Solved

Active Directory/DNS and Domain Name

Posted on 2009-07-08
8
466 Views
Last Modified: 2012-06-27
I have a network that is controlled by a windows 2003 AD. The network domain was setup as somedomain.com. (somedomain.com is also our website address). The AD servers are set external to our network. This means that our machine names are exposed to the internet. Yes, I know. Very dangerous but the firewall blocks any traffic. The AD DNS contains records for computers on the network as well as our web sites we host. We are trying to correct this problem as well as a few others. I do have one question I am not sure of. Our AD domain is somedomain.com. when I type that into the web browser it doesnt resolve anywhere. (If I type www.somedomain.com it works fine) When I do an NSLookup it returns all of our AD servers. I need this domain to point to our webserver/website. How do we resolve this even after we have split our DNS and set things up correctly?
0
Comment
Question by:ronayers
8 Comments
 
LVL 11

Accepted Solution

by:
willettmeister earned 100 total points
ID: 24805141
I don't think that you are going to be able to resolve somedomain.com on the web until you cleanup DNS.  The entries that are in DNS currently are required for proper AD functionality.  If you modify them you will likely cause your self problems.  If you are planning on making a new domain and migrating the existing machines then to a new domain like somdomain.local then you coudl eventually point somedomain.com to the webserver but there is a lot of cleanup that is necessary first.
0
 
LVL 1

Assisted Solution

by:Wildone63
Wildone63 earned 100 total points
ID: 24805206
This can be quite confusing but if you follow a few simple rules of thumb you should be ok.

First you would create the "Internal DNS" that will support your active directory, Your Internal domain  should be called something like somedomain.local then on the same DNS server create a second DNS zone for External addresses that You control such as your web site and setup forwarders for all other requests. The External Domain will be somedomain.com. You need to configure your pc's that are internal to use the .local dns suffix. So your DNS server will resolve all local addresses and forward external DNS request's to your ISP's DNS servers

Hope this helps.
0
 
LVL 10

Assisted Solution

by:Alan_White
Alan_White earned 100 total points
ID: 24805222
I concur.
You are in a whole lot trouble.  I believe you would be best buying in some consultantancy to get you back on track.  If this was a test site, go ahead and try stuff, but dont mess with DNS in a live environment unless you are 100% sure what you are doing.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 18

Assisted Solution

by:Americom
Americom earned 100 total points
ID: 24805357
What you should probably do is create a new AD domain either with somedomain.local or just newdomain.somedomain.com. See debate on which one to use here:http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23446306.html
I personally prefer the second one as a new root domain. This means the  "newdomain" is not a child domain of "somedomain.com". It is a completely separate domain from "somedomain.com" and it has and runs on it's own DNS. Once that's setup, you can create trust between "somedomain.com" and "newdomain.somedomain.com" and migrate all the internal servers from "somedomain.com" to "newdomain.somedomain.com" and leave the systems in the somedomain.com such as if it's external web or DNS servers etc. Then for your internal domain "newdomain.somedomain.com", configure your DNS to forward unresolve quiery to external DNS in the "somedomain.com". You can also eliminate the establised or just leave one-way trust from external to internal domain, this way you in the internal can access the external resources but not the other way around.
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 100 total points
ID: 24806723

> How do we resolve this even after we have split our DNS and set things up correctly?

For the rest of the world you'll be able to deal with that if you split the public DNS service out. I strongly advise you find somewhere to host it. In my opinion public DNS services have no place on Domain Controllers.

However, unless you rename the AD domain, or rebuild it entirely you will not be able to use "http://domain.com" within your own network. AD must keep that name, it's essential to the operation of your domain.

I would also go with "newdomain.somedomain.com", an example of that would be corp.contoso.com. But unless there's a desperate need to rebuild the domain I would just have everyone inside use "www.somedomain.com" rather than make yourself a lot of work. Putting aside this limitation there's no real reason you can't use "somedomain.com" for AD.

Chris
0
 
LVL 18

Expert Comment

by:Americom
ID: 24984732
I suggest points be splited.
0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 25018164
Americom,
 can you post the comments you would recomment for split in the form:
  http://#a<comment id>

thanks
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question