Solved

Windows 2012R2 & Exchange 2013 - Recommended domain naming.

Posted on 2014-03-10
5
557 Views
Last Modified: 2014-03-11
Hello Experts,

We are preparing to deploy a Windows 2012R2 server (AD) + Windows Server 2012R2 with Exchange 2013.

In the Windows 2008 domain that it is replacing, we kept the local domain independent of their Internet domain name.  Company.Local versus CompanyInternetName.Org, where their email address format was UserName@CompanyInternetName.org.  

A colleague indicated that Microsoft recommends that in the Windows2012/Exchange2013 environment, that the internal domain name be kept consistent with the public domain.  Therefore, to maintain the new internal domain name as CompanyInternetName.org.
- http://exchangeserverpro.com/ssl-requirements-for-exchange-when-certificate-authorities-wont-issue-certificate/
- http://autodiscover.wordpress.com/2012/07/09/no-more-local-names-in-the-certificate-starting-november-2015-msexchange-lync-ucoms-lync2010-microsoft-part1/ 

Before embarking, I thought I'd check in with the Experts.  

Could you please offer some feedback and recommendations?

Thanks in advance.
RealTimer
0
Comment
Question by:realtimer
5 Comments
 
LVL 39

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 39918384
I wrote a blog on the subject not too long ago: http://acbrownit.wordpress.com/2013/04/15/active-directory-domain-naming-in-the-modern-age/

Generally, Microsoft recommends using a subdomain of your public domain for the Internal Domain Name. This allows you to use SSL certificates without having to deal with Split horizon DNS.
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 39918566
Microsoft continues to be inconsistent in this issue. Essentials, even in 2012 R2, continues to use .local for example,

My recommendation? Avoid .local, as it is now officially used by mDNS. It can be used, but staying compliant with RFC is a little more touchy,

I also don't like using publicly available TLDs, especially in smaller environments where buyouts and mergers can happen, and AD renames are a whim of the new owner.

I recommend going generic, yet private, for a plumbing service, i'd use plumbing.internal. Or something similar. Generic enough that a merger won't have the old company's name in it, and the .internal is not publicly reachable and avoids the split-brain DNS issues that made .local a popular choice.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 39919378
These days, I'm preferring to go with a sub domain of one of your owned DNS domain.  For example:

ad.mycompany.com
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 39919478
I recommend going generic, yet private, for a plumbing service, i'd use plumbing.internal. Or something similar. Generic enough that a merger won't have the old company's name in it, and the .internal is not publicly reachable and avoids the split-brain DNS issues that made .local a popular choice.

Just as a note, ICANN has basically opened DNS up to allow *any* TLD to be potentially routeable, so whatever domain you use should be one you own if you want to be RFC compliant. Using a subdomain of your existing public domain is much simpler and probably the best way to do it since Public CAs are clamping down on available host names in SSL certificates. You can continue to use .local if you want to (And Essentials uses it because it assumes that companies using that server do not already have public DNS), you just won't be able to get an SSL certificate unless you happen to own the .local Domain in the public space. This isn't a huge deal if you know what you're doing, because there are always ways around the issue of Split Horizon DNS and Autodiscover in Exchange.
0
 

Author Comment

by:realtimer
ID: 39922114
Thanks everyone.  Input is appreciated.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Find out what you should include to make the best professional email signature for your organization.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now