Solved

Internet domain name and AD domain name do not match

Posted on 2016-08-04
5
27 Views
Last Modified: 2016-08-24
Hi, I joined a company that had AD environment, but the AD domain name is totally different from the internet domain name that they own.
Actually, their AD domain name is owned by someone else.

We don't have an in-house web server nor the mail server, so I am not really experiencing real issues.

Do I need to rename it and why? I understand that it's best to do that. It is weird, I know.
But what is wrong with it? What problem can I expect? It is working just fine.

Please advise.

If I really do need to rename it, I can make a clone of the hard drive of the domain controller (we only have one), and try it.
0
Comment
Question by:Member_2_7970390
  • 3
5 Comments
 
LVL 9

Accepted Solution

by:
RantCan earned 250 total points (awarded by participants)
Comment Utility
You do not need to rename your internal domain. It is easier that you don't have web/mail in-house, but you should familiarize yourself with Split-brain/split-horizon dns. You may find that you need to create separate dns zones internally, so that clients can resolve internal domains the same as external. Other than that, if it ain't broke, etc.

Here is a writeup on split brain dns:

http://windowsitpro.com/networking/split-brain-dns
1
 
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 250 total points (awarded by participants)
Comment Utility
If the internal domain is a valid domain that is owned by another entity, you will never be able to reach resources that are hosted publicly on that domain. For instance, if your internal Domain name is Intel.com, you'd never be able to reach intel.com when connected to the internal network because your Internal DNS (which is required for AD to function) hosts its own version of the DNS zone.

Whether or not that is an acceptable situation is up to the people who run the company. If you feel like this will present an issue in the future, report your concerns to the company's decision makers and let them decide. Pulling the trigger on a change like that without executive sign-off is a good way to get fired.

For information, most environments still use AD domain names that are different than their public domain name. It used to be a best practice to use domain.local or domain.internal, but that recommendation has been changed. But unless there is a defined need to change things, don't worry about it.
1
 

Author Comment

by:Member_2_7970390
Comment Utility
Dear RantCan & Adam Brown,
I am so glad that I was not missing a huge point. I really did not see why I had to change the internal domain name.
Since I have web server and mail server outside of our network, I did not see a need. Thank you so much for confirming that.


RantCan, thanks for the article. It is not necessary to have Split-brain DNS right now, but I never understood why it was a problem. Firewall would block it!

Adam, it is a great point. We will never access the website out there with our internal domain name. So it will not become a problem.
0
 
LVL 9

Expert Comment

by:RantCan
Comment Utility
Thanks for the feedback on our answers. Please assign points if we were able to help.
0
 
LVL 9

Expert Comment

by:RantCan
Comment Utility
Splitting points between the Experts.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now