domain controller

Topic

New Reply

Hi everyone,

I’m going to set up a new domain controller on a windows server 2008 R2.
If I choose .com for the domain controller name, let’s say eddie89.com do I have to own this domain name site?
If I choose .local, eddie.local, what’s prohibited to my network pc’s which will be part of this domain?
so what’s the main difference between .com & .local on domain controller name?

Many thanks in advance!

Reply | Quote

Replies

There is no difference, they are just text.
Stick to .local as there is no issue with conflicting domain names and you can always add a public domain at a later date – public domains are just names used by your web and mail servers and have nothing to do with your AD name.

cheers, Paul

Reply | Quote

thanks Paul
so I could use .com with no problem?
and using .local does not effect my internet access?

Reply | Quote

Using a .com address is acceptable, but if it’s the same as an already existing public one and you have internet access, your PCs will never be able to reach the public address. Using a .local allows your PCs to access all internet sites without issue and does not affect your ability to also host an internet facing service.

cheers, Paul

Reply | Quote

Bear in mind that very soon, if not already, it will not be possible to obtain an SSL cert for a .local domain name. That may or may not be an issue now, but if it becomes one in the future you might encounter lots of trouble trying to rename your domain.

Microsoft guidance in the subject is vague and contradictory. In the past, I have always implemented .local, but just now am planning migration to a new domain in the the office and seriously considering implementing that as a FQDN.

Updating DNS with an A record for the public website is a very quick fix to overcome the access for client PC’s.

Here’s a couple of discussions over at Spiceworks:

http://community.spiceworks.com/topic/347097-creating-a-new-domain-use-local

http://community.spiceworks.com/topic/279196-impact-of-no-more-local-ssl-certs-following-nov-1-2015

Reply | Quote

it will not be possible to obtain an SSL cert for a .local domain name.

This is never an issue because your .local domain is never internet facing. If you use an SSL internally it will be generated by your CA and is automatically trusted.

cheers, Paul

Reply | Quote

many thanks guys
I need some help on another topic please.
I want to make a rule/gpo to block the access to some websites from all my domain users.
I need this to function in IE, Mozilla, Chrome

Any suggestion?
Thank you!

Reply | Quote