It’s quite uncommon to get to setup a new company Active Directory infrastructure from scratch. Usually a customer has some kind of infrastructure in place already which I then help manage, maintain and enhance.
However recently I’ve been tasked with setting up a brand new company’s infrastructure and one of my first tasks was to name the Active Directory domain.
There are a number of possible scenarios:
You could use a .local or other non-routable domain
You could use an external domain (Split brain DNS)
You could use a similar domain to your fqdn e.g. .net instead of .com
You could use a sub domain of your fqdn
But which is best?
I guess that depends on your specific scenario.
Certainly if SSL certificates are going to be involved at all (think Exchange) then non-routable domains are out due to recent changes.
After doing some research on the Internet there is no definitive answer, however I have found lots of articles relating to the best practices when naming an Active Directory domain. Rather than duplicate the work of others I have provided links below to some of the most useful webpages I found:
Here is a quick and easy way to find out the location of the FSMO roles. It works from Windows 2008 to Windows 2012, I’ve not tried it on 2003, but then you should of upgraded by now anyway!
Open a Command Prompt.
Type: netdom query FSMO
Obviously on my SBS server above they are all going to be in one place, but in larger environments, they will quite often be split up and moved from server to server as and when new hardware is introduced and old hardware retired.