Solved

Windows Domain Creation with offsite web server

Posted on 2009-07-06
4
272 Views
Last Modified: 2012-05-07
I am going to be setting up a new domain for a company rollover. Going to start from scratch using all new Windows 2008 servers. All servers will be in house except for the web server (DC, DNS, DHCP, WINS, Exchange etc.) Management has decided to go with an offsite web development company and they insist on hosting the site on their web servers due to ease of change, complexity etc..
So what do I need to watch for or do differently since this web server is offsite while I am creating this new domain environment?  They will be only using the C Name of the domain name.
Can I still use the domainname.com and not have any issues?  I really don't want to use domainname.local for example.

Please advise.
0
Comment
Question by:BattleDogg
  • 2
4 Comments
 
LVL 20

Expert Comment

by:EndureKona
ID: 24787394
Nothing...if the server is off site it should be a standalone server.    No need to be part of the domain.     Public DNS will take care of the resolution by going to www.domainname.com.     Unless you have this domainname.com planned for your AD domain, which I would have a .local you will be fine.     Since you will be using a CNAME you already have a A record.    
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 250 total points
ID: 24787783

The external web server should not be a member of the domain. This works from several security angles:
It means the Web Hosting Company do not have access to the rest of your network.
It means you don't need a VPN connection between the hosting company and the main network.
It means your domain is secured from any sort of 'hacking' attempt from the outside by exploiting any bugs in the web server software.

You will have problems accessing your web site internally if you use domainname.com as both your internal AD domain and your external web site address. This is because domainname.com *must* resolve to the IP address(es) if your internal AD domain controller(s). If it doesn't, you have a major Active Directory DNS issue.

Using a domain name such as corp.domainname.com for the internal AD domain is much more suitable and means your public web site will still be accessible internally. As a matter of interest, Microsoft use corp.microsoft.com for the root of their forest, so there is no harm in doing so.

With a new deployment you should cure any foreseeable problem before it becomes one, rather than try to work around it afterwards.

-Matt
0
 

Author Comment

by:BattleDogg
ID: 24787983
Thanks tigermatt:

Your last two paragraphs summed up what I needed to know.  I couldn't remember but I thought there was an issue in being setup this way.  Your third paragraph summed it up.
I will be going with corp.domainname.com then for the AD environment.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24788599
Good to hear. Thanks!
0

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now