1

I know this is a very basic question but I need some help.

I'm setting up a domain controller on Zentyal with the domain name example.com. But I need the domain users to be able to get to our company website with the same name (http://example.com) that's hosted out there on a third party's server.

I know this has something to do with adding a DNS record, but I don't know what type. I would experiment, but I don't want to break the whole works!

3 Answers3

5

Do not name your Active Directory Domain the same as your existing domain. It will cause all sorts of trouble.

Take an unused subdomain for example ad.example.com .

If the organization has an Internet presence, use names that are relative to the registered Internet DNS domain name. For example, if you have registered the Internet DNS domain name contoso.com, use a DNS domain name such as corp.contoso.com for the intranet domain name. --http://support.microsoft.com/kb/909264

84104
  • 12,698
  • 6
  • 43
  • 75
  • I was hoping to take advantage of SSO. Can SSO be configured if they are different? –  Nov 01 '13 at 21:09
  • http://serverfault.com/questions/76715/windows-ad-domain-naming-recommendations/473530#473530 – mfinni Nov 01 '13 at 21:10
  • 1
    @Moses Yes. You have to apply the appropriate mapping via group policy. (If you've got an existing Kerberos REALM, you'll also need to setup a trust.) – 84104 Nov 01 '13 at 21:12
  • @84104 I'll have to do my homework on that one. What problems can occur if they are the same, out of curiosity? –  Nov 01 '13 at 21:46
  • @Moses It mostly has to due with running two different master name servers. The least ugly kludge is to import the zone information from your public NS's SOA, into AD, which is still quite an ugly kludge esp. as there's no standard mechanism for it. – 84104 Nov 01 '13 at 21:58
2

Domain controller hostname should not be equal to web server hostname if they are at different hosts. It's like trying to access two computers using single ip address :) If having different hostnames is not an option for some reason, you may use solutions listed below.

The idea is to setup port forwarding (destination NAT) at domaing controller. You may forward all traffic to port 80 of your domain controller to port 80 of web server.

The same effect may be achieved by using reverse proxy software like NGINX.

Be aware of drawback that without proper handling (e.g. adding proxy-forwarded-for header at nginx) you will not have real client ip addresses at your web server's logs.

Dmitriusan
  • 357
  • 3
  • 13
  • That's workable but awful. It involves installing IIS on every DC, for one thing. – mfinni Nov 01 '13 at 21:09
  • The issue itself is awkward :) If changing domain controller hostname is not an option, it may be the only possible solution. Will update the answer to mention that. – Dmitriusan Nov 01 '13 at 21:13
0

The most basic solution is to add a www DNS entry with the external IP address, so users on the domain can just type www.example.com to get to the external website.

hyp
  • 495
  • 4
  • 12