Solved

Best Practice for Setting up Domain Controller + DNS Server with FQDN

Posted on 2011-03-13
5
1,898 Views
Last Modified: 2012-06-21
HI there,

I'm setting up a new Domain Controller, DNS, DHCP server from scratch. I'm wanting to do it in the best manner possible. I've been told that using proper FQDN is the best practice for several reasons. I attempted to use our FQDN 'mrdomain.co.nz' as the Domain Controller name, this also happens to be domain of our website (and company). This went through fine. However, i'm concerned this may not be the best practice as i've had a few wee issues with DNS & DHCP.
I'm interesting in hearing the pro's and con's of this method also.


I'm looking for some advice in this manner, and I'm sure more info will need to be provided.

Many thanks
0
Comment
Question by:lemonville
  • 3
5 Comments
 
LVL 7

Expert Comment

by:OxygenITSolutions
ID: 35123645
Everyone is going to have different opinions so I'll just share some of my thoughts.

Search for technet Domain Controller best practices. Plenty of info around.

With 2008, if you are using a single disk system, I am finding using one big C drive is the best option.
Also use something like mrdomain.local or mrdomain.priv . Not best practice to use your public domain name.

Think about your backup Domain Contoller.

Make sure your structure is adequate and think about your naming conventions.

Finally, don't be afraid to wipe your DC if you are not comfortable. It's good practice and cleaner.

Good Luck!!
0
 
LVL 1

Author Comment

by:lemonville
ID: 35123782
Thanks for that.

Regarding your statement on not using a public domain name. Is there any reason for this in particular? Do some people use it?

The other items we are all sorted on.
0
 
LVL 7

Expert Comment

by:OxygenITSolutions
ID: 35123792
Basically, you do not want your Private Infrastructure directly accessible from the internet.
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 35123922
Doesn't really matter if you use your external domain name internally this will not affect your security of your internal domain. There are some pains on having same internal and external domain name though when it comes to DNS and resolving your external domain website if you have one. You can fix this with some DNS records though and an IIS redirect.


http://oddjobsintech.com/active-directory-tip-access-external-website-with-the-same-domain-name-as-your-internal-domain/

Read this article tells you not recommended because of DNS issues but again they can be fixed.

http://technet.microsoft.com/en-us/library/cc755946(WS.10).aspx
0
 
LVL 7

Expert Comment

by:OxygenITSolutions
ID: 35153588
Guy asked for best practices, not security. Best practice is to not use your External Domain Name. You now have an environment you need to patch and hack to get to your website. Very messy. I think you heard what you wanted to hear.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now