Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Domain Naming: NT4 ? 2003

Status
Not open for further replies.
group6

group6

IS-IT--Management
May 19, 2005
42
US
NT4 domain has an internal (LAN) domain name of mycompanydomain which has nothing to do with the public domain name of xzy.org. Everything to be migrated to new Server 2003 domain. The public domain name of xzy.org will not be changing.

In the new AD domain, are there any guidelines, restrictions or must do's when it comes to naming the internal (LAN) domain name? Does it have to stay mycompanydomain?

Thanks!
 
Sort by date Sort by votes
yes and no, if you are doing an inplace upgrade then the netbios name for the old NT4 domain can stay and the AD name space can be different.

As far as guide lines are concerned.. go for something that doesn't have a real world TLD (ie don't go for a .com, .ad (Andorra) etc), it used to be the MS recommeneded .local but in recent years they have said too many people are doing that and to stop using it. You could always use something like .lan??

We did an upgrade about 6 months ago, we had an NT4 domain name of Domain but used a new name space for AD, we can resolve both name spaces using DNS and it works ok for us (long term plan is to remove the DOMAIN name space entirely).

Simon

The real world is not about exam scores, it's about ability.

 
Upvote 0 Downvote
Just be sure you dont make yourself a single labeled domain name (aka, be sure you specify the NetBIOS domain name where appropriate in the dcpromo wizard, and be sure you specify the FQDN of the domain where appropriate-mycompdanydomain.dom-for example)

BTW, in Windows 2003, you can rename the domain anyways :)

- Brandon Wilson
MCSE:Security00/03; MCSA:Security03
MCSA:Messaging00; MCP; A+
IT Pangaea (
 
Upvote 0 Downvote
ok guys, this is the way it is presently:

NetBIOS domain name: mycompanydomain
FQDN: xzy.org
PTR: proxy.xyz.org

What exactly is the AD namespace and how/where does it fit into the (new) picture?

Does the AD namespace require an extension- .lan, .357 etc?

What do you mean by "you can rename the domain anyways"?
 
Upvote 0 Downvote
ok so heres the deal...your Q&A for your questions there:

Q1: What exactly is the AD namespace and how/where does it fit into the (new) picture?
A1: The AD namespace relies on DNS, and not at all on WINS (but it can use NetBIOS over TCP/IP), and as a result the AD namespace actually consists of a NetBIOS domain name AND a fully qualified domain name for the domain, along with OU structures that are created to complete the LDAP paths... when we ask what the domain FQDN is, we mean the internal domain. Beginning with Windows 2000 Server beta and the introduction of active directory and the multimaster domain controller topology; all domains created now have an associated NetBIOS domain name, the same as NT4 did, as a simple name..in your case/example "mycompanydomain", along with a FQDN in the form of something like "mycompanydomain.dom". Typically, and by default when not performing an upgrade from NT4, the suggested NetBIOS name suffices, as it is the first 15 characters of the AD domain name before the extension (.com, .net, what have you)-if you have a name like intdomain.dom, your NetBIOS name would end up by default to be suggested as "intdomain". The dcpromo (Domain Controller Promotion Wizard) will ask you for these items. NOTE: If you are to perform a migration, the new domain name MUST have a different NetBIOS domain name than your NT4 domain (so if NT4 is named mycompanydomain, and if you are to migrate users and machines from the old domain into the AD domain, then you would want to use something different, such as CompanyHQ).


Q2: Does the AD namespace require an extension- .lan, .357 etc?

A2: YES. If you create a domain using only NetBIOS names in AD, you get what is called a single label domain name. This can and WILL affect all functions relating to active directory...anything from intermittent failed logon attempts, to the assured problems with DNS name resolution. AD requires DNS to function, and DNS requires fully qualified names to function properly.
The extension you use is irrelevant however. It can be anything you wish. Your internal domain name can even match your external domain name, however, this is not a good idea if you do not host your public web servers in-house as DNS configuration and reliability to your public resources can be much more troublesome. I still recommend naming your domain something other than your public domain name though either way. This does not mean it has to be entirely different....for example, if your public domain name is it-pangaea.com; you can create your internal domain as it-pangaea.dom, or it-pangaea.int, or it-pangaea.co....so as you see, the extension you choose to use is truly irrelevant. Even a client logging into the domain sees only the NetBIOS name, so if you use something like my example above, you can actually have employees logging onto systems where the domain dropdown list contains the netbios version of the equivalent of your public domain name...in my example, a user working for it-pangaea would have the domain it-pangaea listed in their domain list at the logon prompt.


