Issues with using real domain for Active Directory domain?

Is there any kind of reason that I should not make use of as my advertisement domain name versus example.local or a few other non - existant version?

2022-06-07 14:34:46
Source Share
Answers: 3

Don't utilize your "real domain name name" for an Active Directory domain. The factor that AdamB offered as a "PITA factor" is specifically the factor not to, and also it is not simply a "PITA".

It misbehaves technique to install a DNS web server that is reliable for a domain name that currently has reliable nameservers in other places. If you do it, you'll quickly intend to settle the "already authoritative" names and also have a mess of by hand replicating documents right into your inner DNS web servers.

If you desire a namespace adjoining with your "real" domain, attempt something like "". Leave "" from it.


Now I assume I see where you are going. You need to actually real up on just how DNS is made use of by Active Directory ( You actually do desire to organize the DNS for Active Directory in your area!

The DNS for your Internet domain (for your e-mail, internet site, etc) definitely needs to be organized on the surface , yet that does not need to be (and also actually should not be) the very same domain you make use of for your Active Directory domain.

Your exterior DNS host is most likely not mosting likely to sustain all the attributes that you require to begin Directory job effectively in their DNS web servers. Specifically, they are possibly not mosting likely to sustain vibrant DNS enrollment or GSSAPI - based safe and secure updates.

Past that, every one of your domain name - participant customer and also web server computer systems are mosting likely to require DNS to do standard points like logons and also application of team plan. You do not intend to link that to your Internet link being up!

You've reached make use of a Windows Server computer system to host Active Directory itself. It prevails technique to additionally make use of those domain name controller computer systems to host DNS for the Active Directory (and also usually to onward ask for various other names to the ISP is DNS web servers or the origin DNS web servers) and also to make use of these DNS web servers as the DNS web servers for all domain name - participant customer and also web server computer systems.

2022-06-07 15:00:15

I acquired a network where the inner and also exterior DNS names coincided. This was a reasonably local business, with just a couple of exterior hosts so the troubles I had were small. The inner DNS was organized in your area, and also I would highly advise you do the very same. The exterior DNS was organized at an ISP and also just consisted of documents for hosts that required to be obtainable from the Internet. The (small) troubles I had were largely in seeing to it I replicated any kind of Internet - obtainable hosts on both the inner and also exterior DNS.

As an example, came both within and also outside the network, as were the hosts vpn and also www . I required to see to it both DNS web servers were transformed when any one of those hosts transformed (which they did a couple of times).

Profits - this is not an ideal technique. Yet if you just have a couple of Internet - obtainable hosts, it is not that large a bargain. You need to actually, actually host your advertisement DNS on your neighborhood domain name controllers. You possibly should not reveal your neighborhood DNS to the Internet.

2022-06-07 14:58:45

I like this strategy The only PITA variable I've located with this is if you make an adjustment to your exterior DNS (for civil services, not advertisement - connected) web server, you need to bear in mind to change/add the access right into your inner DNS web server.

So, as an example, if you relocate your internet site to an additional IP address and also transform your access with (or godaddy or any place), you need to go in and also transform the IP on your neighborhood DNS web server.

EDIT: I found an MS write-up called "Naming Conventions for Active Directory for computers, domains, sites, and OUs".

Because record, they claim:

A DNS namespace that is attached to the Internet has to be a subdomain of a leading - degree or 2nd - degree domain name of the Internet DNS namespace.

Better because record, they advise something like as an instance.

2022-06-07 14:54:07