Solved

Internet domain name and AD domain name do not match

Posted on 2016-08-04
5
29 Views
Last Modified: 2016-08-24
Hi, I joined a company that had AD environment, but the AD domain name is totally different from the internet domain name that they own.
Actually, their AD domain name is owned by someone else.

We don't have an in-house web server nor the mail server, so I am not really experiencing real issues.

Do I need to rename it and why? I understand that it's best to do that. It is weird, I know.
But what is wrong with it? What problem can I expect? It is working just fine.

Please advise.

If I really do need to rename it, I can make a clone of the hard drive of the domain controller (we only have one), and try it.
0
Comment
Question by:Member_2_7970390
  • 3
5 Comments
 
LVL 9

Accepted Solution

by:
RantCan earned 250 total points (awarded by participants)
ID: 41742702
You do not need to rename your internal domain. It is easier that you don't have web/mail in-house, but you should familiarize yourself with Split-brain/split-horizon dns. You may find that you need to create separate dns zones internally, so that clients can resolve internal domains the same as external. Other than that, if it ain't broke, etc.

Here is a writeup on split brain dns:

http://windowsitpro.com/networking/split-brain-dns
1
 
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 250 total points (awarded by participants)
ID: 41742867
If the internal domain is a valid domain that is owned by another entity, you will never be able to reach resources that are hosted publicly on that domain. For instance, if your internal Domain name is Intel.com, you'd never be able to reach intel.com when connected to the internal network because your Internal DNS (which is required for AD to function) hosts its own version of the DNS zone.

Whether or not that is an acceptable situation is up to the people who run the company. If you feel like this will present an issue in the future, report your concerns to the company's decision makers and let them decide. Pulling the trigger on a change like that without executive sign-off is a good way to get fired.

For information, most environments still use AD domain names that are different than their public domain name. It used to be a best practice to use domain.local or domain.internal, but that recommendation has been changed. But unless there is a defined need to change things, don't worry about it.
1
 

Author Comment

by:Member_2_7970390
ID: 41743299
Dear RantCan & Adam Brown,
I am so glad that I was not missing a huge point. I really did not see why I had to change the internal domain name.
Since I have web server and mail server outside of our network, I did not see a need. Thank you so much for confirming that.


RantCan, thanks for the article. It is not necessary to have Split-brain DNS right now, but I never understood why it was a problem. Firewall would block it!

Adam, it is a great point. We will never access the website out there with our internal domain name. So it will not become a problem.
0
 
LVL 9

Expert Comment

by:RantCan
ID: 41744927
Thanks for the feedback on our answers. Please assign points if we were able to help.
0
 
LVL 9

Expert Comment

by:RantCan
ID: 41768444
Splitting points between the Experts.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now