ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Internal domain name same as external domain - DNS issues!!

    Scheduled Pinned Locked Moved IT Discussion
    dnswindowslanactive directorydomain name
    58 Posts 8 Posters 19.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender @scottalanmiller
      last edited by

      @scottalanmiller said:

      @Dashrender said:

      If the while system is that new... It might be worth redoing AD....

      Unless it is so new that they have not started using it, is that true? How does age of authentication change the effort in renaming?

      If they only have one or two servers and a small handful of folders to change permission on.. If you were ever going to do it... Now would be the time.

      scottalanmillerS 1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @Dashrender
        last edited by

        @Dashrender said:

        @scottalanmiller said:

        @Dashrender said:

        If the while system is that new... It might be worth redoing AD....

        Unless it is so new that they have not started using it, is that true? How does age of authentication change the effort in renaming?

        If they only have one or two servers and a small handful of folders to change permission on.. If you were ever going to do it... Now would be the time.

        Regardless of how many that is, wouldn't the current state be "all of them?"

        1 Reply Last reply Reply Quote 0
        • DashrenderD
          Dashrender
          last edited by

          It will always be all of them... But unless you are at 10 today and plan to never grow.... Then why not do it when you're small.

          Are you saying the effort is just never worth it until there is a reason to worry about it? While that can make sense, assuming the effort is around 10 computers. I think the ounce of prevention today is worth it.

          Of course if he is so swamped doing other things that makes the company more money, more efficient, etc.... Then he should do those things

          scottalanmillerS 2 Replies Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @Dashrender
            last edited by

            @Dashrender said:

            It will always be all of them... But unless you are at 10 today and plan to never grow.... Then why not do it when you're small.

            That doesn't make sense. What if he put it in twenty years ago but was only at ten people today?

            You can make an argument, like I did earlier, that if the environment is small enough it might be worth moving now. You could make an argument that if you expect to grow dramatically that it might be worth moving for some reason, although I don't believe that this is true - having to type in www is an easy fix at any scale. But what I don't see is how the age of the environment is a factor. If you are five minutes old and have a million users or twenty years old and have five, it is the number of users, not the age of the environment that determines if the effort might be worth it.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @Dashrender
              last edited by

              @Dashrender said:

              Are you saying the effort is just never worth it until there is a reason to worry about it? While that can make sense, assuming the effort is around 10 computers. I think the ounce of prevention today is worth it.

              No, just saying that the age of the environment is not a factor. That's a form of the sunk cost fallacy - you are thinking about the means and ignoring the ends. But that doens't work. It's the state of things that determines the value for the future, not "how it got to be this way."

              1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender
                last edited by

                While I probably did mention age, most would not fixate on it. As you said the important part is the number of users. Of course the expectation of someone posting here who has a brand new AD would be that they had a million users.

                To me this is you being weird, fixating on a wit and not my intent - of course we're in IT and need to be specific.... But I'm posting from my phone, and often don't word things perfectly when doing so.

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @Dashrender
                  last edited by scottalanmiller

                  @Dashrender said:

                  If the while system is that new... It might be worth redoing AD....

                  How can I not fixate on it, it is the singular component of your point. There is no other factor at all.

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @Dashrender
                    last edited by

                    @Dashrender said:

                    To me this is you being weird, fixating on a wit and not my intent - of course we're in IT and need to be specific.... But I'm posting from my phone, and often don't word things perfectly when doing so.

                    Perhaps, but if you had another intent, why did you only say age and not mention the thing that you intended? How am I to hear something that age from what was stated?

                    1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender
                      last edited by

                      I'd ask you if you've ever know a new company that had a million users even inside their first year, buy then knowing you, you'd say yes and it would be true 😉

                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @Dashrender
                        last edited by

                        @Dashrender said:

                        I'd ask you if you've ever know a new company that had a million users even inside their first year, buy then knowing you, you'd say yes and it would be true 😉

                        LOL, of course. A million is a bit much, but I think you are dealing with a string of assumptions, which may be common, but nothing makes them true:

                        • That companies put in AD when they start up.
                        • That companies keep AD throughput their lifespans.
                        • That companies start with ten or fewer staff and grow organically over time.
                        • That AD is never introduced in the mid-stream of a company life. Or rebuild.

                        If any one of these four things is not true, and nothing makes any of them necessarily true for any company, then the age of AD would not tell us what we need to know.

                        1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller
                          last edited by

                          If you are going by the logic that AD would start small, one could also argue, equally wrong, that if a company has an IT Pro they are already too large to consider rebuilding AD.

                          1 Reply Last reply Reply Quote 1
                          • JoelJ
                            Joel
                            last edited by

                            So for reference, the company is about 5 years old. They have 15 staff and growing (at reasonable pace) was mayhem to control users/passwords/group policies etc. Therefore having just joined the company myself, suggested getting some structure in place and to get the server...so yes, new server - established company.

