Best Practices for Naming an Active Directory Domain

When you’re naming domains, it should be planned as carefully as you would in naming your first child – of course I’m exaggerating – but it’s worth planning carefully.  For...
Michael Buckbee
1 min read
Last updated April 20, 2023

When you’re naming domains, it should be planned as carefully as you would in naming your first child – of course I’m exaggerating – but it’s worth planning carefully.  For those of you who fail to heed this advice, we’ve written a tutorial on how to rename a domain. 🙂

Popular Domain Naming Mistakes

Before we discuss current best practices, there are a couple of popular practices that are no longer recommended.

The first is using a generic top-level domain. Generic TLDs like .local, .lan, .corp, etc, are now being sold by ICANN, so the domain you’re using internally today – company.local could potentially become another company’s property tomorrow. If you’re still not convinced, here are some more reasons why you shouldn’t use .local in your Active Directory domain name

Secondly, if you use an external public domain name like company.com, you should avoid using the same domain as your internal Active Directory name because you’ll end up with a split DNS. Split DNS is when you have two separate DNS servers managing the exact same DNS Forward Lookup Zone, increasing the administrative burden.

Get the Free PowerShell and Active Directory Essentials Video Course

Better Naming Options

For the time being, until things change, as they inevitably do, here are two domain naming options for you.

The first one is to use an inactive sub-domain of a domain that you use publicly. For instance: ad.company.com or internal.company.com. Advantages to this most-preferred approach includes:

  • Only one domain name needs to be registered – even if you later decide to make part of your internal name publicly accessible
  • Enables you to simply and separately manage internal and external domains
  • All internal domain names will be globally unique

The only microscopic drawback is that you’ll have more to type when entering FQDNs on your internal network, so make your subdomain name as short as possible!

However, if it is not feasible for you to configure your internal domain as a subdomain, you can use another domain that you own, which isn’t used elsewhere. For instance, if your public web presence is company.com, your internal domain can be named company.net, only if it’s registered and if it’s not used anywhere else. The main advantage is that you’ve secured a unique internal domain name. However, the disadvantage is that this approach requires you to manage two separate names.

And, once you’ve mulled over names, you’ll want to visit this site to ensure you don’t let a tiny colon : or tilde ~ ruin your day.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

disabling-powershell-and-other-malware-nuisances,-part-ii
Disabling PowerShell and Other Malware Nuisances, Part II
Whitelisting apps is nobody’s idea of fun. You need to start with a blank slate, and then carefully add back apps you know to be essential and non-threatening. That’s the...
siem-tools:-9-tips-for-a-successful-deployment
SIEM Tools: 9 Tips for a Successful Deployment
Security Information and Event Management (SIEM) tools are an essential part of a modern enterprise’s information security program, but careful planning and implementation are required in order to get the…
risks-of-renaming-your-domain-in-active-directory
Risks of Renaming Your Domain in Active Directory
As a sysadmin, there might be moments where you’ll find the need to change, merge, or rename your domain. Hopefully you name your domain well the first time, but there…
how-to-use-powershell-objects-and-data-piping
How to use PowerShell Objects and Data Piping
This article is a text version of a lesson from our PowerShell and Active Directory Essentials video course (use code ‘blog’ for free access). The course has proven to be...