Solved

Internet domain name and AD domain name do not match

Posted on 2016-08-04
5
32 Views
Last Modified: 2016-08-24
Hi, I joined a company that had AD environment, but the AD domain name is totally different from the internet domain name that they own.
Actually, their AD domain name is owned by someone else.

We don't have an in-house web server nor the mail server, so I am not really experiencing real issues.

Do I need to rename it and why? I understand that it's best to do that. It is weird, I know.
But what is wrong with it? What problem can I expect? It is working just fine.

Please advise.

If I really do need to rename it, I can make a clone of the hard drive of the domain controller (we only have one), and try it.
0
Comment
Question by:Member_2_7970390
  • 3
5 Comments
 
LVL 9

Accepted Solution

by:
RantCan earned 250 total points (awarded by participants)
ID: 41742702
You do not need to rename your internal domain. It is easier that you don't have web/mail in-house, but you should familiarize yourself with Split-brain/split-horizon dns. You may find that you need to create separate dns zones internally, so that clients can resolve internal domains the same as external. Other than that, if it ain't broke, etc.

Here is a writeup on split brain dns:

http://windowsitpro.com/networking/split-brain-dns
1
 
LVL 39

Assisted Solution

by:Adam Brown
Adam Brown earned 250 total points (awarded by participants)
ID: 41742867
If the internal domain is a valid domain that is owned by another entity, you will never be able to reach resources that are hosted publicly on that domain. For instance, if your internal Domain name is Intel.com, you'd never be able to reach intel.com when connected to the internal network because your Internal DNS (which is required for AD to function) hosts its own version of the DNS zone.

Whether or not that is an acceptable situation is up to the people who run the company. If you feel like this will present an issue in the future, report your concerns to the company's decision makers and let them decide. Pulling the trigger on a change like that without executive sign-off is a good way to get fired.

For information, most environments still use AD domain names that are different than their public domain name. It used to be a best practice to use domain.local or domain.internal, but that recommendation has been changed. But unless there is a defined need to change things, don't worry about it.
1
 

Author Comment

by:Member_2_7970390
ID: 41743299
Dear RantCan & Adam Brown,
I am so glad that I was not missing a huge point. I really did not see why I had to change the internal domain name.
Since I have web server and mail server outside of our network, I did not see a need. Thank you so much for confirming that.


RantCan, thanks for the article. It is not necessary to have Split-brain DNS right now, but I never understood why it was a problem. Firewall would block it!

Adam, it is a great point. We will never access the website out there with our internal domain name. So it will not become a problem.
0
 
LVL 9

Expert Comment

by:RantCan
ID: 41744927
Thanks for the feedback on our answers. Please assign points if we were able to help.
0
 
LVL 9

Expert Comment

by:RantCan
ID: 41768444
Splitting points between the Experts.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question