Announcement

Collapse
No announcement yet.

AD naming

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD naming

    Greetings,
    Have a new server with windows 2012r2 standard installed on it. Getting ready to setup AD on the server.

    In reading online, noticed that there is a strong opinion about NOT naming your domain something like company.local. My question is since I am setting this up for a small local government (less than 10 client computers), and since they have no registered domain name, does the guidance against .local still stand?

    Would appreciate hearing thoughts/ideas on this subject.

    thanks.

  • #2
    Re: AD naming

    Apple devices used to have issues with the .local name. Do not know if it is still the case but until I it and know for sure I will not be using it.

    You could consider .lan or .tosser or .pullmyheadin . Ok the last 2 were silly but you should get the picture. Just avoid using a TLD.
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Re: AD naming

      Originally posted by ksukat View Post
      Greetings,
      Have a new server with windows 2012r2 standard installed on it. Getting ready to setup AD on the server.

      In reading online, noticed that there is a strong opinion about NOT naming your domain something like company.local. My question is since I am setting this up for a small local government (less than 10 client computers), and since they have no registered domain name, does the guidance against .local still stand?

      Would appreciate hearing thoughts/ideas on this subject.

      thanks.
      Yes. Nothing to say that in the future there would be a requirement.

      Is this "government" affiliated with a larger government? Is it a department of government?

      Comment


      • #4
        Re: AD naming

        Nope,
        this is a tiny town city government (< 1700 people).

        Since they do not have a registered domain name, is there a safe way to guess one?

        ie domain name of ad.XXX.gov or .com or .net ?

        thanks,.

        Comment


        • #5
          Re: AD naming

          What do they use for email addresses?
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: AD naming

            They use the ISP provided name.isp.net.

            Comment


            • #7
              Re: AD naming

              The mind boggles - 1700 local government employees without their own domain!

              Basically, either ask your national government (or whovever manages its IT) for a proper domain name and use that, or make a reasonable guess at something that will not clash elsewhere on the internet e.g. <mytown>.localgov

              The problem is that with top level domains becoming more "relaxed", it is possible that .localgov will eventually be used.
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment


              • #8
                Re: AD naming

                Sorry, but the entire town population is 1700. The city government is 10.

                I will try the guess (or get them to register a domain name).

                thanks.

                Comment


                • #9
                  Re: AD naming

                  You should not make up a domain name and you should not use a subdomain of a domain that you do not own (or in this case a domain that your client does not own). In the United States, the United States General Services Administration is responsible for the .gov cc TLD. Each state is responsible for it's own subdomain of the .gov cc TLD. You need to find out what entity in your state is responsible for registering domain names and then you should register an appropriate domain name for the client with this entity. Once you've done that you should create your AD with an unused subdomain of the parent domain name that you register.

                  Comment


                  • #10
                    Re: AD naming

                    Originally posted by ksukat View Post
                    In reading online, noticed that there is a strong opinion about NOT naming your domain something like company.local.
                    Where did you see this?

                    Most (actually, almost all) Active Directory domains serve closed network inside various organizations, and in such scenarios it makes no sense to use a registered domain name for Active Directory. Actually, it hardly ever makes sense to use a registered domain name (AD domains != Internet domains), so the recommendation tends to be either:
                    1. a domain with an invalid TLD (yourcompany.local, yourbusiness.internal, yourorganization.lan and so on), or
                    2. an unused/unregistered/invalid subdomain (ad.yourcompany.com, ad.yourorganization.org etc)

                    The Microsoft certification literature has usually recommended option 1, but in a rather peculiar manner: first, they show how one can install an AD domain using a name like contoso.com, which looks very much like a valid Internet domain name, and only afterwards do they mention that using a registered domain name typically makes it necessary to set up split-brain DNS and should therefore be avoided.

                    I believe this is because Microsoft actually owns "contoso.com" and a number of other domains used in MS Press books, and for legal reasons they want to stick to domain names they actually control in their literature.

                    Unless you're planning to run your AD DNS servers on the public Internet (and believe me, you don't want to do that), I say stick with a name that identifies your organization, followed by an invalid TLD suffix.

                    Comment


                    • #11
                      Re: AD naming

                      Originally posted by Ser Olmy View Post
                      Where did you see this?

                      Most (actually, almost all) Active Directory domains serve closed network inside various organizations, and in such scenarios it makes no sense to use a registered domain name for Active Directory. Actually, it hardly ever makes sense to use a registered domain name (AD domains != Internet domains), so the recommendation tends to be either:
                      1. a domain with an invalid TLD (yourcompany.local, yourbusiness.internal, yourorganization.lan and so on), or
                      2. an unused/unregistered/invalid subdomain (ad.yourcompany.com, ad.yourorganization.org etc)

                      The Microsoft certification literature has usually recommended option 1, but in a rather peculiar manner: first, they show how one can install an AD domain using a name like contoso.com, which looks very much like a valid Internet domain name, and only afterwards do they mention that using a registered domain name typically makes it necessary to set up split-brain DNS and should therefore be avoided.

                      I believe this is because Microsoft actually owns "contoso.com" and a number of other domains used in MS Press books, and for legal reasons they want to stick to domain names they actually control in their literature.

                      Unless you're planning to run your AD DNS servers on the public Internet (and believe me, you don't want to do that), I say stick with a name that identifies your organization, followed by an invalid TLD suffix.
                      It's considered to be current best practice to go with option 2, not option 1. It is not considered to be current best practice of using made up or invalid TLD's in your AD naming scheme.

                      Comment


                      • #12
                        Re: AD naming

                        Originally posted by joeqwerty View Post
                        It's considered to be current best practice to go with option 2, not option 1. It is not considered to be current best practice of using made up or invalid TLD's in your AD naming scheme.
                        Do you know of any particular reason why that is?

                        The only thing you accomplush by going with option 2, is that you create a non-valid subdomain that you cannot use on the Internet without introducing split-brain DNS issues on your internal network. On the other hand, you do open for the possibility that you could later integrate your AD DNS structure with your Internet DNS structure - which there really is no valid reason for anybody to want to do, ever.

                        The only reason I can see why one wouldn't want to use option 1, is that there is no officially allocated TLD for private use. We have no guarantee that somwhere down the line, ICANN won't decide to create a ".local" or ".lan" TLD on the Internet. It would have been nice to have a domain equivalent of the RFC 1918 ranges of IP addresses.

                        Comment

                        Working...
                        X