How do you connect to a local domain (i.e. mydomain.local) when you are outside of the network?
It's for this reason that best-practices recommend basing your AD domain in a DNS domain you actually officially control. Instead of something.local, use adroot.example.com. This way you'll have reliable DNS resolution wherever you are.
Now, being able to access AD services across the Internet is something else entirely and it is a not wise thing to expose those ports to anyone and everyone. This is why most organizations use some kind of VPN to allow access to internal AD resources.
This can be an issue for mobile assets that roam about, such as the laptop the Sales people carry with them as they fly across a nation. Happily, Windows will cache credentials for a certain period, and getting the laptops talking to the domain controllers once in a while (that VPN connection again) will keep them refreshed with policy and creds.
Related videos on Youtube
07 : 19
05 : 09
06 : 11
13 : 52
01 : 42
myermian
Updated on September 18, 2022Comments
-
myermian over 1 year
I'm in the process of learning Windows Server 2012, so I just did a fresh reinstall of it. Before I actually setup a local domain, I'm wondering how to access this from outside of my network. My setup is as follows:
- Windows Server 2012 Computer, IP 192.168.0.2, Primary DNS 192.168.0.2
- Laptop, IP 192.168.0.100, Primary DNS 192.168.0.2, Secondary DNS 8.8.8.8 (Google)
I read an article stating that for internal networks you should setup your domain as
mydomain.localinstead of something that might not resolve properly (i.e. domain.com). But, if I use the local version, when I take my laptop outside of the network, how can I get access back into my network for file shares and user profiles and etc?
Please go easy on me as I am still learning. :)
-
MDMarra over 11 yearsDon't use .local. Ever. mdmarra.com/2012/11/why-you-shouldnt-use-local-in-your.html -
myermian over 11 years@MDMarra: Good to know for someone that is just starting out. That's why I always prefer stack sites for knowledge versus any other website out there.
-
myermian over 11 yearsWhat's so wrong with the question that it deserves a downvote?
-
John Gardeniers over 11 yearsWho is this "best-practices" person who made that recommendation?
-
Blue Warrior NFB over 11 years@JohnGardeniers The Great Microsoft itself: technet.microsoft.com/en-us/library/cc759036%28v=WS.10%29.aspx
-
MDMarra over 11 years@john take a look at the link I posted on the question itself. There are a lot of reasons to avoid
.localif "because it violates the RFCs" isn't enough. -
John Gardeniers over 11 years@MDMarra, I'm not advocating the use of .local but I also don't advocate using a public domain internally. In most cases it causes far more problems than it solves.
-
MDMarra over 11 yearsHow? Using split horizon is definitely bad, but there are really no issues at all using a non-public subdomain of a namespace that you use publicly. Assuming you use a DNS delegation and have sane firewall rules, what problems could this possibly cause?
