New2This-AD

First of all please forgive me for my ignorance but I come from a Cisco background and I’m new to AD. I’m getting ready to implement a new Windows 2008 Active Directory in a new infrastructure (server/hosting location) and I need some help selecting/defining my domain name. The infrastructure will be used to host an internet site built on .net that provides users with the ability to complete workflows over the internet. The site is currently up and running but hosted by a partner (who has not been providing the best uptime). We will call the site www.getrdone.com. The site has a public facing web server (in a DMZ) that communicates with application and DB servers behind a firewall. DNS services for the site are currently handled by a public DNS server, so when a user wants to go to www.getrdone.com they are redirected to my web server. The current environment is not part of an AD. I want to build a windows 2008 AD in the new environment and make all of the servers apart of the AD for security and management purposes. My plan is to add two AD-DC’s on the internet network and have the web server authenticate with the AD-DC’s on the internal network. All servers will run windows 2008.

Here is my question, can I make the domain name of my Active Directory getrdone.com or will I have a problem because www.getrdone.com is already being resolved by a public web server? Do I have to make it a sub domain, something like internal.getrdonw.com? If I do have to make it a sub domain so to speak (internel.getrdone.com) can it still be an active directory integrated zone? What’s confusing me is the fact that the name is already associated with a public website and DNS resolutions is already taking place by a public DNS server that will not be in my network. Any thoughts, best practices, or ideas you have would be very much appreciated.


THANKS!!!!!!!!!
Daniel

Klint

what I am going to say and what someone else will say are going to be different BUT from my experience, DNS & security standpoint it isn't a great idea to have your web address and your domain the same.

It shouldn't hurt anything to have gtrdomain.com to be your internal domain name or will it?

bilbus

Unless this is going to be the root of the domain name, then don't use it for your AD name. So if you have a existing setup that uses the name i would but a diffrant name for your AD .. or use .local.

As for installing AD, it needs to be something.xxx

so
something.com OK
internal.something.com NOT OK

Once you create Something.com, you can create a sub domain internal.something.com

bdesmondMVP

I don't see the security issue with having the internal network be on the same DNS namespace as external. Goto your average large org and this is how AD is deployed.

To answer the OP's question, yes you can use the same name for both. You'll need to shadow records in the internal namespace, so you'll need a copy of the www record, the MX record, etc in order for them to be resolveable by clients which are pointing to AD DNS.