Active Directory/DNS and Domain Name

I have a network that is controlled by a windows 2003 AD. The network domain was setup as somedomain.com. (somedomain.com is also our website address). The AD servers are set external to our network. This means that our machine names are exposed to the internet. Yes, I know. Very dangerous but the firewall blocks any traffic. The AD DNS contains records for computers on the network as well as our web sites we host. We are trying to correct this problem as well as a few others. I do have one question I am not sure of. Our AD domain is somedomain.com. when I type that into the web browser it doesnt resolve anywhere. (If I type www.somedomain.com it works fine) When I do an NSLookup it returns all of our AD servers. I need this domain to point to our webserver/website. How do we resolve this even after we have split our DNS and set things up correctly?
ronayersAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
willettmeisterConnect With a Mentor Commented:
I don't think that you are going to be able to resolve somedomain.com on the web until you cleanup DNS.  The entries that are in DNS currently are required for proper AD functionality.  If you modify them you will likely cause your self problems.  If you are planning on making a new domain and migrating the existing machines then to a new domain like somdomain.local then you coudl eventually point somedomain.com to the webserver but there is a lot of cleanup that is necessary first.
0
 
Wildone63Connect With a Mentor Commented:
This can be quite confusing but if you follow a few simple rules of thumb you should be ok.

First you would create the "Internal DNS" that will support your active directory, Your Internal domain  should be called something like somedomain.local then on the same DNS server create a second DNS zone for External addresses that You control such as your web site and setup forwarders for all other requests. The External Domain will be somedomain.com. You need to configure your pc's that are internal to use the .local dns suffix. So your DNS server will resolve all local addresses and forward external DNS request's to your ISP's DNS servers

Hope this helps.
0
 
Alan_WhiteConnect With a Mentor Commented:
I concur.
You are in a whole lot trouble.  I believe you would be best buying in some consultantancy to get you back on track.  If this was a test site, go ahead and try stuff, but dont mess with DNS in a live environment unless you are 100% sure what you are doing.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
AmericomConnect With a Mentor Commented:
What you should probably do is create a new AD domain either with somedomain.local or just newdomain.somedomain.com. See debate on which one to use here:http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23446306.html
I personally prefer the second one as a new root domain. This means the  "newdomain" is not a child domain of "somedomain.com". It is a completely separate domain from "somedomain.com" and it has and runs on it's own DNS. Once that's setup, you can create trust between "somedomain.com" and "newdomain.somedomain.com" and migrate all the internal servers from "somedomain.com" to "newdomain.somedomain.com" and leave the systems in the somedomain.com such as if it's external web or DNS servers etc. Then for your internal domain "newdomain.somedomain.com", configure your DNS to forward unresolve quiery to external DNS in the "somedomain.com". You can also eliminate the establised or just leave one-way trust from external to internal domain, this way you in the internal can access the external resources but not the other way around.
0
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

> How do we resolve this even after we have split our DNS and set things up correctly?

For the rest of the world you'll be able to deal with that if you split the public DNS service out. I strongly advise you find somewhere to host it. In my opinion public DNS services have no place on Domain Controllers.

However, unless you rename the AD domain, or rebuild it entirely you will not be able to use "http://domain.com" within your own network. AD must keep that name, it's essential to the operation of your domain.

I would also go with "newdomain.somedomain.com", an example of that would be corp.contoso.com. But unless there's a desperate need to rebuild the domain I would just have everyone inside use "www.somedomain.com" rather than make yourself a lot of work. Putting aside this limitation there's no real reason you can't use "somedomain.com" for AD.

Chris
0
 
AmericomCommented:
I suggest points be splited.
0
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
Americom,
 can you post the comments you would recomment for split in the form:
  http://#a<comment id>

thanks
0
All Courses

From novice to tech pro — start learning today.