And I just learned something new

At my workplace the same thing was done as was at many other companies when AD was first introduced years ago – the internal AD domain was named the same as an external domain. Normally this isn’t a problem but it is when internal users want to go to the external website that uses that domain name.

Normal browser operation is to prepend a ‘www’ to the domain name when the domain itself doesn’t respond. In the case of the internal AD domain that will happen with DCs running IIS – they will respond with the default web page.

At that point there are essentially three options (in increasing implementation pain):
1. Create a ‘www’ record internally and educate the users that they will need to use that.
2. Add a redirect to the default web site on every DC running IIS. This could break something else.
3. Build a new forest that doesn’t use a real-world domain name like ‘company.inside’. This is not a weekend project.


Comments are closed.