• Twitter
  • FaceBook

Security Forums

Log in

FAQ | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Advice Creating a Windows 2008 R2 Sub Domain

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Windows

View previous topic :: View next topic  
Author Message
Just Arrived
Just Arrived

Joined: 27 Jul 2006
Posts: 0


PostPosted: Wed May 11, 2011 6:09 pm    Post subject: Advice Creating a Windows 2008 R2 Sub Domain Reply with quote


We're about to upgrade our domain Windows 2008 R2. Currently our domain is called something like MYOFFICE.MYCOMPANY.ORG, and so access to the company website which runs from our perimeter is unavailable when we type www.mycompany.org. After checking our DNS etc I beleive that this is because of the sub domain MYOFFICE.

One of the suggestions to work around this issue under the upgrade is to create a domain called MYCOMPANY.ORG and then a sub domain MYOFFICE.MYCOMPANY.ORG, this would allow a DNS server within MYCOMPANY.ORG to point to the website and they can then be accessed by URL.

My questions are...
1. Is this the right way to go about this, if so is there an article available describing the process?

2. Is there an easier way of resolving this issue?

Thanks for any help!
Back to top
View user's profile Send private message
SF Staff
SF Staff

Joined: 15 Nov 2010
Posts: 0


PostPosted: Mon May 16, 2011 7:23 pm    Post subject: Reply with quote

You can create a CNAME pointing to your present server and there'so need to perform an upgrade!
Back to top
View user's profile Send private message Visit poster's website
Trusted SF Member
Trusted SF Member

Joined: 04 Jan 2003
Posts: 0
Location: WI, USA


PostPosted: Fri May 20, 2011 3:08 am    Post subject: Reply with quote


First it is important to understand the difference between a Microsoft Active Directory Domain Services (AD DS) domain, formerly called simply Active Directory domain and an Internet Domain.

AD DS domains are names that represent an instance of the proprietary Microsoft directory services paradigm. Unlike NT domains which used Windows naming services (WINS) for name resolution, AD DS domains use the domain name system (DNS) for name resolution.

It is this using of the DNS system for name resolution where the collision of the term "domain" causes confusion.

Your AD DS domain is "myoffice.mycompany.org." The AD DS Domain Controllers (DC's) in your AD DS domain run Microsoft DNS Server. In the Microsoft DNS Server console (dnsmgmt.msc) on your DC's you will see a list of forward lookup *zones* -- that share the same name as your AD DS domain. These zones are considered Active Directory Integrated zones and not traditional Primary/Secondary DNS zones as one would see on a stand-alone DNS server not affiliated with AD DS. AD DS's tight integration with DNS is one of the great advantages of the AD DS directory service platform. Understanding DNS fundamentals is paramount to having a properly functioning AD DS environment.

--** ANSWER **--

If I understand your question correctly, you have problems resolving www.mycompany.org from within your organization?

If that is the case, and you have an AD DS domain "myoffice.mycompany.org" with corresponding AD integrated DNS zone and you DO NOT have another zone for "mycompany.org" in on your DC's then there is likely an easy fix...

Create an AD integrated zone (so that it is easily replicated) called "www.mycompany.org" on your DC's and create an A record pointing to the IP of the correct webserver that is accessible. Oftentimes within an organization this IP is the private address of the webserver if the webserver lives within the organization.

It is important to create the zone as "www.mycompany.org" and not "mycompany.org." If you were to create the zone as "mycompany.org" then you would likely have to replicate more records than just the "www" record. By creating the zone as "www.mycompany.org" you avoid having replicate/override other records like "mail.mycompany.org" or other equivalents.

When creating the actual A record, be sure to leave the "Name" field blank and *not* mistakenly add a "www" -- we have already addressed the "www" in the zone name itself.

Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Windows All times are GMT + 2 Hours
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Looking for more Windows Networking info?

Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing!
View a sample newsletter.

Become a WindowsNetworking.com member!

Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred data recovery solution?

Follow TechGenix on Twitter