Networks

well public domain names are .com/org/net/biz/info/ blah blah blah. naming your internal network to a non public domain name e.g. .local/.network/.ours/.theirs/ blah blah makes getting in and access through joining the domain a little harder to do. When using the \domain\user to join a domain if the domain is public then its easy to know the domain name to use. Just look it up in Who Is. Then its a matter of getting a user name and password. If the domain is non public the \domain is harder to figure out because it could be anything like domain.theirs or domain.ours or domain.local or whatever. You can't join the domain.theirs domain using the domain.com/org/biz etc available publically using \domain\user.

I guess I was wondering if I should use mycompany.com, or mycompany.local. I'm confused about which to use when. While my web site is mycompany.com, this will also be the box where my users log in and authenticate. I've heard that using a domain named the same as your public domain can cause problems, but I'm not sure of specifics.

Unless you are hosting web servers in your internal AD network (BAD BAD IDEA), you should always use XYZwhatever.local on internal networks for just the reasons CG mentioned.

In your externally facing servers, you can use your public registration name by placign them in an external domain which trusts your domain, but you do not trust it.

Ok, so if I name this new domain mycompany.local and DO NOT put my public web sites and IIS on the domain controller (they are not now, nor was I indending to), and have IIS and all my web sites on another server (they are now), do I need to make that web server box a domain controller but name it mycompany.com? So that box would not be a part of the domain?

It doesn't matter what you name your internal domain. You can still host your website company.com and all the others. You could host them on your domain controller but I would not advise that. I personally would make the webserver a standalone and put it on a dmz.

correct. You have your web server off somewhere away from your network. If you can afford it on a seperate line with a seperate IP address. Never have a web server on your Active Directory network. As Bfilm says bad bad bad.

However! there is one way to have your web server on your network and have it secure. That is with Microsoft's ISA Server 2000/2004. ISA Server at the perimeter acts as a proxy or go between. The requesting computer never actually connects with the web server. ISA gets the web page from the web server for the requesting computer and send it to them. Barring setting up ISA server, as the other posters said , put the web server on a seperate subnet preferably on its own line.

Suresh