Questions

Answer for:

Create a private network with the same or similar domain name

Message 4 of 4

View entire thread
+
0 Votes
JPElectron

Let's say your public domain (website) is: example.com

You should avoid using just that for any internal active directory network (it will cause you problems later on with DNS names, and possibly leak internal FQDN/records to the Internet which is a security risk).

When setting up active directory you can still use your public domain, but the AD should be a separate zone, this is often referred to as NetBios domain name, or pre-Windows 2000 domain name, for example...

internal.example.com or private.example.com

You can also use any of the following non-public and un-registerable root domains like...

.test
.example
.invalid
.localhost

...or with a NetBios domain...

newco.test
newco.example
newco.invalid
newco.localhost

In any case, the second "zone" (really a sub-domain) is what will show up in the "logon to" drop-down box at CTRL+ALT+DEL, for example...

FQDN: internal.example.com Logon domain: INTERNAL
Full computer names: pc1.internal.example.com, pc2.internal.example.com, server5.internal.example.com, etc.

FQDN: newco.example Logon domain: NEWCO
Full computer names: pc1.newco.example, pc2.newco.example, server5.newco.example