The name of the new Active Directory domain
When you think up the name of a new Active Directory domain, you need to take this seriously as your first child’s name. Of course, this is a joke, but the topic is very important. For those who have not heeded this advice, soon there will be instructions on how to rename the domain.
Before we begin, here are 2 popular practices that are no longer recommended:
• Since Level 1 domains such as .local, .lan, .corp are now available through ICANN, then the domain name you chose today, for example company.local, may become the property of another company tomorrow. If you are still not convinced, then here are some more reasons not to use .local as an AD domain suffix.
')
• When using an external public domain such as company.com, you should avoid the same name for the internal AD domain, because You will have to create 2 separate DNS servers that will manage the same direct zone, which will greatly complicate the administration process.
Currently there are 2 options for naming the AD domain. The first is to use an inactive subdomain of a domain that you use publicly, for example, corp.company.com or internal.company.com. Here are the advantages of this approach:
• You need to register only one domain, even if you later decide to make some of the internal services available globally.
• Allows you to easily and separately manage internal and external domains.
• All internal names will be globally unique.
The disadvantage of this method is the need to use the FQDN for all internal names, so choose a shorter name.
However, if the above proposed option does not fit, you can use another domain as your subdomain that you own, but do not use. For example, if your public domain is company.com, company.net could be internal. The advantage is the uniqueness of all internal names, but the disadvantage is the need to administer 2 domains. After you have decided on the names, make sure that there are no colons (:) and tilde (~) in them.
Before we begin, here are 2 popular practices that are no longer recommended:
• Since Level 1 domains such as .local, .lan, .corp are now available through ICANN, then the domain name you chose today, for example company.local, may become the property of another company tomorrow. If you are still not convinced, then here are some more reasons not to use .local as an AD domain suffix.
')
• When using an external public domain such as company.com, you should avoid the same name for the internal AD domain, because You will have to create 2 separate DNS servers that will manage the same direct zone, which will greatly complicate the administration process.
Currently there are 2 options for naming the AD domain. The first is to use an inactive subdomain of a domain that you use publicly, for example, corp.company.com or internal.company.com. Here are the advantages of this approach:
• You need to register only one domain, even if you later decide to make some of the internal services available globally.
• Allows you to easily and separately manage internal and external domains.
• All internal names will be globally unique.
The disadvantage of this method is the need to use the FQDN for all internal names, so choose a shorter name.
However, if the above proposed option does not fit, you can use another domain as your subdomain that you own, but do not use. For example, if your public domain is company.com, company.net could be internal. The advantage is the uniqueness of all internal names, but the disadvantage is the need to administer 2 domains. After you have decided on the names, make sure that there are no colons (:) and tilde (~) in them.
Source: https://habr.com/ru/post/279863/
All Articles