Microsoft KB Archive/285983

From BetaArchive Wiki
Knowledge Base


Considerations for designing namespaces in a Windows 2000-based domain

Article ID: 285983

Article Last Modified on 3/2/2007


APPLIES TO

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server


This article was previously published under Q285983

SUMMARY

You must carefully consider how to design namespaces for internal and external networks in a Microsoft Windows 2000-based domain. This article provides some suggestions about implementing namespaces.

MORE INFORMATION

The preferred method of creating a namespace is to create an internal namespace that is different from the external namespace. This creates a barrier between your internal resources and the Internet. For example:

Internal domain: IDEALLAB.INTERNAL
External domain: IDEALLAB.COM

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

300684 Information about configuring Windows for domains with single-label DNS names


It is important to understand the distinction between Domain Name System (DNS) namespaces and Active Directory (Lightweight Directory Access Protocol, or LDAP) namespaces. Your internal DNS namespace should be identical to your Active Directory namespace. If you name your internal DNS namespace "Ideallab", your Active Directory name should also be "Ideallab". If you use an internal name of "Corp.ideallab.com", this name is a DNS name but is completely disassociated from the Internet. The "Ideallab" DNS name places you at the .com, .org, .edu, .gov level of the DNS hierarchy.

Some advantages and disadvantages of separating your internal and external namespaces are:

Advantages:

The internal namespace is not registered with Internic. Internal resources are not exposed.

Proxy clients need to exclude only the external namespace, which allows any external DNS queries to the Internet to proceed through the Proxy Server.

Disadvantages:

Logon and e-mail names are different. Each must be mapped to the appropriate namespace.

The user logon name will use the internal LDAP namespace as a suffix, such as user@ideallab. This can be mapped to the external namespace user@ideallab.com by using an alternate Universal Principal Name (UPN) suffix.

For more information, refer to the following article in the Microsoft Knowledge Base:

243280 Users can log on using user name or user principal name



In this example, e-mail names coming from the Internet would use a suffix of user@ideallab.com. This can be mapped to a number of different namespaces, including LDAP and Simple Mail Transfer Protocol (SMTP). Your DNS server will need an Mail Exchange (MX) record to (mailserver.ideallab.com) and a corresponding Host (A) record.

Keywords: kbinfo KB285983



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/285983&oldid=156337
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki