Active Directory Domain name

Dashrender

Another option I've spoken with Jared about is running a script (say hourly) that would check a private gitlab/github repo for updates to be applied to the machines.

pmoncho

@dashrender said in Active Directory Domain name:

Another option I've spoken with Jared about is running a script (say hourly) that would check a private gitlab/github repo for updates to be applied to the machines.

I see. Interesting. I will look into those.

flaxking

One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
Which could be a vanity problem in some cases

JasGot

@scottalanmiller said in Active Directory Domain name:

Could you ever get them? .local was never a TLD so no legit cert could ever have been issued.

I just searched my Comodo Orders going back to 2007, I found many referencing .local

However, here's the difference that I had forgotten about, the .local was always a secondary name in the cert.

Example:
The cert was valid for:
Domain.Org
ServerName
ServerName.Domain.Org

I didn't see where I ever got a cert for ONLY the .local name.

black3dynamite

@flaxking said in Active Directory Domain name:

One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
Which could be a vanity problem in some cases

I'm curious if you ever seen a set up that reuses the same domainname as subdomain for AD like so, domainname.domainname.com?

flaxking

@black3dynamite said in Active Directory Domain name:

@flaxking said in Active Directory Domain name:

One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
Which could be a vanity problem in some cases

I'm curious if you ever seen a set up that reuses the same domainname as subdomain for AD like so, domainname.domainname.com?

Not exactly, I had had a discussion about using companyinitialsdomain.companyname.com, but in the end we purchased a new domain name for the AD domain.

scottalanmiller

@black3dynamite said in Active Directory Domain name:

@flaxking said in Active Directory Domain name:

One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
Which could be a vanity problem in some cases

I'm curious if you ever seen a set up that reuses the same domainname as subdomain for AD like so, domainname.domainname.com?

Or... companyname.domainname.com

Which might be the same, might be wildly different.

scottalanmiller

@flaxking said in Active Directory Domain name:

One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
Which could be a vanity problem in some cases

LOL, yeah, I see that a lot. I hate that.

pmoncho

@scottalanmiller said in Active Directory Domain name:

@flaxking said in Active Directory Domain name:

One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
Which could be a vanity problem in some cases

LOL, yeah, I see that a lot. I hate that.

I used ad.domain.com for my lab and have come to not like it either. Don't know if I like corp.domain.com either.

I've thought about companyinitials.domain.com too. That only works until the company is bought out.

scottalanmiller

@pmoncho said in Active Directory Domain name:

@scottalanmiller said in Active Directory Domain name:

@flaxking said in Active Directory Domain name:

One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
Which could be a vanity problem in some cases

LOL, yeah, I see that a lot. I hate that.

I used ad.domain.com for my lab and have come to not like it either. Don't know if I like corp.domain.com either.

I've thought about companyinitials.domain.com too. That only works until the company is bought out.

ANY domain name is a problem "until bought out." There's never a way around that.

For a long time, we used "niagara" which was always just a short form of any name that we ever had.

Mario Jakovina

@scottalanmiller said in Active Directory Domain name:

For a long time, we used "niagara" which was always just a short form of any name that we ever had.

Does NTG still uses Active Directory in its business?

siringo

so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?

is that primarily to avoid that macOS stuff Scott mentioned?

I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.

Dashrender

@siringo said in Active Directory Domain name:

so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?

I wouldn't call it new - it's been since at least 2016, and likely longer than that.

is that primarily to avoid that macOS stuff Scott mentioned?

I believe dumping .local was to avoid the mac issues, the subdomain use is because of DNS.

I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.

I believe .local came into vogue around Server 2003 (maybe 2003R2) and was stopped around Server 2008 or 2012.

siringo

@dashrender said in Active Directory Domain name:

@siringo said in Active Directory Domain name:

so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?

I wouldn't call it new - it's been since at least 2016, and likely longer than that.

is that primarily to avoid that macOS stuff Scott mentioned?

I believe dumping .local was to avoid the mac issues, the subdomain use is because of DNS.

I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.

I believe .local came into vogue around Server 2003 (maybe 2003R2) and was stopped around Server 2008 or 2012.

Oh, OK. Thanks for that. I'd never heard of any of that before. Good to know.

Dashrender

@siringo said in Active Directory Domain name:

@dashrender said in Active Directory Domain name:

@siringo said in Active Directory Domain name:

so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?

I wouldn't call it new - it's been since at least 2016, and likely longer than that.

is that primarily to avoid that macOS stuff Scott mentioned?

I believe dumping .local was to avoid the mac issues, the subdomain use is because of DNS.

I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.

I believe .local came into vogue around Server 2003 (maybe 2003R2) and was stopped around Server 2008 or 2012.

Oh, OK. Thanks for that. I'd never heard of any of that before. Good to know.

FYI - Local was also dumped because it's not a valid TLD (Top Level Domain) - i.e. can't be used on the internet. Certificate makers are now refusing to include domain.local in new certificates.

siringo

@dashrender said in Active Directory Domain name:

@siringo said in Active Directory Domain name:

@dashrender said in Active Directory Domain name:

@siringo said in Active Directory Domain name:

so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?

I wouldn't call it new - it's been since at least 2016, and likely longer than that.

is that primarily to avoid that macOS stuff Scott mentioned?

I believe dumping .local was to avoid the mac issues, the subdomain use is because of DNS.

I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.

I believe .local came into vogue around Server 2003 (maybe 2003R2) and was stopped around Server 2008 or 2012.

Oh, OK. Thanks for that. I'd never heard of any of that before. Good to know.

FYI - Local was also dumped because it's not a valid TLD (Top Level Domain) - i.e. can't be used on the internet. Certificate makers are now refusing to include domain.local in new certificates.

Interesting. I believe that is why it was used in private AD environments in the first place, for that very reason.

black3dynamite

@flaxking said in Active Directory Domain name:

One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
Which could be a vanity problem in some cases

Found one that uses 'AD' in production.

scottalanmiller

@black3dynamite ha, I've seen it, but not often.

scottalanmiller

@siringo said in Active Directory Domain name:

@dashrender said in Active Directory Domain name:

@siringo said in Active Directory Domain name:

@dashrender said in Active Directory Domain name:

@siringo said in Active Directory Domain name:

so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?

I wouldn't call it new - it's been since at least 2016, and likely longer than that.

is that primarily to avoid that macOS stuff Scott mentioned?

I believe dumping .local was to avoid the mac issues, the subdomain use is because of DNS.

I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.

I believe .local came into vogue around Server 2003 (maybe 2003R2) and was stopped around Server 2008 or 2012.

Oh, OK. Thanks for that. I'd never heard of any of that before. Good to know.

FYI - Local was also dumped because it's not a valid TLD (Top Level Domain) - i.e. can't be used on the internet. Certificate makers are now refusing to include domain.local in new certificates.

Interesting. I believe that is why it was used in private AD environments in the first place, for that very reason.

That's right, that it had those limitations was the point. AD is fundamentally not built with the intention of being on the Internet!

scottalanmiller

@dashrender said in Active Directory Domain name:

@siringo said in Active Directory Domain name:

@dashrender said in Active Directory Domain name:

@siringo said in Active Directory Domain name:

so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?

I wouldn't call it new - it's been since at least 2016, and likely longer than that.

is that primarily to avoid that macOS stuff Scott mentioned?

I believe dumping .local was to avoid the mac issues, the subdomain use is because of DNS.

I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.

I believe .local came into vogue around Server 2003 (maybe 2003R2) and was stopped around Server 2008 or 2012.

Oh, OK. Thanks for that. I'd never heard of any of that before. Good to know.

FYI - Local was also dumped because it's not a valid TLD (Top Level Domain) - i.e. can't be used on the internet. Certificate makers are now refusing to include domain.local in new certificates.

Not also, it was kept until there was competition over the private (can't be used) TLD. Apple and MS both chose it because it couldn't be used that way. No certificate maker should ever have included it (and I've never heard of that as it would always indicate a scam CA as you cannot own that domain by definition).

Any CA that issued that can't be trusted and is a huge security risk.