Solved

Internet domain name and AD domain name do not match

Posted on 2016-08-04
5
35 Views
Last Modified: 2016-08-24
Hi, I joined a company that had AD environment, but the AD domain name is totally different from the internet domain name that they own.
Actually, their AD domain name is owned by someone else.

We don't have an in-house web server nor the mail server, so I am not really experiencing real issues.

Do I need to rename it and why? I understand that it's best to do that. It is weird, I know.
But what is wrong with it? What problem can I expect? It is working just fine.

Please advise.

If I really do need to rename it, I can make a clone of the hard drive of the domain controller (we only have one), and try it.
0
Comment
Question by:Member_2_7970390
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 9

Accepted Solution

by:
RantCan earned 250 total points (awarded by participants)
ID: 41742702
You do not need to rename your internal domain. It is easier that you don't have web/mail in-house, but you should familiarize yourself with Split-brain/split-horizon dns. You may find that you need to create separate dns zones internally, so that clients can resolve internal domains the same as external. Other than that, if it ain't broke, etc.

Here is a writeup on split brain dns:

http://windowsitpro.com/networking/split-brain-dns
1
 
LVL 40

Assisted Solution

by:Adam Brown
Adam Brown earned 250 total points (awarded by participants)
ID: 41742867
If the internal domain is a valid domain that is owned by another entity, you will never be able to reach resources that are hosted publicly on that domain. For instance, if your internal Domain name is Intel.com, you'd never be able to reach intel.com when connected to the internal network because your Internal DNS (which is required for AD to function) hosts its own version of the DNS zone.

Whether or not that is an acceptable situation is up to the people who run the company. If you feel like this will present an issue in the future, report your concerns to the company's decision makers and let them decide. Pulling the trigger on a change like that without executive sign-off is a good way to get fired.

For information, most environments still use AD domain names that are different than their public domain name. It used to be a best practice to use domain.local or domain.internal, but that recommendation has been changed. But unless there is a defined need to change things, don't worry about it.
1
 

Author Comment

by:Member_2_7970390
ID: 41743299
Dear RantCan & Adam Brown,
I am so glad that I was not missing a huge point. I really did not see why I had to change the internal domain name.
Since I have web server and mail server outside of our network, I did not see a need. Thank you so much for confirming that.


RantCan, thanks for the article. It is not necessary to have Split-brain DNS right now, but I never understood why it was a problem. Firewall would block it!

Adam, it is a great point. We will never access the website out there with our internal domain name. So it will not become a problem.
0
 
LVL 9

Expert Comment

by:RantCan
ID: 41744927
Thanks for the feedback on our answers. Please assign points if we were able to help.
0
 
LVL 9

Expert Comment

by:RantCan
ID: 41768444
Splitting points between the Experts.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question