Assigning the Forest Root Domain Name

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The forest root domain name is also the name of the forest. The forest root name is a DNS name that consists of a prefix and a suffix in the form of prefix.suffix. For example, an organization might have the forest root name corp.contoso.com. In this example, corp is the prefix and contoso.com is the suffix.

Select the suffix from a list of existing names on your network. For the prefix, select a new name that has not been used on your network previously. By attaching a new prefix to an existing suffix, you create a unique namespace. Creating a new namespace for Active Directory ensures that any existing DNS infrastructure does not need to be modified to accommodate Active Directory.

Selecting a Suffix

To select a suffix for the forest root domain:

  1. Contact the DNS owner for the organization for a list of registered DNS suffixes that are in use on the network that will host Active Directory. Note that the suffixes used on the internal network might be different than the suffixes used externally. For example, an organization might use contosopharma.com on the Internet and contoso.com on the internal corporate network.

  2. Consult the DNS owner to select a suffix for use with Active Directory. If no suitable suffixes exist, register a new name with an Internet naming authority.

It is best to use DNS names that are registered with an Internet authority in the Active Directory namespace. Only registered names are guaranteed to be globally unique. If another organization later registers the same DNS domain name, or if your organization merges with, acquires, or is acquired by other company that uses the same DNS names, then the two infrastructures cannot interact with one another.

Note

  • Using single label names or unregistered suffixes, such as .local, is not recommended.

Selecting a Prefix

If you chose a registered suffix that is already in use on the network, select a prefix for the forest root domain name by using the prefix rules in Table 2.8. Add a prefix that is not currently in use to create a new subordinate name. For example, if your DNS root name is contoso.com, then you can create the Active Directory forest root domain name concorp.contoso.com, if the namespace concorp.contoso.com is not already in use on the network. This new branch of the namespace will be dedicated to Active Directory and can be integrated easily with the existing DNS implementation. When selecting a prefix, consider the following:

  • If you are performing an in-place upgrade of a Windows NT 4.0 MUD to create the forest root domain, then you might be able to use the NetBIOS name of the domain as the prefix. Determine whether the NetBIOS name is an appropriate name for a root domain and meets the prefix rules listed in Table 2.8.

  • If you selected a regional domain to function as a forest root domain, you might need to select a new prefix for the domain. Because the forest root domain name affects all of the other domain names in the forest, a regionally-based name might not be appropriate. For example, if Contoso Corporation decided to use their North American domain, called noam.contoso.com, as their forest root, then the European domain name would be europe.noam.contoso.com. In this case, a better choice would be to select a new prefix, such as corp, for the forest root; in this way, the name of the European domain would be europe.corp.contoso.com.

If you are using a new suffix that is not currently in use on the network, you can use it as the forest root domain name without choosing an additional prefix.

Table 2.8 lists the rules for selecting a prefix for a registered DNS name.

Table 2.8   Rules for Selecting a Prefix for a Registered DNS Name

Rule Explanation

Select a prefix that is not likely to become outdated.

Avoid names such as a business line or operating system that might change in the future. Generic names such as corp or ds are recommended.

Select a prefix that includes Internet standard characters only.

A-Z, a-z, 0-9, and (-), but not entirely numeric.

Include 15 characters or less in the prefix.

If you choose a prefix length of 15 characters or less, then the NetBIOS name is the same as the prefix.

It is important for the Active Directory DNS owner to work with the DNS owner for the organization to obtain ownership of the name that will be used for the Active Directory namespace. For more information about designing a DNS infrastructure to support Active Directory, see "Designing a DNS Infrastructure to Support Active Directory" later in this chapter.