Solved

Windows 2012R2 & Exchange 2013 - Recommended domain naming.

Posted on 2014-03-10
5
569 Views
Last Modified: 2014-03-11
Hello Experts,

We are preparing to deploy a Windows 2012R2 server (AD) + Windows Server 2012R2 with Exchange 2013.

In the Windows 2008 domain that it is replacing, we kept the local domain independent of their Internet domain name.  Company.Local versus CompanyInternetName.Org, where their email address format was UserName@CompanyInternetName.org.  

A colleague indicated that Microsoft recommends that in the Windows2012/Exchange2013 environment, that the internal domain name be kept consistent with the public domain.  Therefore, to maintain the new internal domain name as CompanyInternetName.org.
- http://exchangeserverpro.com/ssl-requirements-for-exchange-when-certificate-authorities-wont-issue-certificate/
- http://autodiscover.wordpress.com/2012/07/09/no-more-local-names-in-the-certificate-starting-november-2015-msexchange-lync-ucoms-lync2010-microsoft-part1/ 

Before embarking, I thought I'd check in with the Experts.  

Could you please offer some feedback and recommendations?

Thanks in advance.
RealTimer
0
Comment
Question by:realtimer
5 Comments
 
LVL 40

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 39918384
I wrote a blog on the subject not too long ago: http://acbrownit.wordpress.com/2013/04/15/active-directory-domain-naming-in-the-modern-age/

Generally, Microsoft recommends using a subdomain of your public domain for the Internal Domain Name. This allows you to use SSL certificates without having to deal with Split horizon DNS.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39918566
Microsoft continues to be inconsistent in this issue. Essentials, even in 2012 R2, continues to use .local for example,

My recommendation? Avoid .local, as it is now officially used by mDNS. It can be used, but staying compliant with RFC is a little more touchy,

I also don't like using publicly available TLDs, especially in smaller environments where buyouts and mergers can happen, and AD renames are a whim of the new owner.

I recommend going generic, yet private, for a plumbing service, i'd use plumbing.internal. Or something similar. Generic enough that a merger won't have the old company's name in it, and the .internal is not publicly reachable and avoids the split-brain DNS issues that made .local a popular choice.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 39919378
These days, I'm preferring to go with a sub domain of one of your owned DNS domain.  For example:

ad.mycompany.com
0
 
LVL 40

Expert Comment

by:Adam Brown
ID: 39919478
I recommend going generic, yet private, for a plumbing service, i'd use plumbing.internal. Or something similar. Generic enough that a merger won't have the old company's name in it, and the .internal is not publicly reachable and avoids the split-brain DNS issues that made .local a popular choice.

Just as a note, ICANN has basically opened DNS up to allow *any* TLD to be potentially routeable, so whatever domain you use should be one you own if you want to be RFC compliant. Using a subdomain of your existing public domain is much simpler and probably the best way to do it since Public CAs are clamping down on available host names in SSL certificates. You can continue to use .local if you want to (And Essentials uses it because it assumes that companies using that server do not already have public DNS), you just won't be able to get an SSL certificate unless you happen to own the .local Domain in the public space. This isn't a huge deal if you know what you're doing, because there are always ways around the issue of Split Horizon DNS and Autodiscover in Exchange.
0
 

Author Comment

by:realtimer
ID: 39922114
Thanks everyone.  Input is appreciated.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the adminiā€¦

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question