Active Directory Domain name
-
@black3dynamite said in Active Directory Domain name:
@flaxking said in Active Directory Domain name:
One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
Which could be a vanity problem in some casesI'm curious if you ever seen a set up that reuses the same domainname as subdomain for AD like so, domainname.domainname.com?
Not exactly, I had had a discussion about using companyinitialsdomain.companyname.com, but in the end we purchased a new domain name for the AD domain.
-
@black3dynamite said in Active Directory Domain name:
@flaxking said in Active Directory Domain name:
One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
Which could be a vanity problem in some casesI'm curious if you ever seen a set up that reuses the same domainname as subdomain for AD like so, domainname.domainname.com?
Or... companyname.domainname.com
Which might be the same, might be wildly different.
-
@flaxking said in Active Directory Domain name:
One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
Which could be a vanity problem in some casesLOL, yeah, I see that a lot. I hate that.
-
@scottalanmiller said in Active Directory Domain name:
@flaxking said in Active Directory Domain name:
One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
Which could be a vanity problem in some casesLOL, yeah, I see that a lot. I hate that.
I used ad.domain.com for my lab and have come to not like it either. Don't know if I like corp.domain.com either.
I've thought about companyinitials.domain.com too. That only works until the company is bought out.
-
@pmoncho said in Active Directory Domain name:
@scottalanmiller said in Active Directory Domain name:
@flaxking said in Active Directory Domain name:
One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
Which could be a vanity problem in some casesLOL, yeah, I see that a lot. I hate that.
I used ad.domain.com for my lab and have come to not like it either. Don't know if I like corp.domain.com either.
I've thought about companyinitials.domain.com too. That only works until the company is bought out.
ANY domain name is a problem "until bought out." There's never a way around that.
For a long time, we used "niagara" which was always just a short form of any name that we ever had.
-
@scottalanmiller said in Active Directory Domain name:
For a long time, we used "niagara" which was always just a short form of any name that we ever had.
Does NTG still uses Active Directory in its business?
-
so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?
is that primarily to avoid that macOS stuff Scott mentioned?
I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.
-
@siringo said in Active Directory Domain name:
so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?
I wouldn't call it new - it's been since at least 2016, and likely longer than that.
is that primarily to avoid that macOS stuff Scott mentioned?
I believe dumping .local was to avoid the mac issues, the subdomain use is because of DNS.
I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.
I believe .local came into vogue around Server 2003 (maybe 2003R2) and was stopped around Server 2008 or 2012.
-
@dashrender said in Active Directory Domain name:
@siringo said in Active Directory Domain name:
so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?
I wouldn't call it new - it's been since at least 2016, and likely longer than that.
is that primarily to avoid that macOS stuff Scott mentioned?
I believe dumping .local was to avoid the mac issues, the subdomain use is because of DNS.
I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.
I believe .local came into vogue around Server 2003 (maybe 2003R2) and was stopped around Server 2008 or 2012.
Oh, OK. Thanks for that. I'd never heard of any of that before. Good to know.
-
@siringo said in Active Directory Domain name:
@dashrender said in Active Directory Domain name:
@siringo said in Active Directory Domain name:
so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?
I wouldn't call it new - it's been since at least 2016, and likely longer than that.
is that primarily to avoid that macOS stuff Scott mentioned?
I believe dumping .local was to avoid the mac issues, the subdomain use is because of DNS.
I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.
I believe .local came into vogue around Server 2003 (maybe 2003R2) and was stopped around Server 2008 or 2012.
Oh, OK. Thanks for that. I'd never heard of any of that before. Good to know.
FYI - Local was also dumped because it's not a valid TLD (Top Level Domain) - i.e. can't be used on the internet. Certificate makers are now refusing to include domain.local in new certificates.
-
@dashrender said in Active Directory Domain name:
@siringo said in Active Directory Domain name:
@dashrender said in Active Directory Domain name:
@siringo said in Active Directory Domain name:
so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?
I wouldn't call it new - it's been since at least 2016, and likely longer than that.
is that primarily to avoid that macOS stuff Scott mentioned?
I believe dumping .local was to avoid the mac issues, the subdomain use is because of DNS.
I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.
I believe .local came into vogue around Server 2003 (maybe 2003R2) and was stopped around Server 2008 or 2012.
Oh, OK. Thanks for that. I'd never heard of any of that before. Good to know.
FYI - Local was also dumped because it's not a valid TLD (Top Level Domain) - i.e. can't be used on the internet. Certificate makers are now refusing to include domain.local in new certificates.
