I'm setting up a new company domain. I've registered a domain name online (let's say mycompany.com). I have a web site online (let's say www.mycompany.com) that is currently hosted for us. I have several other web sites (let's say www.employeesonly.mycompany com, www.webmail.mycompany.com, etc.) that I host myself on our internal servers. We're setting up a new corporate office, new servers, new everything. I have the opportunity to set this up right. I've heard that it's best NOT to name your windows domain the same as your public domian (so not mycompany.com). Is this true? What are the standard naming conventions for a windows domain? Any tips for doing this right would be helpful. Thanks, Sean
This conversation is currently closed to new comments.
well public domain names are .com/org/net/biz/info/ blah blah blah. naming your internal network to a non public domain name e.g. .local/.network/.ours/.theirs/ blah blah makes getting in and access through joining the domain a little harder to do. When using the \domain\user to join a domain if the domain is public then its easy to know the domain name to use. Just look it up in Who Is. Then its a matter of getting a user name and password. If the domain is non public the \domain is harder to figure out because it could be anything like domain.theirs or domain.ours or domain.local or whatever. You can't join the domain.theirs domain using the domain.com/org/biz etc available publically using \domain\user.
I guess I was wondering if I should use mycompany.com, or mycompany.local. I'm confused about which to use when. While my web site is mycompany.com, this will also be the box where my users log in and authenticate. I've heard that using a domain named the same as your public domain can cause problems, but I'm not sure of specifics.
Unless you are hosting web servers in your internal AD network (BAD BAD IDEA), you should always use XYZwhatever.local on internal networks for just the reasons CG mentioned.
In your externally facing servers, you can use your public registration name by placign them in an external domain which trusts your domain, but you do not trust it.
Ok, so if I name this new domain mycompany.local and DO NOT put my public web sites and IIS on the domain controller (they are not now, nor was I indending to), and have IIS and all my web sites on another server (they are now), do I need to make that web server box a domain controller but name it mycompany.com? So that box would not be a part of the domain?
It doesn't matter what you name your internal domain. You can still host your website company.com and all the others. You could host them on your domain controller but I would not advise that. I personally would make the webserver a standalone and put it on a dmz.
correct. You have your web server off somewhere away from your network. If you can afford it on a seperate line with a seperate IP address. Never have a web server on your Active Directory network. As Bfilm says bad bad bad.
However! there is one way to have your web server on your network and have it secure. That is with Microsoft's ISA Server 2000/2004. ISA Server at the perimeter acts as a proxy or go between. The requesting computer never actually connects with the web server. ISA gets the web page from the web server for the requesting computer and send it to them. Barring setting up ISA server, as the other posters said , put the web server on a seperate subnet preferably on its own line.
the web server isn't part of a domain and doesn't need to be. You need DNS to resolve your public IP address to a name and you need somewhat to point public users web requests http [port 80] or https [port 443] to the web servers ip address [a router with port fowarding works well but thats it.
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
New Domain Name
Thanks,
Sean