Advice Creating a Windows 2008 R2 Sub Domain

Networking/Security Forums -> Windows

Author: DamianHill PostPosted: Wed May 11, 2011 6:09 pm    Post subject: Advice Creating a Windows 2008 R2 Sub Domain

We're about to upgrade our domain Windows 2008 R2. Currently our domain is called something like MYOFFICE.MYCOMPANY.ORG, and so access to the company website which runs from our perimeter is unavailable when we type After checking our DNS etc I beleive that this is because of the sub domain MYOFFICE.

One of the suggestions to work around this issue under the upgrade is to create a domain called MYCOMPANY.ORG and then a sub domain MYOFFICE.MYCOMPANY.ORG, this would allow a DNS server within MYCOMPANY.ORG to point to the website and they can then be accessed by URL.

My questions are...
1. Is this the right way to go about this, if so is there an article available describing the process?

2. Is there an easier way of resolving this issue?

Thanks for any help!

Author: georgec PostPosted: Mon May 16, 2011 7:23 pm    Post subject:
You can create a CNAME pointing to your present server and there'so need to perform an upgrade!

Author: WeaverLocation: WI, USA PostPosted: Fri May 20, 2011 3:08 am    Post subject:

First it is important to understand the difference between a Microsoft Active Directory Domain Services (AD DS) domain, formerly called simply Active Directory domain and an Internet Domain.

AD DS domains are names that represent an instance of the proprietary Microsoft directory services paradigm. Unlike NT domains which used Windows naming services (WINS) for name resolution, AD DS domains use the domain name system (DNS) for name resolution.

It is this using of the DNS system for name resolution where the collision of the term "domain" causes confusion.

Your AD DS domain is "" The AD DS Domain Controllers (DC's) in your AD DS domain run Microsoft DNS Server. In the Microsoft DNS Server console (dnsmgmt.msc) on your DC's you will see a list of forward lookup *zones* -- that share the same name as your AD DS domain. These zones are considered Active Directory Integrated zones and not traditional Primary/Secondary DNS zones as one would see on a stand-alone DNS server not affiliated with AD DS. AD DS's tight integration with DNS is one of the great advantages of the AD DS directory service platform. Understanding DNS fundamentals is paramount to having a properly functioning AD DS environment.

--** ANSWER **--

If I understand your question correctly, you have problems resolving from within your organization?

If that is the case, and you have an AD DS domain "" with corresponding AD integrated DNS zone and you DO NOT have another zone for "" in on your DC's then there is likely an easy fix...

Create an AD integrated zone (so that it is easily replicated) called "" on your DC's and create an A record pointing to the IP of the correct webserver that is accessible. Oftentimes within an organization this IP is the private address of the webserver if the webserver lives within the organization.

It is important to create the zone as "" and not "" If you were to create the zone as "" then you would likely have to replicate more records than just the "www" record. By creating the zone as "" you avoid having replicate/override other records like "" or other equivalents.

When creating the actual A record, be sure to leave the "Name" field blank and *not* mistakenly add a "www" -- we have already addressed the "www" in the zone name itself.


Networking/Security Forums -> Windows

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group