Active Directory Domain Naming Best Practices

Windows Server 2012 R2

It’s quite uncommon to get to setup a new company Active Directory infrastructure from scratch. Usually a customer has some kind of infrastructure in place already which I then help manage, maintain and enhance.

However recently I’ve been tasked with setting up a brand new company’s infrastructure and one of my first tasks was to name the Active Directory domain.

There are a number of possible scenarios:

  • You could use a .local or other non-routable domain
  • You could use an external domain (Split brain DNS)
  • You could use a similar domain to your fqdn e.g. .net instead of .com
  • You could use a sub domain of your fqdn

But which is best?

I guess that depends on your specific scenario.




Certainly if SSL certificates are going to be involved at all (think Exchange) then non-routable domains are out due to recent changes.

http://www.networking4all.com/en/ssl+certificates/faq/change+san+issue/

https://www.digicert.com/internal-names.htm

After doing some research on the Internet there is no definitive answer, however I have found lots of articles relating to the best practices when naming an Active Directory domain. Rather than duplicate the work of others I have provided links below to some of the most useful webpages I found:

http://blogs.msmvps.com/acefekay/2009/09/07/what-s-in-an-active-directory-dns-name-choosing-a-domain-name/

http://www.mdmarra.com/2012/11/why-you-shouldnt-use-local-in-your.html

https://technet.microsoft.com/en-us/library/bb727085.aspx

http://blog.varonis.com/active-directory-domain-naming-best-practices/

http://exchangeserverpro.com/ssl-requirements-for-exchange-when-certificate-authorities-wont-issue-certificate/

https://acbrownit.wordpress.com/2013/04/15/active-directory-domain-naming-in-the-modern-age/

(Incidentally, I went for a sub domain of the fqdn).

 Related Posts:

1. How to install Exchange 2013 (SP1) on Windows Server 2012 R2

2. How to reset the Directory Services Restore Mode (DSRM) password

3. How to install Exchange 2010 (SP3) on Windows Server 2012



Leave a Reply

Your email address will not be published. Required fields are marked *