Interesting. I believe that is why it was used in private AD environments in the first place, for that very reason.
-
@flaxking said in Active Directory Domain name:
One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
Which could be a vanity problem in some casesFound one that uses 'AD' in production.
-
@black3dynamite ha, I've seen it, but not often.
-
@siringo said in Active Directory Domain name:
@dashrender said in Active Directory Domain name:
@siringo said in Active Directory Domain name:
@dashrender said in Active Directory Domain name:
@siringo said in Active Directory Domain name:
so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?
I wouldn't call it new - it's been since at least 2016, and likely longer than that.
is that primarily to avoid that macOS stuff Scott mentioned?
I believe dumping .local was to avoid the mac issues, the subdomain use is because of DNS.
I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.
I believe .local came into vogue around Server 2003 (maybe 2003R2) and was stopped around Server 2008 or 2012.
Oh, OK. Thanks for that. I'd never heard of any of that before. Good to know.
FYI - Local was also dumped because it's not a valid TLD (Top Level Domain) - i.e. can't be used on the internet. Certificate makers are now refusing to include domain.local in new certificates.
Interesting. I believe that is why it was used in private AD environments in the first place, for that very reason.
That's right, that it had those limitations was the point. AD is fundamentally not built with the intention of being on the Internet!
-
@dashrender said in Active Directory Domain name:
@siringo said in Active Directory Domain name:
@dashrender said in Active Directory Domain name:
@siringo said in Active Directory Domain name:
so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?
I wouldn't call it new - it's been since at least 2016, and likely longer than that.
is that primarily to avoid that macOS stuff Scott mentioned?
I believe dumping .local was to avoid the mac issues, the subdomain use is because of DNS.
I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.
I believe .local came into vogue around Server 2003 (maybe 2003R2) and was stopped around Server 2008 or 2012.
Oh, OK. Thanks for that. I'd never heard of any of that before. Good to know.
FYI - Local was also dumped because it's not a valid TLD (Top Level Domain) - i.e. can't be used on the internet. Certificate makers are now refusing to include domain.local in new certificates.
Not also, it was kept until there was competition over the private (can't be used) TLD. Apple and MS both chose it because it couldn't be used that way. No certificate maker should ever have included it (and I've never heard of that as it would always indicate a scam CA as you cannot own that domain by definition).
Any CA that issued that can't be trusted and is a huge security risk.
-
@scottalanmiller said in Active Directory Domain name:
used that way. No certificate maker should ever have included it (and I've never heard of that as it would always indicate a scam CA as you cannot own that domain by definition).
The Majority if not all did add the .local, .lan and others, unless you think all CA are scams then I wouldn't say they are a scam.
-
@dbeato said in Active Directory Domain name:
@scottalanmiller said in Active Directory Domain name:
used that way. No certificate maker should ever have included it (and I've never heard of that as it would always indicate a scam CA as you cannot own that domain by definition).
The Majority if not all did add the .local, .lan and others, unless you think all CA are scams then I wouldn't say they are a scam.
I was thinking the same thing. Sure they weren't the primary, these odd-balls where always secondary, but still most of them supported it as far as I understood.
I guess that makes most CA's scams.
-
@dbeato said in Active Directory Domain name:
@scottalanmiller said in Active Directory Domain name:
used that way. No certificate maker should ever have included it (and I've never heard of that as it would always indicate a scam CA as you cannot own that domain by definition).
The Majority if not all did add the .local, .lan and others, unless you think all CA are scams then I wouldn't say they are a scam.
Yeah from a quick search looks like at least GoDaddy and Digicert offered them.
Nov 2015 is when CA/Browser Forum set the standard to not allow internal domains. So looks like most if not all would have supported it before that.
-
Wow, sounds like they didn't think that through.
-
@stacksofplates said in Active Directory Domain name:
@dbeato said in Active Directory Domain name:
@scottalanmiller said in Active Directory Domain name:
used that way. No certificate maker should ever have included it (and I've never heard of that as it would always indicate a scam CA as you cannot own that domain by definition).
The Majority if not all did add the .local, .lan and others, unless you think all CA are scams then I wouldn't say they are a scam.
Yeah from a quick search looks like at least GoDaddy and Digicert offered them.
Nov 2015 is when CA/Browser Forum set the standard to not allow internal domains. So looks like most if not all would have supported it before that.
Damn, that's a major security hole! So I could go get a cert issued for a domain someone else used and there had to be zero verification since.... there was nothing to verify!
