Posted: Wed May 11, 2011 6:09 pm Post subject: Advice Creating a Windows 2008 R2 Sub Domain
We're about to upgrade our domain Windows 2008 R2. Currently our domain is called something like MYOFFICE.MYCOMPANY.ORG, and so access to the company website which runs from our perimeter is unavailable when we type www.mycompany.org. After checking our DNS etc I beleive that this is because of the sub domain MYOFFICE.
One of the suggestions to work around this issue under the upgrade is to create a domain called MYCOMPANY.ORG and then a sub domain MYOFFICE.MYCOMPANY.ORG, this would allow a DNS server within MYCOMPANY.ORG to point to the website and they can then be accessed by URL.
My questions are...
1. Is this the right way to go about this, if so is there an article available describing the process?
2. Is there an easier way of resolving this issue?
First it is important to understand the difference between a Microsoft Active Directory Domain Services (AD DS) domain, formerly called simply Active Directory domain and an Internet Domain.
AD DS domains are names that represent an instance of the proprietary Microsoft directory services paradigm. Unlike NT domains which used Windows naming services (WINS) for name resolution, AD DS domains use the domain name system (DNS) for name resolution.
It is this using of the DNS system for name resolution where the collision of the term "domain" causes confusion.
Your AD DS domain is "myoffice.mycompany.org." The AD DS Domain Controllers (DC's) in your AD DS domain run Microsoft DNS Server. In the Microsoft DNS Server console (dnsmgmt.msc) on your DC's you will see a list of forward lookup *zones* -- that share the same name as your AD DS domain. These zones are considered Active Directory Integrated zones and not traditional Primary/Secondary DNS zones as one would see on a stand-alone DNS server not affiliated with AD DS. AD DS's tight integration with DNS is one of the great advantages of the AD DS directory service platform. Understanding DNS fundamentals is paramount to having a properly functioning AD DS environment.
--** ANSWER **--
If I understand your question correctly, you have problems resolving www.mycompany.org from within your organization?
If that is the case, and you have an AD DS domain "myoffice.mycompany.org" with corresponding AD integrated DNS zone and you DO NOT have another zone for "mycompany.org" in on your DC's then there is likely an easy fix...
Create an AD integrated zone (so that it is easily replicated) called "www.mycompany.org" on your DC's and create an A record pointing to the IP of the correct webserver that is accessible. Oftentimes within an organization this IP is the private address of the webserver if the webserver lives within the organization.
It is important to create the zone as "www.mycompany.org" and not "mycompany.org." If you were to create the zone as "mycompany.org" then you would likely have to replicate more records than just the "www" record. By creating the zone as "www.mycompany.org" you avoid having replicate/override other records like "mail.mycompany.org" or other equivalents.
When creating the actual A record, be sure to leave the "Name" field blank and *not* mistakenly add a "www" -- we have already addressed the "www" in the zone name itself.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Looking for more Windows Networking info?
Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing! View a sample newsletter.
Become a WindowsNetworking.com member!
Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!