Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

New AD Setup Question

Status
Not open for further replies.
ermora

ermora

IS-IT--Management
Apr 5, 2004
70
US
I've searched and didn't find an answer....

I need a check here, Microsoft suggests;
When choosing DNS names to use for your Active Directory forest, start with the registered DNS domain suffix that your organization has reserved for use on the Internet, such as microsoft.com.
Click to expand...

but others say to use the .local or other non-Internet reserved domain suffix -AND- they don't recommend using sub-domains (example hq.microsoft.com)

I'm about to setup a new forest, new ad, etc. and just want to ensure that I won't be doing it again. Our company has two physical locations (with a third location in the works) and because of this, I was think along the lines of sub-domains, but it seems that's a no-no.

I'll take any pointers/suggestions/recommendations

Regards
 
Sort by date Sort by votes
You don't explain why you think sub-domains are your initial direction. Generally, unless you're going to split administration off for just that domain, a single domain is probably fine. You won't need to deal with trust related issues, administration is more streamlined, etc.

Watch out for the name you pick. Some choices, such as .local, may bring up issues like those with Macs.

Pat Richard
Microsoft Exchange MVP
Contributing author The Complete Reference: Microsoft Exchange Server 2007
 
Upvote 0 Downvote
Pretty much since 2000 came out there is very few reasons to have sub domains unless you a unusual management structure in the way things are administered or its some sort of migration or merger between separate companies.

About the only compelling reason to use a subdomain these days is if you have some geographical challenging sites to get bandwidth in and if you are in that scenario you really want to talk to a engineer as there are a lot of tricks to doing a good working design.

Definitely don't use your external dns name for your company as that causes all sorts of technical challenges from a dns perspective. Instead use .local or .int.
 
Upvote 0 Downvote
So I went with what MS recommends and created the DNS using the companies reserved DNS domain suffix.

I DCPROMO the new 2k3 R2 server and went through the hoops to setup the new forest/domain. All checks out with DCDiag and NetDiag.

I hope I don't regret this....

Quick question while I'm here. I just setup a second W2K3 R2 server and also updated it with SP1. I went to try and join it to the newly created domain but I keep getting an error (Timeout....). I went over the DC to ensure all was set - it's fine. The only way I was able to join this new server to that DC was to disable the Firewall on the DC.

Now I don't want to run without it (even though the company network is behind a hardware firewall - cicsco pix device).

Any recommendations to getting the DC to operate properly WITH the firewall turned on?

Regards,
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
307
suncit
suncit
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
137
DrB0b
DrB0b
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
197
DTGMI
DTGMI
bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
105
DrB0b
DrB0b
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
383
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top