Astnpwrs Posted February 17, 2006 Share Posted February 17, 2006 I'm running Windows 2003 and Active Directory. The domain controllers are authoritative for the domain so that any information for mycompany.com is answered by them. Now my website is hosted offsite, so that if someone types in www.mycompany.com in a web browser it will point them to the web server outside of the network without a problem. However, if they just do a mycompany.com in a web browser because the domain controller is authoritative it doesn't go to the web server it goes to the domain controller. Is there a way I can change things so that people inside my network when typing in mycompany.com into their browsers instead of www.mycompany.com will still go to www.mycompany.com and is there a write up and/or screenshots to show how it's setup?Thanks! Link to comment Share on other sites More sharing options...
Gouki Posted February 17, 2006 Share Posted February 17, 2006 (edited) DELETED! Edited February 18, 2006 by Gouki Link to comment Share on other sites More sharing options...
nmX.Memnoch Posted February 17, 2006 Share Posted February 17, 2006 (edited) The problem is with his internal network. Since the Active Directory domain name is mycompany.com, mycompany.com resolves to the domain controller(s). Internal users are being redirected to the domain controller(s) when attempting to visit http://mycompany.com/ instead of the actual website. Edited February 17, 2006 by nmX.Memnoch Link to comment Share on other sites More sharing options...
Gouki Posted February 18, 2006 Share Posted February 18, 2006 Yes. I did not thought of that. If your crazy enough, rename your domain to company.local! Hahah! PS: My first post has been deleted. Link to comment Share on other sites More sharing options...
Hamins Posted February 19, 2006 Share Posted February 19, 2006 I'm facing the exact same problem.If anyone has a solution please lemme know ASAP Link to comment Share on other sites More sharing options...
Mr Snrub Posted February 19, 2006 Share Posted February 19, 2006 This should have been taken into account when designing the AD and DNS infrastructure, unfortunately the DNS servers have to be authoritative for the domains you have defined - this appears to be an inconsistency in DNS if you check multiple DCs they report themselves as the authority, but it is meant to be like that.This is why many people recommend using corp.mycompany.com for internal (AD) use and not overlapping public DNS spaces.I guess one workaround would be to define a proxy server for your browsers which is only used for http://mycompany.com, and direct connectivity is made for other requests.If the proxy server is a member of the domain as well, then you might be able to hack a HOSTS entry for mycompany.com to point to the public IP, but this could make domain membership weird for this server - easier to not have it in the domain at all and resolve names via public DNS.But this is a hack to workaround a flaw in your AD design unfortunately. Link to comment Share on other sites More sharing options...
nmX.Memnoch Posted February 19, 2006 Share Posted February 19, 2006 Having anything redirect mycompany.com requests to anything else will break his entire domain structure. He may be able to redirect only port 80 requests using a proxy, but even that is tricky. You are correct though, it should've been taken into account during he planning phase. He has one of two options to him to make it completely correct:1. Rename the existing domain. There are tools available for this, but it's still a major undertaking. I've never attempted it myself and don't know anyone who has.2. Create a new domain, create a trust between the two, then migrate existing users/computers/Exhange settings to the new domain. A recommendation for the new domain has been made but you could use any number of things:corp.mycompany.comds.mycompany.commycompany.localmycompany.whatever_you_want (because you're not limited to actual DNS names)Personally I'd try to go with option 2 so you don't have any leftovers from a domain rename. Link to comment Share on other sites More sharing options...
Mr Snrub Posted February 19, 2006 Share Posted February 19, 2006 Having anything redirect mycompany.com requests to anything else will break his entire domain structure. He may be able to redirect only port 80 requests using a proxy, but even that is tricky.That is why I specifically stated a browser (HTTP) proxy, and only for that specific name by using a PAC or equivalent - this would not affect the domain functions of the clients, but is ultimately a hack rather than a solution. Link to comment Share on other sites More sharing options...
cluberti Posted February 20, 2006 Share Posted February 20, 2006 Mr. Snrub is correct here - the behavior is by design in an AD, and the only way around it is an http(s) proxy or autoconfig PAC or JS file in IE. Link to comment Share on other sites More sharing options...
Hamins Posted February 23, 2006 Share Posted February 23, 2006 Hi,This is more of a question than an answer ....Would a SPLIT DNS resolve this issue ? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now