In every Active Directory environment, the domain name is mapped in the DNS to all active domain controllers; there is an A record for each DC, mapping the domain name to the DC's IP address.
Let's say you have two DCs and your domain name is domain.com
; your DNS will then contain something like this:
domain.com 192.168.0.1
domain.com 192.168.0.2
dc1.domain.com 192.168.0.1
dc2.domain.com 192.168.0.2
Now, if you add a web server, you'll need to add another A record:
www.domain.com 192.168.0.10
Unless your machine is actually called www
, that will probably be handled better by an A record for the server's real name and a CNAME record for the web site name:
webserver.domain.com 192.168.0.10
www.domain.com webserver.domain.com.
Ok, all fine and good; but now you would like users to type domain.com
in their web browsers and access the web server. However, this can't possibly work: the domain name already points to all DCs, and it has to do so in order for Active Directory to work correctly. If someone tries to access domain.com
in a web browser, the browser will try to connect to a random domain controller, which (hopefully!) doesn't even have a web server running; and even if it has IIS installed, it would not be your real web server.
If you really, really, really need to be able to use your AD domain name to reach your website, there is a horribly ugly workaround for this situation; I strongly advise against using it, but here it is: you could install IIS on all domain controllers and configure it to redirect incoming requests to www.domain.com
; when a user types domain.com
in a web browser, the request will reach a random DC; IIS running on that DC will then redirect the user to www.domain.com
. Again: please avoid this solution if possible, because having IIS running on domain controllers is a really bad practice, even if it's used only to redirect requests elsewhere.