Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Internet domain name and AD domain name do not match

Posted on 2016-08-04
5
Medium Priority
?
45 Views
Last Modified: 2016-08-24
Hi, I joined a company that had AD environment, but the AD domain name is totally different from the internet domain name that they own.
Actually, their AD domain name is owned by someone else.

We don't have an in-house web server nor the mail server, so I am not really experiencing real issues.

Do I need to rename it and why? I understand that it's best to do that. It is weird, I know.
But what is wrong with it? What problem can I expect? It is working just fine.

Please advise.

If I really do need to rename it, I can make a clone of the hard drive of the domain controller (we only have one), and try it.
0
Comment
Question by:Member_2_7970390
  • 3
5 Comments
 
LVL 9

Accepted Solution

by:
RantCan earned 1000 total points (awarded by participants)
ID: 41742702
You do not need to rename your internal domain. It is easier that you don't have web/mail in-house, but you should familiarize yourself with Split-brain/split-horizon dns. You may find that you need to create separate dns zones internally, so that clients can resolve internal domains the same as external. Other than that, if it ain't broke, etc.

Here is a writeup on split brain dns:

http://windowsitpro.com/networking/split-brain-dns
1
 
LVL 43

Assisted Solution

by:Adam Brown
Adam Brown earned 1000 total points (awarded by participants)
ID: 41742867
If the internal domain is a valid domain that is owned by another entity, you will never be able to reach resources that are hosted publicly on that domain. For instance, if your internal Domain name is Intel.com, you'd never be able to reach intel.com when connected to the internal network because your Internal DNS (which is required for AD to function) hosts its own version of the DNS zone.

Whether or not that is an acceptable situation is up to the people who run the company. If you feel like this will present an issue in the future, report your concerns to the company's decision makers and let them decide. Pulling the trigger on a change like that without executive sign-off is a good way to get fired.

For information, most environments still use AD domain names that are different than their public domain name. It used to be a best practice to use domain.local or domain.internal, but that recommendation has been changed. But unless there is a defined need to change things, don't worry about it.
1
 

Author Comment

by:Member_2_7970390
ID: 41743299
Dear RantCan & Adam Brown,
I am so glad that I was not missing a huge point. I really did not see why I had to change the internal domain name.
Since I have web server and mail server outside of our network, I did not see a need. Thank you so much for confirming that.


RantCan, thanks for the article. It is not necessary to have Split-brain DNS right now, but I never understood why it was a problem. Firewall would block it!

Adam, it is a great point. We will never access the website out there with our internal domain name. So it will not become a problem.
0
 
LVL 9

Expert Comment

by:RantCan
ID: 41744927
Thanks for the feedback on our answers. Please assign points if we were able to help.
0
 
LVL 9

Expert Comment

by:RantCan
ID: 41768444
Splitting points between the Experts.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Let's recap what we learned from yesterday's Skyport Systems webinar.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question