0

I am setting up a new Active Directory Forest per Microsoft's best practices here by creating a forest root domain the same as my public web site and then creating a subdomain sub.example.com. The problem that I am running in to is public web site name resolution internally.

I've read lots of posts from creating a www record and having users type www in the browser, settings up IIS on the DC, and so forth. The recommendation from Microsoft is to set up forwarding from your internal DNS to an external DNS. Either an external DNS you build yourself or to your ISPs DNS. I have tried adding my ISPs DNS to the forwarder both in the forest root and sub domains, but I am still not able to resolve my web site internally.

What am I missing that will allow this recommended configuration to work?

GuudLuck
  • 11
  • 2
  • 1
    You've misread or misunderstood the article you linked. `The recommended configuration option for a mixed internal and external DNS namespace is to make your internal domain a subdomain of your external domain. For example, an organization that has an external namespace domain name of contoso.com might use the internal namespace domain name corp.contoso.com. Using an internal domain that is a subdomain of an external domain`. - So your internal Forest/Domain should be an unused subdomain of your public domain name. It should not be the same as your public domain name. – joeqwerty Aug 14 '18 at 02:18
  • Also see https://serverfault.com/questions/76715/windows-active-directory-naming-best-practices – HBruijn Aug 14 '18 at 11:07

1 Answers1

3

From the doc you linked to:

make your internal domain a subdomain of your external domain

You should not be creating your active directory domain name with the same domain name as your public website, because it's far too much of a nightmare to make both of them function at the same time.

If your public website is on example.com, make your active directory whatever.example.com. Your users can still log on with usernames like guudluck@example.com by setting the UPN (User Principal Name) suffix for your users to example.com You can still use example as your domain netbios name.

But do not set your full active directory domain name to example.com because you're just in for a world of hurt.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
Mark Henderson
  • 68,316
  • 31
  • 175
  • 255