Depends. Do you have an existing internal DNS infrastructure for emmanuel.edu? If so, you may want to use subdomains for your AD domains, since you can easily delegate these subdomains to AD DNS servers and not disrupt your existing DNS servers.
I didn't mention this, but this DNS issue also applied to us. Our internal kimball.com DNS is hosted on bind/unix. We wanted the DNS for our AD domains to be on win2k, so our unix DNS server delegates kii.kimball.com and ads.kimball.com to our win2k DNS servers. Our kii.kimball.com and ads.kimball.com DNS servers are secondaries for each other and for kimball.com. The unix/bind DNS server is secondary for kii and ads. Our AD DNS servers also forward to the kimball.com DNS server for unknowns. Works like a charm (once you figure out the win2k DNS can't do multi-record-per-packet transfers, even though it says it can...) One other point worth mentioning. The current philosophy in AD design is to use a completely unrelated DNS domain for your AD so that if your organization changes names, you won't be stuck trying to rename your forest. According to the current wisdom, you should register a domain like "sdfgde.org" and use that for your AD. Others skip registering a domain, and use a TLD that will never be used in the real world - something like ads.fart, perhaps. -----Original Message----- From: Brahim Bouchaiba [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 05, 2003 10:16 AM To: [EMAIL PROTECTED] Subject: Re: RE: [ActiveDir] choosing names for AD Thanks Ken, My situation is just little slight different : 1-our registered domain is Emmanuel.edu 2-right now I don't have any main domains (referring to kII.kimball.com) so would i be better off just using Emmanuel.edu as the empty root.or add like subdomain for example xx.emmanuel.edu. [EMAIL PROTECTED] writes: >Yes, this is exactly how we did our AD implementation. > >Our registered domain is "kimball.com" > >Our empty root is "ads.kimball.com" >Our main domain is "kii.kimball.com" (this domain started out as an NT4 >domain called KII) > >We run split-brain DNS: our internal and external DNS are separate. To >eliminate user confusion, all of our internal web sites start with >"kww" >(ie: kww.kimball.com). > >If I were doing it again, I would migrate KII to kii.ads.kimball.com to >simplify our DNS (now we have 4 DNS servers: 2 ADS domain controllers, >and 2 KII DCs). We went with the original scheme to keep the DNS FQDNs >shorter, but there is really no need. The end users don't see them, and >admins very seldom have to type the whole thing out. > >-----Original Message----- >From: Brahim Bouchaiba [mailto:[EMAIL PROTECTED] >Sent: Wednesday, March 05, 2003 8:01 AM >To: [EMAIL PROTECTED] >Subject: [ActiveDir] choosing names for AD > > > >Hello all, >My company has registered DNS domain name suffix called xx.com. My >question is can I use this domain suffix as name for the forest root or >another subdomain like corp.xx.com for the active directory .Putting in >consideration that our website is www.xx.com is hosted by another >company and that when i 'll set up the internal DNS I will use our ISP >DNS as forwarder .I'm afraid that internal and external namesoace will >overlap.Any ideas please.thanks > >List info : http://www.activedir.org/mail_list.htm >List FAQ : http://www.activedir.org/list_faq.htm >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ >List info : http://www.activedir.org/mail_list.htm >List FAQ : http://www.activedir.org/list_faq.htm >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ > > Brahim Bouchaiba Network administrator Information technology 617-7359720 List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
