Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Active Directory Forest Root Domain Naming Convention and DNS Questions


  • Please log in to reply
5 replies to this topic

#1 David Ashcroft

David Ashcroft

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 PM

Posted 14 October 2014 - 06:34 PM

It seems that Microsoft recommend that you use your companyname.com for example as the forest root domain name.

 

I originally didn't follow this, for example, i called my forest root WOODLANDS.FARM. At the time .FARM would not have been a valid TLD so i knew it wouldn't conflict with any external site in terms of DNS.

 

Now that .FARM is a valid TLD, the actual domain name www.woodlands.farm has been taken and is registered with GoDaddy. If i try to visit that website externally, off site from the company it works fine and you can access it. However, if you try to get to WOODLANDS.FARM from within the company network, it directs me to the local intranet, which is what i would expect. 

 

At this point, although unlikley, what if a person from within the company needed to get to the external website www.woodlands.farm? It will just redirect them to the intranet. 

 

Why do Microsoft recommend that you use this naming convention if that is the case? Do i just go into DNS and change it so that it no longer links to the intranet? The last thing i want to do is mess around with DNS and then break Active Directory in some way!

 

I hope that makes sense and that someone can clear this up.

 

Thanks very much!



BC AdBot (Login to Remove)

 


#2 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:01:49 AM

Posted 14 October 2014 - 07:26 PM

There is a few things you could do but for a quick fix i would create a redirect page in IIS which points them to the external IP of the site.

I had a similar issue but for me it was as simple as changing the proxy server to point to external website.



#3 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:04:49 PM

Posted 15 October 2014 - 01:02 AM

If it is only the Website that you are immediately worried about, then simply go in DNS manager into the woodlands.farm domain and add an A record for the  external IP of the public Webserver.

 

The would work same for any other names in external DNS that do not clash with similar names inside the network.

 

I'm not sure that JohnnyJammers idea above would work in all situations, as the redirected request would reach the external webserver with the wrong host header (IP address rather than requested server name). As most public websites are on shared servers, IP address is not enough to identify the site.

 

x64



#4 David Ashcroft

David Ashcroft
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 PM

Posted 16 October 2014 - 02:53 AM

It just seems a bit silly that Microsoft recommend this method when changes with DNS have to be made from their default set-up when you create an Active Directory Domain.

 

Thanks! 


Edited by David Ashcroft, 16 October 2014 - 02:58 AM.


#5 sflatechguy

sflatechguy

  • BC Advisor
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 17 October 2014 - 12:43 PM

In cases like this, Microsoft recommends you use a subdomain of your public domain name as your forest root domain. So, in this case, you should have registered woodland.farm, then made the forest root domain something like ad.woodland.farm or corp.woodland.farm.

 

Using this public registered domain as the forest root causes just the issue you've described. One recommended fix, as x64 pointed out, is to create a DNS host entry on your local DNS for www.woodland.farm pointing to the IP address.



#6 David Ashcroft

David Ashcroft
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 PM

Posted 22 October 2014 - 08:59 AM

Thanks for that, that makes more sense :) 

 

Much appreciated!! 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users