In part 10 of this mini-series, I’ll look at how to configure the virtual directories used by Exchange 2013. We’ll need to configure these to match the FQDNs we request on our SSL certificate.
It’s assumed that split-brain DNS will be setup for the configuration to work. The essenace of split-brain DNS is that your external domain name is also configured on your internal DNS servers, but the A records on the internal DNS server point to the internal IP address of the server whereas the domain name configured on your external DNS servers point to the external IP address of your server. So whether a client is internal or external the FQDN will always resolve to the correct IP address.
In part 9 of this mini-series, I’ll look at how to configure the Fully Qualified Domain Name (FQDN) of the Default Frontend receive connector in Exchange 2013.
Firstly a warning: Don’t modify the FQDN value on the default Receive connector Default that’s automatically created on Mailbox servers. If you have multiple Mailbox servers in your Exchange organization and you change the FQDN value on the Default Receive connector, internal mail flow between Mailbox servers fails.
In a single Mailbox server environment to change the Default Frontend receive connector FQDN follow the steps below.
It’s quite uncommon to get to setup a new company Active Directory infrastructure from scratch. Usually a customer has some kind of infrastructure in place already which I then help manage, maintain and enhance.
However recently I’ve been tasked with setting up a brand new company’s infrastructure and one of my first tasks was to name the Active Directory domain.
There are a number of possible scenarios:
You could use a .local or other non-routable domain
You could use an external domain (Split brain DNS)
You could use a similar domain to your fqdn e.g. .net instead of .com
You could use a sub domain of your fqdn
But which is best?
I guess that depends on your specific scenario.
Certainly if SSL certificates are going to be involved at all (think Exchange) then non-routable domains are out due to recent changes.
After doing some research on the Internet there is no definitive answer, however I have found lots of articles relating to the best practices when naming an Active Directory domain. Rather than duplicate the work of others I have provided links below to some of the most useful webpages I found: