ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Active Directory Domain name

    Scheduled Pinned Locked Moved IT Discussion
    domain name registrationdomain nameactive directoryactive directory domain
    54 Posts 14 Posters 8.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      flaxking @black3dynamite
      last edited by

      @black3dynamite said in Active Directory Domain name:

      @flaxking said in Active Directory Domain name:

      One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
      Which could be a vanity problem in some cases

      I'm curious if you ever seen a set up that reuses the same domainname as subdomain for AD like so, domainname.domainname.com?

      Not exactly, I had had a discussion about using companyinitialsdomain.companyname.com, but in the end we purchased a new domain name for the AD domain.

      1 Reply Last reply Reply Quote 2
      • scottalanmillerS
        scottalanmiller @black3dynamite
        last edited by

        @black3dynamite said in Active Directory Domain name:

        @flaxking said in Active Directory Domain name:

        One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
        Which could be a vanity problem in some cases

        I'm curious if you ever seen a set up that reuses the same domainname as subdomain for AD like so, domainname.domainname.com?

        Or... companyname.domainname.com

        Which might be the same, might be wildly different.

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @flaxking
          last edited by

          @flaxking said in Active Directory Domain name:

          One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
          Which could be a vanity problem in some cases

          LOL, yeah, I see that a lot. I hate that.

          pmonchoP 1 Reply Last reply Reply Quote 0
          • pmonchoP
            pmoncho @scottalanmiller
            last edited by

            @scottalanmiller said in Active Directory Domain name:

            @flaxking said in Active Directory Domain name:

            One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
            Which could be a vanity problem in some cases

            LOL, yeah, I see that a lot. I hate that.

            I used ad.domain.com for my lab and have come to not like it either. Don't know if I like corp.domain.com either.

            I've thought about companyinitials.domain.com too. That only works until the company is bought out.

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @pmoncho
              last edited by

              @pmoncho said in Active Directory Domain name:

              @scottalanmiller said in Active Directory Domain name:

              @flaxking said in Active Directory Domain name:

              One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
              Which could be a vanity problem in some cases

              LOL, yeah, I see that a lot. I hate that.

              I used ad.domain.com for my lab and have come to not like it either. Don't know if I like corp.domain.com either.

              I've thought about companyinitials.domain.com too. That only works until the company is bought out.

              ANY domain name is a problem "until bought out." There's never a way around that.

              For a long time, we used "niagara" which was always just a short form of any name that we ever had.

              M 1 Reply Last reply Reply Quote 0
              • M
                Mario Jakovina @scottalanmiller
                last edited by

                @scottalanmiller said in Active Directory Domain name:

                For a long time, we used "niagara" which was always just a short form of any name that we ever had.

                Does NTG still uses Active Directory in its business?

                1 Reply Last reply Reply Quote 0
                • siringoS
                  siringo
                  last edited by

                  so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?

                  is that primarily to avoid that macOS stuff Scott mentioned?

                  I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.

                  DashrenderD 1 Reply Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender @siringo
                    last edited by

                    @siringo said in Active Directory Domain name:

                    so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?

                    I wouldn't call it new - it's been since at least 2016, and likely longer than that.

                    is that primarily to avoid that macOS stuff Scott mentioned?

                    I believe dumping .local was to avoid the mac issues, the subdomain use is because of DNS.

                    I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.

                    I believe .local came into vogue around Server 2003 (maybe 2003R2) and was stopped around Server 2008 or 2012.

                    siringoS 1 Reply Last reply Reply Quote 0
                    • siringoS
                      siringo @Dashrender
                      last edited by

                      @dashrender said in Active Directory Domain name:

                      @siringo said in Active Directory Domain name:

                      so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?

                      I wouldn't call it new - it's been since at least 2016, and likely longer than that.

                      is that primarily to avoid that macOS stuff Scott mentioned?

                      I believe dumping .local was to avoid the mac issues, the subdomain use is because of DNS.

                      I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.

                      I believe .local came into vogue around Server 2003 (maybe 2003R2) and was stopped around Server 2008 or 2012.

                      Oh, OK. Thanks for that. I'd never heard of any of that before. Good to know.

                      DashrenderD 1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender @siringo
                        last edited by

                        @siringo said in Active Directory Domain name:

                        @dashrender said in Active Directory Domain name:

                        @siringo said in Active Directory Domain name:

                        so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?

                        I wouldn't call it new - it's been since at least 2016, and likely longer than that.

                        is that primarily to avoid that macOS stuff Scott mentioned?

                        I believe dumping .local was to avoid the mac issues, the subdomain use is because of DNS.

                        I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.

                        I believe .local came into vogue around Server 2003 (maybe 2003R2) and was stopped around Server 2008 or 2012.

                        Oh, OK. Thanks for that. I'd never heard of any of that before. Good to know.

                        FYI - Local was also dumped because it's not a valid TLD (Top Level Domain) - i.e. can't be used on the internet. Certificate makers are now refusing to include domain.local in new certificates.

                        siringoS scottalanmillerS 2 Replies Last reply Reply Quote 0
                        • siringoS
                          siringo @Dashrender
                          last edited by

                          @dashrender said in Active Directory Domain name:

                          @siringo said in Active Directory Domain name:

                          @dashrender said in Active Directory Domain name:

                          @siringo said in Active Directory Domain name:

                          so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?

                          I wouldn't call it new - it's been since at least 2016, and likely longer than that.

                          is that primarily to avoid that macOS stuff Scott mentioned?

                          I believe dumping .local was to avoid the mac issues, the subdomain use is because of DNS.

                          I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.

                          I believe .local came into vogue around Server 2003 (maybe 2003R2) and was stopped around Server 2008 or 2012.

                          Oh, OK. Thanks for that. I'd never heard of any of that before. Good to know.

                          FYI - Local was also dumped because it's not a valid TLD (Top Level Domain) - i.e. can't be used on the internet. Certificate makers are now refusing to include domain.local in new certificates.

                          Interesting. I believe that is why it was used in private AD environments in the first place, for that very reason.

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • black3dynamiteB
                            black3dynamite @flaxking
                            last edited by

                            @flaxking said in Active Directory Domain name:

                            One thing to note with ad.domainname.com is that in some places it will just display your domain as 'AD'
                            Which could be a vanity problem in some cases

                            Found one that uses 'AD' in production.

                            e59e5b47-ea8a-4bdb-8360-a8c8266e16bb-image.png

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @black3dynamite
                              last edited by

                              @black3dynamite ha, I've seen it, but not often.

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @siringo
                                last edited by

                                @siringo said in Active Directory Domain name:

                                @dashrender said in Active Directory Domain name:

                                @siringo said in Active Directory Domain name:

                                @dashrender said in Active Directory Domain name:

                                @siringo said in Active Directory Domain name:

                                so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?

                                I wouldn't call it new - it's been since at least 2016, and likely longer than that.

                                is that primarily to avoid that macOS stuff Scott mentioned?

                                I believe dumping .local was to avoid the mac issues, the subdomain use is because of DNS.

                                I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.

                                I believe .local came into vogue around Server 2003 (maybe 2003R2) and was stopped around Server 2008 or 2012.

                                Oh, OK. Thanks for that. I'd never heard of any of that before. Good to know.

                                FYI - Local was also dumped because it's not a valid TLD (Top Level Domain) - i.e. can't be used on the internet. Certificate makers are now refusing to include domain.local in new certificates.

                                Interesting. I believe that is why it was used in private AD environments in the first place, for that very reason.

                                That's right, that it had those limitations was the point. AD is fundamentally not built with the intention of being on the Internet!

                                1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @Dashrender
                                  last edited by

                                  @dashrender said in Active Directory Domain name:

                                  @siringo said in Active Directory Domain name:

                                  @dashrender said in Active Directory Domain name:

                                  @siringo said in Active Directory Domain name:

                                  so are you guys saying that the new thinking is now to give your inhouse, private AD domain name a subdomain name of your public domain name?

                                  I wouldn't call it new - it's been since at least 2016, and likely longer than that.

                                  is that primarily to avoid that macOS stuff Scott mentioned?

                                  I believe dumping .local was to avoid the mac issues, the subdomain use is because of DNS.

                                  I never did any 2000/AD training (3.51 for me) but I can clearly remember reading MS technotes that mentioned using .local. That's why I've used that since.

                                  I believe .local came into vogue around Server 2003 (maybe 2003R2) and was stopped around Server 2008 or 2012.

                                  Oh, OK. Thanks for that. I'd never heard of any of that before. Good to know.

                                  FYI - Local was also dumped because it's not a valid TLD (Top Level Domain) - i.e. can't be used on the internet. Certificate makers are now refusing to include domain.local in new certificates.

                                  Not also, it was kept until there was competition over the private (can't be used) TLD. Apple and MS both chose it because it couldn't be used that way. No certificate maker should ever have included it (and I've never heard of that as it would always indicate a scam CA as you cannot own that domain by definition).

                                  Any CA that issued that can't be trusted and is a huge security risk.

                                  dbeatoD 1 Reply Last reply Reply Quote 1
                                  • dbeatoD
                                    dbeato @scottalanmiller
                                    last edited by

                                    @scottalanmiller said in Active Directory Domain name:

                                    used that way. No certificate maker should ever have included it (and I've never heard of that as it would always indicate a scam CA as you cannot own that domain by definition).

                                    The Majority if not all did add the .local, .lan and others, unless you think all CA are scams then I wouldn't say they are a scam.

                                    DashrenderD stacksofplatesS 2 Replies Last reply Reply Quote 0
                                    • DashrenderD
                                      Dashrender @dbeato
                                      last edited by

                                      @dbeato said in Active Directory Domain name:

                                      @scottalanmiller said in Active Directory Domain name:

                                      used that way. No certificate maker should ever have included it (and I've never heard of that as it would always indicate a scam CA as you cannot own that domain by definition).

                                      The Majority if not all did add the .local, .lan and others, unless you think all CA are scams then I wouldn't say they are a scam.

                                      I was thinking the same thing. Sure they weren't the primary, these odd-balls where always secondary, but still most of them supported it as far as I understood.

                                      I guess that makes most CA's scams.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • stacksofplatesS
                                        stacksofplates @dbeato
                                        last edited by

                                        @dbeato said in Active Directory Domain name:

                                        @scottalanmiller said in Active Directory Domain name:

                                        used that way. No certificate maker should ever have included it (and I've never heard of that as it would always indicate a scam CA as you cannot own that domain by definition).

                                        The Majority if not all did add the .local, .lan and others, unless you think all CA are scams then I wouldn't say they are a scam.

                                        Yeah from a quick search looks like at least GoDaddy and Digicert offered them.

                                        Nov 2015 is when CA/Browser Forum set the standard to not allow internal domains. So looks like most if not all would have supported it before that.

                                        https://cabforum.org/internal-names/

                                        F scottalanmillerS 2 Replies Last reply Reply Quote 0
                                        • F
                                          flaxking @stacksofplates
                                          last edited by

                                          Wow, sounds like they didn't think that through.

                                          1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @stacksofplates
                                            last edited by

                                            @stacksofplates said in Active Directory Domain name:

                                            @dbeato said in Active Directory Domain name:

                                            @scottalanmiller said in Active Directory Domain name:

                                            used that way. No certificate maker should ever have included it (and I've never heard of that as it would always indicate a scam CA as you cannot own that domain by definition).

                                            The Majority if not all did add the .local, .lan and others, unless you think all CA are scams then I wouldn't say they are a scam.

                                            Yeah from a quick search looks like at least GoDaddy and Digicert offered them.

                                            Nov 2015 is when CA/Browser Forum set the standard to not allow internal domains. So looks like most if not all would have supported it before that.

                                            https://cabforum.org/internal-names/

                                            Damn, that's a major security hole! So I could go get a cert issued for a domain someone else used and there had to be zero verification since.... there was nothing to verify!

                                            dbeatoD 1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 3 / 3
                                            • First post
                                              Last post