2

I am setting up an internal AD domain. The company's name is xyz there is already a external domain which the company does not own or is not registered for the company. How should the domain be named? what is the best practice?

truthtriumphs
  • 59
  • 1
  • 8

1 Answers1

5

Register and use a top-level domain name that you own. Do not use a domain name that is owned by another entity, not registered, or not a well-known top-level domain. Using a domain name that is owned by another party could make clients susceptible to DNS hijacking. You Active Directory forest name should be a subdomain of your registered top-level domain, e.g. ad.yourdomain.com, or corp.yourdomain.net.

Greg Askew
  • 34,339
  • 3
  • 52
  • 81
  • The customer does not want to register a domain. Is it ok to use ad.xyz.com ? – truthtriumphs Aug 21 '17 at 15:48
  • 2
    No, that would be a DNS worst-practice. – Greg Askew Aug 21 '17 at 15:49
  • 1
    @truthtriumphs what domain they use for their email ? hotmail.com ? – yagmoth555 Aug 21 '17 at 15:57
  • 1
    This is a nightmare scenario to be honest. Why do they want a domain if they (apparently) don't understand the basic pre-reqs for one? Of course, there are other domain TLDs besides .com so they can still register a valid domain name. – Rob Moir Aug 21 '17 at 16:08
  • 1
    "Customer does not want to register a domain" ... in that case I'd say this post is not good material for Serverfault. This site is supposed to be for professionals. Sorry, don't mean to sound like a dick, but any 13 year-old with daddy's credit card can register a domain name for $25. – Ryan Ries Aug 21 '17 at 22:40
  • yagmoth555, i do not think they have a domain (on the internet) – truthtriumphs Aug 22 '17 at 05:48
  • Heck, they can register one for $12.99. Register a domain - it has no bearing on them needing to host a website, but leaves all their options open. (does this company have customers? want to be discoverable? receive email? Might be handy). As someone who's been on the receiving end of someone else not doing this, it is really a ton of work to correct later on. You now have the knowledge, please put it to use :). The server(s) and software licensing to run AD cost a lot more than the domain registration. See also this question's answers on domain naming: https://serverfault.com/q/76715/17708 – Joshua McKinnon Aug 24 '17 at 02:32