1

I am new to windows environment and am trying to set up an AD and Domain controller

Are an Active Directory domain and a DNS domain technically referring to the same thing? Must they be the same at all? e.g. if my DNS domain is "company.com", must my AD domain be "company.com" too?

Reason for asking this question is because of the following observation

  • I have seen workstations join Domains that I am quite sure are not actually valid domain names (e.g. xxx.local)

  • I have seen 2 different domain controllers in 2 different network with different server hostname/domainname (FQDN) e.g.

dc1.brancha.com,
dc1.branchb.com

allowing workstations in their own network to login to the same active directory domain (xxx.local) which is totally not related to the server DNS domain name.

Am I missing something ?

guntbert
  • 553
  • 7
  • 21
Noob
  • 363
  • 2
  • 6
  • 16

1 Answers1

1

Active Directory is based on the DNS system, and the Active Directory Domain Controllers are the authoritative DNS servers for the Active Directory domain. One of the best practice is to choose a dedicated domain name for the Active Directory (so "company.com" is not the best as I think you are using for your web public presence). A 3rd level domain name would be OK (for example "ad.company.com").

Some link for you:

Community
  • 1
Mat
  • 1,783
  • 4
  • 22
  • 39
  • sorry for the late reply, what i am trying to mean is that, even though my company DNS domain is companyX.com , i can have a totally unrelated / separate AD domain name (e.g hahaha.com), since it is just housed inside my DNS server isn't it ? – Noob Oct 17 '15 at 04:16
  • This is not a best practice, because if hahaha.com will be registered by someone in the future you could have some problems on name resolution for this domain. – Mat Oct 18 '15 at 14:57
  • but the AD is for internal consumption only, as long as the resolution hits our internal DNS 1st, how will having hahaha.com register by someone else have any impact ? – Noob Oct 19 '15 at 11:00