Hopefully, we all know what the recommendations for naming an Active Directory forest are, and they're pretty simple. Namely, it can be summed up in a single sentence.
Use a subdomain of an existing, registered domain name, and pick one that's not going to be used externally. For example, if I were to incorporate and register the hopelessn00b.com
domain, my internal AD forest should be named internal.hopelessn00b.com
or ad.hopelessn00b.com
or corp.hopelessn00b.com
.
There are overwhelmingly compelling reasons to avoid using "fake" tlds or single-label domain names, but I'm having a hard time finding similarly compelling reasons to avoid using the root domain (hopelessn00b.com
) as my domain name and use a subdomain such as corp.hopelessn00b.com
instead. Really, the only justification I can seem to find is that accessing the external website from internal requires an A name
DNS record and typing www.
in front of the website name in a browser, which is pretty "meh" as far as problems go.
So, what am I missing? Why is it so much better to use ad.hopelessn00b.com
as my Active Directory forest name over hopelessn00b.com
?
Just for the record, it's really my employer that needs convincing - the boss man is back-peddling, and after giving me the go ahead to create a new AD forest named corp.hopelessn00b'semployer.com
for our internal network, he's wanting to stick with an AD forest named hopelessn00b'semployer.com
(the same as our externally registered domain). I'm hoping that I can get some compelling reason or reasons that the best practice is the better option, so I can convince him of that... because it seems easier than rage quitting and/or finding a new job, at least for the moment. Right now, "Microsoft best practices" and internally accessing the public website for our company don't seem to be cutting it, and I'm really, really, really hoping someone here has something more convincing.