I need recommendation should I configure my new domain using dot local or dot com?

I am going to install a new domain controller Windows 2012 R2 (VM) & Exchange 2013 with all the roles on another Windows 2012 R2 (VM) (I use pop3 connector to fetch emails)

I want to use RWW installed at DC & exchange through OWA externally.

Previously I used to configure myserver.mydomain.local & later change the external & internal URL at exchange to mydomain.com

I need recommendation should I configure my new domain using dot local or dot com?
LVL 2
Akash BansalIT ProfessionalAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

Configuring the domain as .local and .com totally depends on how your DNS is registered. As you mentioned then later you changed to .com then i recommend you should use .com while creating your domain. Before installing Exchange 2013 make sure that your Replications are working correctly using the following commands. Once you verified that AD is working properly then on the member server perform the following steps for Installing exchange 2013

repadmin /replsum
repadmin /showrepl
repadmin /bridgeheads
dcdiag /v

On the Windows PowerShell run the following command.

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

Also make sure you installed these Pre-requisites

After you've installed the operating system roles and features, install the following software in the order shown:
.NET Framework 4.5.2
Windows Management Framework 4.0 (included with Windows Server 2012 R2)
Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit

Once you have installed the Pre-requisites you have to prepare the schema and domain for installing Exchange, For this you need to login with an account which is the member of Domain Admin, Schema Admin & Enterprise Admin. Run the following command

Prepare-Schema

Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

Prepare-Active-Directory

Setup.exe /PrepareAD /OrganizationName:"<organization name>" /IAcceptExchangeServerLicenseTerms

For more information refer the  below link

https://technet.microsoft.com/en-in/library/bb691354%28v=exchg.150%29.aspx

Thanks
Manikandan
0
Chris HInfrastructure ManagerCommented:
I've always been told best practice is have different local domain than external domain for DNS sanity.  You want your local doman/SRV records to share no similarities with the outside word.
0
MASEE Solution Guide - Technical Dept HeadCommented:
Agree with choward16980 as it may  create problem in future for you if it matches any other domain which is not owned by you
In the near future you cannot add your internal FQDN in your certificate

But if you keep the same name for internal domain name and external domain name the same also doesn't harm you. As the recommendations in the new versions of exchange is to make both internal URL and external URL the same.
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Akash BansalIT ProfessionalAuthor Commented:
I guess, best practice is updated; certificate authority no longer includes .local.
0
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

To have internal domain and external domain seperate is always recommended. I too agree on this Choward. But as I already said it all depends how you have configured your DNS namespace.

Thanks
Manikandan
0
Akash BansalIT ProfessionalAuthor Commented:
intended dns configuration
0
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Coming from an SBS background where .LOCAL was the norm it was a bit of a thought process to come to where we are now.

Depending on the client we either use their current Internet domain or register and set up a new domain for their corpnet.

We do this for a number of reasons but the primary one is to get rid of certificate errors for publishing Remote Desktop Services.

Based on your description you are deploying Essentials and integrating Exchange 2013?
0
Akash BansalIT ProfessionalAuthor Commented:
yes essentials & integrating exchange 2013
would buy certificate for both

I am also from SBS background.
0
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
I suggest utilizing a public domain as down the road they may opt-in to a RDS setup.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Akash BansalIT ProfessionalAuthor Commented:
Thank you all. You all were right.

As I already have a public domain that is dedicated for this setup.
I am eliminating .local completely; I don't think it would create any issue.
As we have to buy certificates for each server, its better to use public domain only. (certificate authority won't support .local in future)
Both the servers have to be access from outside the LAN.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.