Active Directory: .local domain design and Office 365.
Microsoft since the release of Windows 2000 Server have recommended that any Windows Server environment promoted to host an Active Directory forest/domain should be configured with a registered Top Level Domain (TLD), such as .com, .net, .org etc.
Many companies have ignored this advice and taken the approach of, my internet presence is for example markparris.net so I will therefore call my Active Directory forest markparris.local.
This approach to the .local namespace in Active Directory has caused no real issue, with exception of Apple Mac Integration into the environment (see below).
With the onset of the cloud, premises and off premises computing the .localnamespace now causes a potential issue. The .local namespace issue may be resolved with a simple fix or it could involve a fair amount of remediation work.
In order to use Microsoft Office 365 Cloud Services with an on premise Active Directory synchronised via DirSync to the “Microsoft Cloud” the forests namespace or to be more precise the users UPN (User Principal Name) must be an internet registered TLD. In most companies this can be easily achieved by setting all cloud users UPN’s to their email address (or another registered namespace) and then this is what the user presents to Microsoft, to be authenticated/validated.
In some companies, the .local UPN namespace may already be in use for something else and a UPN remediation project may need to be completed prior to any Microsoft cloud integration. This could again be a simple resolution or a huge global project.
So to summarise, the recommendation is still not to use the .local namespace in any new Active Directory implementation, if you have utilised the .localnamespace and you have a requirement to implement Office 365, then identify and configure a registered UPN for the affected accounts.
To be fair to Microsoft, they did tell you.
DNS name registration with an Internet registrar
We recommend that you register DNS names for the top-most internal and external DNS namespaces with an Internet registrar. This includes the forest root domain of any Active Directory forests unless such names are sub-domains of DNS names that are registered by your organization name (For example, the forest root domain “corp.example.com” is a sub-domain of an internal “example.com.” namespace.) Article ID: 300684 – Last Review: February 16, 2011 – Revision: 25.1. http://support.microsoft.com/kb/300684
As I put my thoughts down, it has also become apparent to me that anyone with an Active Directory namespace that uses a TLD namespace that is not registered to them will also have this same issue and will also need to configure new UPN’s.
Apple Issues
Mac OS X: About Multicast DNS
http://support.apple.com/kb/TA20999?viewlocale=en_US
You receive an “unexpected error occurred” error message when you try to access resources on a Windows-based network from your Macintosh computer
http://support.microsoft.com/kb/836413
