Website and Active Directory domain share the same name

There's no easy solution for what you want.

You don't want to use the same domain-name internally as is already authoritative for something else on the Internet. Now you're learning why.

If it's not too late to change the AD domain name to something else I'd recommend doing so.

If not, you have two choices:

• Run a "redirect" web site on all the domain controllers (since each one answers for "domain.com") to redirect requests to another hostname (like, say, www.domain.com).

• Just tell users that "domain.com" doesn't work to get to the company web site.

If you monkey around with the A record for the AD domain name trying to "point" it an external address you will break DFS referrals for the SYSVOL, and cripple group policy on all your computers.

This is the biggest reason why I recommend that Customers use an "ad.company.com"-style second-level domain name. Unless you have very good reasons you should never create a zone on a DNS server that some other DNS server(s) on the Internet are already authoritative for, even if it's inside a private LAN. Eventually you'll want to connect your private LAN to the Internet and the conflicting names will cause you problems.

Changing the location that example.com points on DNS is obvioulsy not a good idea, as it needs to point to the domain controller. You could setup IIS on the DC with a stite for example.com that just forwards the request to www.example.com.