|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
use of .local domain for remote site vs rea domain namewe are adding a remote site that will be connected to HQ via permanent IPSEC link PIX to PIX. I am told that we may be changing our domain name in HQ therefore I do not wish to use site or subdomain in that new location - instead I am considering two-way trust and a separate domain - it is a separate company anyway, well it is complicated. Instead of using a domain name like c2.com in that remote location can I setup the domain as c2.local and considering we will have this link setup from PIX to PIX between the sites should I be able to create the trust between the two windows domains - between c2.ocal and our domain x.com? Also will I be able in the future to setup that remote site c2.local to have a FQDN on the outside like c2.com should we need to? Any links appreciated on how to do that. Thanks G This one of the solution in designing naming of forest root domain. What you
have done was to have a complete break between your AD domain and your company internet presence domain. This will ensure pubic users can't access your internal AD naming in terms of security. What you need to do is to have an internal DNS which host all the internal records for the .local domain. Create another external DNS and place it on the DMZ which only host those publicly access servers on the DMZ for outside users. The internal DNS is configure to forward all external requests from the clients to the external DNS. Those external calls from internet will be intercept by the front firewall and forward to the respective servers in the DMZ by means of server publishing. Below are links for an in-depth understanding about DNS design, though is rather lengthy. http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/plan/bpaddsgn.mspx http://www.microsoft.com/technet/community/columns/cableguy/cg1200.mspx HTH. Show quoteHide quote "George" wrote: > hi, > > we are adding a remote site that will be connected to HQ via permanent IPSEC > link PIX to PIX. I am told that we may be changing our domain name in HQ > therefore I do not wish to use site or subdomain in that new location - > instead I am considering two-way trust and a separate domain - it is a > separate company anyway, well it is complicated. > > Instead of using a domain name like c2.com in that remote location can I > setup the domain as c2.local and considering we will have this link setup > from PIX to PIX between the sites should I be able to create the trust > between the two windows domains - between c2.ocal and our domain x.com? > > Also will I be able in the future to setup that remote site c2.local to have > a FQDN on the outside like c2.com should we need to? Any links appreciated on > how to do that. > > Thanks > > G This one of the solution in designing naming of forest root domain. What you
have done was to have a complete break between your AD domain and your company internet presence domain. This will ensure pubic users can't access your internal AD naming in terms of security. What you need to do is to have an internal DNS which host all the internal records for the .local domain. Create another external DNS and place it on the DMZ which only host those publicly access servers on the DMZ for outside users. The internal DNS is configure to forward all external requests from the clients to the external DNS. Those external calls from internet will be intercept by the front firewall and forward to the respective servers in the DMZ by means of server publishing. Below are links for an in-depth understanding about DNS design, though is rather lengthy. http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/plan/bpaddsgn.mspx http://www.microsoft.com/technet/community/columns/cableguy/cg1200.mspx HTH. Show quoteHide quote "George" wrote: > hi, > > we are adding a remote site that will be connected to HQ via permanent IPSEC > link PIX to PIX. I am told that we may be changing our domain name in HQ > therefore I do not wish to use site or subdomain in that new location - > instead I am considering two-way trust and a separate domain - it is a > separate company anyway, well it is complicated. > > Instead of using a domain name like c2.com in that remote location can I > setup the domain as c2.local and considering we will have this link setup > from PIX to PIX between the sites should I be able to create the trust > between the two windows domains - between c2.ocal and our domain x.com? > > Also will I be able in the future to setup that remote site c2.local to have > a FQDN on the outside like c2.com should we need to? Any links appreciated on > how to do that. > > Thanks > > G 
Other interesting topics
Problem with DC
Change Intersite replication to speed as Intrasite Configuration Container Moving DC`s to other OU`s Sync Active Directory Across Domains Joining two domains How to Rename and Address computers in a AD domain Extending ADAM Schema Referral was returned from Server How to remove individual ACEs from ADAM directory object No Joy backing up |
|||||||||||||||||||||||