Q3: What do you mean by "you can rename the domain anyways"?

A3: On Windows 2003 SP1 and above, there is a tool that can be used named rendom (rename domain). This tool can be used to rename the domain name of any given Win2003 domain providing it is in Windows 2003 forest and domain native modes. As an example, this tool could be used for situations such as aquisitions of other companies by a parent company who does not wish to extend the cost at the time to consolidate the existing domain into their infrastructure, but do wish the acquisition to change its namespace used. An example here would be if Fox Network bought HBO, and HBO uses an internal name before the acquisition of hbo.int, then rendom could meet the goal of changing the namespace to better suit the business model in this case, by renaming to something like hbo.foxnetwork.int...
I will say though, it is always better to carefully determine your internal name and ensure it is one that some C level guy might want to change later. The domain rename for the inexperienced (and even sometimes ther very experienced) can be a very tedious process with a lot of recoil fires to put out after the change.




Also as an add-on...something SimonDavies said above that should be corrected so people arent misinformed on this:

"As far as guide lines are concerned.. go for something that doesn't have a real world TLD (ie don't go for a .com, .ad (Andorra) etc), it used to be the MS recommeneded .local but in recent years they have said too many people are doing that and to stop using it."


COMMENTS: .local was not really a recommendation, it was meant as a suggestion only, and its just that a lot of people did put that same extension into play. The problem you are speaking of was prior to Windows 2003 and Windows 2000 SP3 (if I remember correctly)...
I won;t go too deep into this, as its an old problem that really isnt worth much discussion these days, but the problem layed in both client requests that the namespaces be able to match public domain names, but also changes in the way DNS functions occur within post Windows 2000 versions of Windows (2003+).
As I mentioned before, it is perfectly acceptable to use your external domain name as your public domain name..the real determinations to make are:

1. do i want to expose my internal domain name and DNS zone to the internet? There are factors within this factor: 1a. Do I host my own servers internally? 1b. Does my current public DNS entries point back to my router's public IP which then maps back to my public web server that is hosted internally? 1c. Do 1a and 1b not apply because all of my web servers are hosted externally?
2. Am I willing to perform manual maintenance within DNS to keep records for the public resources kept up to date? An example here, is that if your external name is referred to as then you need to create a record in DNS that points to the public IP address of the external web server hosting your site. The same applies for externally hosted mail servers.
The bottom line with using a public domain name as the internal name is this: since your internal domain name is the same as your public name, your DNS zone is effectively the end query place for all things with the domain name of your public domain. That means any queries a client makes for would NOT be routed through forwarders or root hints to any other DNS server and if the did not exist and did not point to the proper server, they will fail to access the site.
Make no mistake, the maintenance of these records is so simple that simple cannot really describe it accurately, as it makes it harder than it is...since your public IPs of your web servers are unlikely to change, you will most likely need to just set and forget these records....you just need to be sure to set them so they are not scavenged.

- Brandon Wilson
MCSE:Security00/03; MCSA:Security03
MCSA:Messaging00; MCP; A+
IT Pangaea (
 
Upvote 0 Downvote
Brandon, thanks for taking the time for all that. Without a doubt, I will be making the domain name something different. After your explanation, the choice is a no brainer.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
699
goombawaho
goombawaho
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
208
ADB100
ADB100
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
528
fredmartinmaine
fredmartinmaine
DTGMI
  • Locked
  • Question
Win 2003 & IBM X3350 M2 Server (7946AC1)
Replies
1
Views
111
technome
technome
froggy8
  • Locked
  • Question
cant add my windows 7 pc to my domain 1
Replies
3
Views
202
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top