[Samba] Samba 4 AD DC and BIND

Thomas Simmons twsnnva at gmail.com
Sun Mar 17 16:26:30 MDT 2013

On Sun, Mar 17, 2013 at 5:14 PM, Michael Leone <turgon at mike-leone.com>wrote:

> On Sun, Mar 17, 2013 at 5:10 PM, Thomas Simmons <twsnnva at gmail.com> wrote:
> > Ideally you should not use the same domain name for your AD domain.
> > Microsoft used to use "domain.local" for a default configuration, but
> this
> > can cause problems with certain external services (Exchange/Office365 for
> > example) and it also conflicts with some "local" Apple services if you
> have
> > Macs on your networks. You could also purchase and use "domain.net" if
> it's
> > available. Finally, what I did was use a sub-domain for AD (I used
> > internal.domain.com but others use ad.domain.com, etc...) If you really
> > must use your external FQDN, a split-dns setup (your last statement) is
> > probably going to be your only option.
> MS guidelines for AD domain names:
> Naming conventions in Active Directory for computers, domains, sites, and
> OUs
> < http://support.microsoft.com/kb/909264 >
> Hi Michael,
As I noted, Microsoft changed the recommended ".local" some time ago. Back
in the 2003/R2 days dcpromo suggested a .local extension by default. This
turned out to cause some headaches when using certain off-site services (if
you want auth tied into AD) and have since changed their recommendation.
Another problem with using "domain.com" is that most people want that to
resolve to their main website, though if you are running AD it will resolve
to your DC. The only solution I know of is to install IIS (Apache if S4)
and have it redirect requests to the web server hosting your website. Could
be a bit of extra work if you have many DCs.

More information about the samba mailing list