                            PS - What settings do I need to do to get the active sync working? I did have this problem on a few computers...I couldn't understand why some worked and some didnt!! The ones that didnt, I changed DNS to Google and that helped autodiscover. then put it all back to DHCP. Which is why I questioned if emails will be okay in the initial post.

                            scottalanmillerS 2 Replies Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @Joel
                              last edited by

                              @Our-Tech-Team said:

                              So for reference, the company is about 5 years old. They have 15 staff and growing (at reasonable pace) was mayhem to control users/passwords/group policies etc. Therefore having just joined the company myself, suggested getting some structure in place and to get the server...so yes, new server - established company.

                              That is awfully small, it might be worth putting the users back in manually so that you don't have this issue going into the future. How much do you have depending on Active Directory? This would require creating a whole new AD system and moving people over to it, one by one.

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @Joel
                                last edited by

                                @Our-Tech-Team said:

                                PS - What settings do I need to do to get the active sync working? I did have this problem on a few computers...I couldn't understand why some worked and some didnt!! The ones that didnt, I changed DNS to Google and that helped autodiscover. then put it all back to DHCP. Which is why I questioned if emails will be okay in the initial post.

                                Everything that you do with your public DNS (the one that Google DNS sees) you need to replicate manually in your own DNS system, always and forever. This is the penalty for having the overlapping names - there is no means for the desktops to talk to the public DNS. So just like you had to put in www manually, you need to do that with every entry.

                                1 Reply Last reply Reply Quote 0
                                • JoelJ
                                  Joel
                                  last edited by

                                  Not a lot in AD. Of course the usual such as users/groups, some group policies and file share permissions.

                                  So for example in my DNS, I'd need to manually add the office 365 records, such as MX records, autodiscover CNames etc?

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @Joel
                                    last edited by

                                    @Our-Tech-Team said:

                                    So for example in my DNS, I'd need to manually add the office 365 records, such as MX records, autodiscover CNames etc?

                                    MX can be skipped unless you have an SMTP MTA somewhere on your LAN pointing to the DC for DNS resolution. But yes, all other entries need to be there.

                                    Remember MX is for mail and you are not using email, you are using a web application. It's for email, but it is not email itself.

                                    1 Reply Last reply Reply Quote 0
                                    • brianlittlejohnB
                                      brianlittlejohn
                                      last edited by

                                      With only 15 users, personally, I would spend a weekend and reset up my AD environment just to avoid issues in the future.

                                      JaredBuschJ 1 Reply Last reply Reply Quote 1
                                      • JaredBuschJ
                                        JaredBusch @brianlittlejohn
                                        last edited by

                                        @brianlittlejohn said:

                                        With only 15 users, personally, I would spend a weekend and reset up my AD environment just to avoid issues in the future.

                                        I would agree with @brianlittlejohn here. You had no AD at all prior too few days ago.

                                        Just remove all the machines from the domain. Nuke your DC and start over.

                                        PSX_DefectorP DashrenderD 2 Replies Last reply Reply Quote 2
                                        • PSX_DefectorP
                                          PSX_Defector @JaredBusch
                                          last edited by

                                          @JaredBusch said:

                                          @brianlittlejohn said:

                                          With only 15 users, personally, I would spend a weekend and reset up my AD environment just to avoid issues in the future.

                                          I would agree with @brianlittlejohn here. You had no AD at all prior too few days ago.

                                          Just remove all the machines from the domain. Nuke your DC and start over.

                                          As someone who does this a lot, even with more users than that, it's pretty simple.

                                          I keep a few templates ready to go to deploy a base AD environment. Takes me ~3 minutes per end point to unjoin to the domain, about 2 hours to rebuild AD from template to completed environment, then ~3 minute per endpoint to rejoin. With that in mind, a 15 users environment, I could have it done in an afternoon while drinking beer.

                                          Shit like this is easy as hell. Although I would be investigating the cost/benefit of having an AD environment for that few of users. Unless you have a case for it, Samba will do the job of authentication just fine. And a Samba domain is just as quick to deploy. Save quite a few bucks in the process. AD is great, I made my career around it, but it's not a need.

                                          1 Reply Last reply Reply Quote 2
                                          • JoelJ
                                            Joel
                                            last edited by

                                            I've never used or worked with Samba so dont know anything about it. The AD I thought was great for them as they want to have more 'control' over users, add more security to the network and manage permissions on folders much better. I'm familiar with AD so thought it would suit them well.

                                            The reason we named the domain name the same as their external domain is because a Microsoft technician advised me to do so if we wanted to Sync our Office365 tenant with the on-premise server.

                                            I can easily nuke the DC and start over, but to re-configure the 15 computers and drag everything over to their new profile is easy, but frustrating to have to spend the extra time doing it as i've just done it for their new server!!!

                                            scottalanmillerS brianlittlejohnB 4 Replies Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 2 / 3
                                            • First post
                                              Last post