Windows 2003 & Active Directory

[Astnpwrs]

I'm running Windows 2003 and Active Directory. The domain controllers are authoritative for the domain so that any information for mycompany.com is answered by them. Now my website is hosted offsite, so that if someone types in www.mycompany.com in a web browser it will point them to the web server outside of the network without a problem. However, if they just do a mycompany.com in a web browser because the domain controller is authoritative it doesn't go to the web server it goes to the domain controller. Is there a way I can change things so that people inside my network when typing in mycompany.com into their browsers instead of www.mycompany.com will still go to www.mycompany.com and is there a write up and/or screenshots to show how it's setup?

Thanks!

[Gouki]

DELETED!

Edited February 18, 2006 by Gouki

[nmX.Memnoch]

The problem is with his internal network. Since the Active Directory domain name is mycompany.com, mycompany.com resolves to the domain controller(s). Internal users are being redirected to the domain controller(s) when attempting to visit http://mycompany.com/ instead of the actual website.

Edited February 17, 2006 by nmX.Memnoch

[Gouki]

Yes. I did not thought of that.

If your crazy enough, rename your domain to company.local!

Hahah!

PS: My first post has been deleted.

[Hamins]

I'm facing the exact same problem.

If anyone has a solution please lemme know ASAP

[Mr Snrub]

This should have been taken into account when designing the AD and DNS infrastructure, unfortunately the DNS servers have to be authoritative for the domains you have defined - this appears to be an inconsistency in DNS if you check multiple DCs they report themselves as the authority, but it is meant to be like that.

This is why many people recommend using corp.mycompany.com for internal (AD) use and not overlapping public DNS spaces.

I guess one workaround would be to define a proxy server for your browsers which is only used for http://mycompany.com, and direct connectivity is made for other requests.

If the proxy server is a member of the domain as well, then you might be able to hack a HOSTS entry for mycompany.com to point to the public IP, but this could make domain membership weird for this server - easier to not have it in the domain at all and resolve names via public DNS.

But this is a hack to workaround a flaw in your AD design unfortunately.

[nmX.Memnoch]

Having anything redirect mycompany.com requests to anything else will break his entire domain structure. He may be able to redirect only port 80 requests using a proxy, but even that is tricky. You are correct though, it should've been taken into account during he planning phase. He has one of two options to him to make it completely correct:

1. Rename the existing domain. There are tools available for this, but it's still a major undertaking. I've never attempted it myself and don't know anyone who has.

2. Create a new domain, create a trust between the two, then migrate existing users/computers/Exhange settings to the new domain. A recommendation for the new domain has been made but you could use any number of things:

corp.mycompany.com

ds.mycompany.com

mycompany.local

mycompany.whatever_you_want (because you're not limited to actual DNS names)

Personally I'd try to go with option 2 so you don't have any leftovers from a domain rename.

[Mr Snrub]

Having anything redirect mycompany.com requests to anything else will break his entire domain structure. He may be able to redirect only port 80 requests using a proxy, but even that is tricky.

That is why I specifically stated a browser (HTTP) proxy, and only for that specific name by using a PAC or equivalent - this would not affect the domain functions of the clients, but is ultimately a hack rather than a solution.

[cluberti]

Mr. Snrub is correct here - the behavior is by design in an AD, and the only way around it is an http(s) proxy or autoconfig PAC or JS file in IE.

[Hamins]

Hi,

This is more of a question than an answer ....

Would a SPLIT DNS resolve this issue ?