I currently have my AD named domain.local, and have registered a domain.com. I'm considering doing a domain rename, which is supported. The idea was to change the name of my AD to domain.com, but it might be an better idea to name the domain ad.domain.com. But is this possible during the domain rename process? This might be a bit more than just a rename. Any feedback would be greatly appreciated.
3 Answers
It would be just a rename still. ad.domain.com
isn't a subdomain (really child domain in AD terms) technically in your instance. It would be the root domain name in your AD environment. You don't have to create domain.com first in order to use ad.domain.com.
And yes, definitely better to go with something like ad.domain.com
than use the same internal and external DNS name.
- 32,352
- 26
- 126
- 188
As long as you don't have Exchange, this is fine.
ad.domain.com would be better than domain.com
http://technet.microsoft.com/en-us/library/cc738121%28WS.10%29.aspx
Using the full domain as the AD domain is usually a bad idea. It can work if you actually run the DNS servers for your domain yourself so your AD DNS is actually the authoritative DNS. If your ISP runs the authoritative domain.com DNS servers and you also use domain.com as your AD domain then you are technically spoofing domain.com. Your own office will only see the 'wrong' information in the AD DNS domain and not the actual information on the official DNS servers. You might not be able to see your own web site, have problems with mail etc. If DNSSEC is used this will actually break the signature chain and your internal DNS won't work at all.
Using a sub-domain like office.domain.com or ad.domain.com as the AD root domain is always a good idea and prevents a lot of headaches.
- 7,572
- 18
- 29