It’s quite uncommon to get to setup a new company Active Directory infrastructure from scratch. Usually a customer has some kind of infrastructure in place already which I then help manage, maintain and enhance.
However recently I’ve been tasked with setting up a brand new company’s infrastructure and one of my first tasks was to name the Active Directory domain.
There are a number of possible scenarios:
- You could use a .local or other non-routable domain
- You could use an external domain (Split brain DNS)
- You could use a similar domain to your fqdn e.g. .net instead of .com
- You could use a sub domain of your fqdn
But which is best?
I guess that depends on your specific scenario.
Certainly if SSL certificates are going to be involved at all (think Exchange) then non-routable domains are out due to recent changes.
After doing some research on the Internet there is no definitive answer, however I have found lots of articles relating to the best practices when naming an Active Directory domain. Rather than duplicate the work of others I have provided links below to some of the most useful webpages I found:
(Incidentally, I went for a sub domain of the fqdn).