active directory domain vs dns domain - are they the same? [duplicate]

I am new to windows environment and am trying to set up an AD and Domain controller

Are an Active Directory domain and a DNS domain technically referring to the same thing? Must they be the same at all? e.g. if my DNS domain is "company.com", must my AD domain be "company.com" too?

Reason for asking this question is because of the following observation

• I have seen workstations join Domains that I am quite sure are not actually valid domain names (e.g. xxx.local)

• I have seen 2 different domain controllers in 2 different network with different server hostname/domainname (FQDN) e.g.

dc1.brancha.com,
dc1.branchb.com

allowing workstations in their own network to login to the same active directory domain (xxx.local) which is totally not related to the server DNS domain name.

Am I missing something ?

Solution 1:

Active Directory is based on the DNS system, and the Active Directory Domain Controllers are the authoritative DNS servers for the Active Directory domain. One of the best practice is to choose a dedicated domain name for the Active Directory (so "company.com" is not the best as I think you are using for your web public presence). A 3rd level domain name would be OK (for example "ad.company.com").

Some link for you:

• https://technet.microsoft.com/en-us/library/cc738121(WS.10).aspx
• Windows Active Directory naming best practices?
• http://blog.varonis.com/active-directory-domain-naming-best-practices/
• https://support.microsoft.com/en-us/kb/909264