My public website name and AD domain name are the same. How can I get to my external website from inside my network?
Solution 1:
If you've named your Active Directory example.org
then you cannot prevent this. You've gone against Microsft's best practices for naming an AD and you're seeing one of the symptoms.
You have a few choices:
-
Migrate to a properly named AD. Something like
corp.example.org
. -
Install a web server on each DC and configure it to forward web requests for
example.org
towww.example.org
. This is dirty and shouldn't be done, but it's an option nonetheless. -
Train your users to go to
www.example.org
internally.
I've blogged about AD naming best practices multiple times and link to official Microsoft sources. You should read them:
- http://web.archive.org/web/20200214122247/http://www.mdmarra.com/2013/04/best-practices-for-configuring-new.html
- http://web.archive.org/web/20191201074255/www.mdmarra.com/2012/11/why-you-shouldnt-use-local-in-your.html
- http://web.archive.org/web/20200122002118/www.mdmarra.com/2013/07/more-documentation-from-microsoft-about.html
If you want the short version:
Do not create new Active Directory forests with the same name as an external DNS name. For example, if your Internet DNS URL is http://contoso.com, you must choose a different name for your internal forest to avoid future compatibility issues. That name should be unique and unlikely for web traffic. For example: corp.contoso.com.
-http://technet.microsoft.com/en-us/library/jj574166.aspx
Solution 2:
If you are running Exchange on the DC, do not set up a PortProxy - it may go without saying but it will break Exchange services hosted on port 80.
I realize this post is quite old, but you can still do this without installing IIS on the DC's. On every DC, run the following command to portproxy port 80 to the external web server.
netsh interface portproxy add v4tov4 listenport=80 listenaddress={Static IP v4 address of DC) connectport=80 connectaddress={IP Address of public Web Server}