Solved

internal domain name and activesync

Posted on 2014-12-12
4
214 Views
Last Modified: 2014-12-22
I am setting up a new domain to migrate users off a domain I created about seven years ago.  Part of my internal domain name was owned by someone and caused problems when trying to get SSL certs.  So going to start from scratch then use ADMT to move user accounts, etc

1) for the internal domain name I would like some advice.  my public facing domain is '@someplace.com', so I was going to make my internal domain 'internal.someplace.com', with a NetBIOS name of 'SP'.  So my users, when needed to specify the domain they are logging into would put 'SP\username'.  Any advice on this?

2) I want my users to be able to setup their EAS phones with as little input as possible.  I am aware of autodiscover, but not sure it can provide my users with the domain name if needed.  So then I started thinking well maybe I should set my internal NetBIOS name to 'someplace' as well.  

What is the best practice for the internal domain name and NetBIOS name?
What configuration would make it possible for my EAS phone users to simply enter 'username@someplace.com' and have the remaining fields populate with the correct information (essentially the user's domain and mail server 'mail.someplace.com')

hopefully that is all clear and makes sense.... I saw a Microsoft article that said it is recommended to make the domain prefix and domain NetBIOS name the same...
0
Comment
Question by:Zorniac
  • 2
4 Comments
 
LVL 78

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 100 total points
ID: 40497712
Subdomain name = Netbios name is still recommended.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 400 total points
ID: 40497796
If you are depending on Autodiscover to make mobile clients easier to use, then you are in for a disappointment. It is very unreliable on mobile devices. Not Microsoft's fault, but a problem with the way that the mobile vendors have implemented Autodiscover on their devices.
Hopefully the purchase of Accompli by Microsoft will make life easier, with a client that works correctly instead of the inconsistent native clients.

The internal domain doesn't really matter. I have a number of sites where the NETBIOS domain is XX and the FQDN is xxxxx.com and it doesn't cause a problem. I like having the short NETBIOS name. Just ensure that you are using a domain that you control.

Furthermore, what I do with new domains now is configure the UPN to match their email address. This confuses a lot of admins who think the UPN is their email address (particularly in the wizards for account creation), but it does make life a lot easier for people.

As for your reason for wanting to create a new domain, that isn't really a problem any longer.
If your domain was example.local then you wouldn't be able to include that in the SSL certificate either. The same resolution for that would work for you.
Change all of the Exchange configuration to use your public domain name, split DNS etc. http://semb.ee/hostnames

Simon.
0
 
LVL 1

Author Comment

by:Zorniac
ID: 40501418
Hi David, thanks for confirming that is still the recommendation.  I am going to make sure they are named the same.

Hi Simon, thank you for the information and advice.  I did a little research on UPN.  I was only aware of this through textbooks, but have never implemented it myself.  From what I read, my users will be able to login using the UPN extension, so long as that is what is specified when the account is created, correct?

In regards to the Autodiscover feature... it actually works 90% for me... the only portion that is not getting filled in correctly is the public DNS name.  Is there a way to manually alter the values returned through Autodiscover?

unfortunately, my domain wasn't named with a .local, I went full tilt and did 'someplace.state.us', this domain belongs to the government apparently.  there is also some other non-functioning parts of the domain, and general infrastructure changes, so this seems like the best time to migrate.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40501628
The Autodiscover information comes from the information you have configured in Exchange. If you have put the wrong URLs for the ActiveSync virtual directories then the wrong information will be returned to the client.

Create a test account and run it through the Microsoft test site at http://exrca.com/
That will show you what is being returned to the clients.

Clients can login with the UPN if the correct UPN is set on their account. It doesn't have to be done at the point of account creation.

Simon.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now