domain and your external web site address. This is because domainname.com *must* resolve to the IP address(es) if your internal AD domain controller(s). If it doesn't, you have a major Active Directory DNS issue.

Using a domain name such as corp.domainname.com for the internal AD domain is much more suitable and means your public web site will still be accessible internally. As a matter of interest, Microsoft use corp.microsoft.com for the root of their forest, so there is no harm in doing so.

With a new deployment you should cure any foreseeable problem before it becomes one, rather than try to work around it afterwards.

-Matt
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BattleDoggAuthor Commented:
Thanks tigermatt:

Your last two paragraphs summed up what I needed to know.  I couldn't remember but I thought there was an issue in being setup this way.  Your third paragraph summed it up.
I will be going with corp.domainname.com then for the AD environment.
0
tigermattCommented:
Good to hear. Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.