 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Windows Server 2003 / Setup / October 2008.com to .local
Many years ago when Windows 2000 Server came out I setup our interal AD using our public domain name [say domain.com] as the internal domain name as that seemed to be the recommended way at the time? In any case, since then it became clear that it would be better for our internal domain to be different [say domain.local]. Not knowing how to change this I have steadly upgraded the Server OS's maintaining this name in the AD. My current configuration looks like this: 2 Domain controllers running Windows Server 2003 sp2 1 Exchange 2007 Server running on Windows Server 2003 R2 SP2 x64 [also our web server] 2 Terminal Servers -1 running 2003 and one running 2008[experimental] 15 XP/Vista workstations All are members of the domain. Is it advisable to somehow get the workstations and Terminal Servers onto a .local domain even if leaving the Exchange Server on the domain.com? Could this be accomplished by simply setting up a new domain controller for the .local domain and having the terminal servers and workstations join that domain and then establish a trust relationship between the .local and .com domains? Is there a better [more secure] setup that is achievable [can we get there from here?]? Any advice would be deeply appreciated. I may not know what to do but I can follow instructions ;)  SignatureThis stuff makes my hair hurt.....but I still love it! > Many years ago when Windows 2000 Server came out I setup our interal > AD using our public domain name [say domain.com] as the internal > domain name as that seemed to be the recommended way at the time? Not sure if it was ever "recommended" officially, but plenty of people did, and do, just that. > In > any case, since then it became clear that it would be better for our > internal domain to be different [say domain.local]. Why? There's no actual requirement for that. What problems are you having? A domain rename process is not for the faint of heart. I'd do nearly anything to avoid it, especially when Exchange is in the picture. > Not knowing how > to change this I have steadly upgraded the Server OS's maintaining > this name in the AD. My current configuration looks like this: > 2 Domain controllers running Windows Server 2003 sp2 > 1 Exchange 2007 Server running on Windows Server 2003 R2 SP2 x64 > [also our web server] OT, but I sure hope that isn't a public-facing website. That shouldn't be on your LAN at all, let alone on your Exchange server. > 2 Terminal Servers -1 running 2003 and one running 2008[experimental] > 15 XP/Vista workstations > All are members of the domain. Is it advisable to somehow get the > workstations and Terminal Servers onto a .local domain even if > leaving the Exchange Server on the domain.com? No, it isn't possible (if I understand what you're getting at) - Exchange would need to be on the "new" domain as well. > Could this be > accomplished by simply setting up a new domain controller for the > .local domain and having the terminal servers and workstations join > that domain and then establish a trust relationship between the > .local and .com domains? Oy. No need for that. What a load of work that would be - and too complex for such a small network. No > Is there a better [more secure] setup that > is achievable [can we get there from here?]? Perhaps you're already there. > Any advice would be > deeply appreciated. I may not know what to do but I can follow > instructions ;) I think you're about to jump off a cliff here, and you haven't explained why you want to do it. What problems are you having? "Split brain DNS" is not a death sentence. Plenty of people set up AD this way on purpose. If you have a publicly hosted website, or any host on your public domain, just set up a corresponding host record in your internal forward lookup zone (e.g., www --> public IP address). Thanks for the reply. My only concern is security. Sounds like from your replies the only 'bad' item here is hosting the company's public website on the same server that runs Exchange? If so I can remedy that easy enough. Curious why that is an issue? Thanks again. Signature> > Many years ago when Windows 2000 Server came out I setup our interal > > AD using our public domain name [say domain.com] as the internal [quoted text clipped - 54 lines] > corresponding host record in your internal forward lookup zone (e.g., > www --> public IP address). > Thanks for the reply. My only concern is security. From a security standpoint, there is absolutely no reason to worry about your AD domain name matching your Internet domain name. > Sounds like from > your replies the only 'bad' item here is hosting the company's public > website on the same server that runs Exchange? If so I can remedy > that easy enough. Yep - do so. > Curious why that is an issue? Thanks again. Should it get compromised (and port 80 attacks are *common*) the bad guys are on your LAN, in your Actibe Directory. Get an external webhosting account with a reputable provider. Limit inbound access to your servers to the absolute bare minimum. I'd close inbound 80 entirely and for OWA, use SSL and forms-based authentication. >>> Many years ago when Windows 2000 Server came out I setup our interal >>> AD using our public domain name [say domain.com] as the internal [quoted text clipped - 56 lines] >> record in your internal forward lookup zone (e.g., >> www --> public IP address). Understood. Proceeding on this advice asap. Thanks again. Signature> > Thanks for the reply. My only concern is security. > [quoted text clipped - 76 lines] > >> record in your internal forward lookup zone (e.g., > >> www --> public IP address). |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2010 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.