Solved

Windows 2012R2 & Exchange 2013 - Recommended domain naming.

Posted on 2014-03-10
5
544 Views
Last Modified: 2014-03-11
Hello Experts,

We are preparing to deploy a Windows 2012R2 server (AD) + Windows Server 2012R2 with Exchange 2013.

In the Windows 2008 domain that it is replacing, we kept the local domain independent of their Internet domain name.  Company.Local versus CompanyInternetName.Org, where their email address format was UserName@CompanyInternetName.org.  

A colleague indicated that Microsoft recommends that in the Windows2012/Exchange2013 environment, that the internal domain name be kept consistent with the public domain.  Therefore, to maintain the new internal domain name as CompanyInternetName.org.
- http://exchangeserverpro.com/ssl-requirements-for-exchange-when-certificate-authorities-wont-issue-certificate/
- http://autodiscover.wordpress.com/2012/07/09/no-more-local-names-in-the-certificate-starting-november-2015-msexchange-lync-ucoms-lync2010-microsoft-part1/

Before embarking, I thought I'd check in with the Experts.  

Could you please offer some feedback and recommendations?

Thanks in advance.
RealTimer
0
Comment
Question by:realtimer
5 Comments
 
LVL 38

Accepted Solution

by:
Adam Brown earned 500 total points
Comment Utility
I wrote a blog on the subject not too long ago: http://acbrownit.wordpress.com/2013/04/15/active-directory-domain-naming-in-the-modern-age/

Generally, Microsoft recommends using a subdomain of your public domain for the Internal Domain Name. This allows you to use SSL certificates without having to deal with Split horizon DNS.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
Microsoft continues to be inconsistent in this issue. Essentials, even in 2012 R2, continues to use .local for example,

My recommendation? Avoid .local, as it is now officially used by mDNS. It can be used, but staying compliant with RFC is a little more touchy,

I also don't like using publicly available TLDs, especially in smaller environments where buyouts and mergers can happen, and AD renames are a whim of the new owner.

I recommend going generic, yet private, for a plumbing service, i'd use plumbing.internal. Or something similar. Generic enough that a merger won't have the old company's name in it, and the .internal is not publicly reachable and avoids the split-brain DNS issues that made .local a popular choice.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
These days, I'm preferring to go with a sub domain of one of your owned DNS domain.  For example:

ad.mycompany.com
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
I recommend going generic, yet private, for a plumbing service, i'd use plumbing.internal. Or something similar. Generic enough that a merger won't have the old company's name in it, and the .internal is not publicly reachable and avoids the split-brain DNS issues that made .local a popular choice.

Just as a note, ICANN has basically opened DNS up to allow *any* TLD to be potentially routeable, so whatever domain you use should be one you own if you want to be RFC compliant. Using a subdomain of your existing public domain is much simpler and probably the best way to do it since Public CAs are clamping down on available host names in SSL certificates. You can continue to use .local if you want to (And Essentials uses it because it assumes that companies using that server do not already have public DNS), you just won't be able to get an SSL certificate unless you happen to own the .local Domain in the public space. This isn't a huge deal if you know what you're doing, because there are always ways around the issue of Split Horizon DNS and Autodiscover in Exchange.
0
 

Author Comment

by:realtimer
Comment Utility
Thanks everyone.  Input is appreciated.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now