Internal and external domain problem

Similar Messages

• How to Setup RDS custom property when internal and external domain name space is different

  Hi All
  I am setting up RDS for customer
  My internal domain name is domain.local and my external domain is domain.com
  I came across below PowerShell cmdlets on some blogs because my internal and external name space are different
  Set-RDSessionCollectionConfiguration –CollectionName QuickSessionCollection -CustomRdpProperty “use redirection server name:i:1 `n alternate full address:s:remote.domain.com”
  In above command, remote.domain.com points to which host?
  Is it pointing to RD Session Broker
  OR
  Pointing to RD Session Host servers
  I am not sure what above command will do exactly ?
  Any help will be highly appreciated
  Thanks Best Regards Mahesh

  Hi,
  It all depends who is accessing the RDS Solution.
  If you have a large BYOD or large number of external users, it would be better to use a public certificate.
  Have a look at the following script which will simplyfy the configuration of the RDSH hosts with certificates.
  http://ryanmangansitblog.com/2014/05/20/rds-2012-rdsh-certificate-deployment-script/
  You can use a custom RDP property to hide the Session host names.
  Have a look at the following article on configuring certificates:
  http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/
  Ryan Mangan | Ryanmangansitblog.wordpress.com | Help keep the forums tidy, if this has helped please mark it as an answer

• Exchange 2013 DNS for internal and external domain

  Hi All,
  I have been assigned a task to implement Microsoft Exchange Server 2013. I need some help in setting up DNS namespaces and design a strategy to have same internal and external names. Let me share some details here.
  We have an Active Directory domain myinternaldomain.net, and we have a public domain
  mypublicdomain.com and we have setup email policy to have
  mypublicdomain.com as the SMTP domain for all the users. We have created another DNS zone in Active directory integrated DNS and created a records for
  mail.mypublicdomain.com and autodiscover.mypublicdomain.com which will point to CAS NLB IP. We have 2 CAS servers and 2 MBX servers, we have configured DAG for MBX High availability and planning to implement WNLB for CAS as
  hardware LB is out of scope due to budget constrains.
  We want to have same URLs for OWA, Autodiscover, ECP and other services from internal network as well as from public network. Users should not be bothered to remember two URLs, using one from internal and other from public networks. I also want to confirm
  that with this setup in place do i need to have myinternaldomain.net and server names in SAN certificate?
  Thanks

  Hi Sccmnb,
  You can easily achieve this using split DNS.
  Internal DNS hostname "mail.mypublicdomain.com" will be pointing to your internal CAS NLB IP and the external public DNS hostname"mail.mypublicdomain.com" will be pointing to the Network device or
  Reverse proxy server IP.
  Depending upon users access location(internal\external) the IPs would vary and they should be able to access the website with same name.
  The names that you would require on the certificate(Use EAC or powershell to raise the request) for client connectivity would be
  SN= mail.mypublicdomain.com
  SAN= autodiscover.mypublicdomain.com
  You don't need to have the active directory domain name present in the certificate.
  Additional  to this you need to update the AutodiscoverURI for all servers and OWA,ECP,Autodiscover Virtual Directories InternalURL and ExternalURL fields with appropiate public names.
  Some additional Info:
  *Internal vs. External Namespaces
  Since the release of Exchange 2007, the recommendation is to deploy a split-brain DNS infrastructure for the Internet-based client namespaces. A split-brain DNS infrastructure enables different IP addresses to be returned for a given namespace
  based on where the client resides – if the client is within the internal network, the IP address of the internal load balancer is returned; if the client is external, the IP address of the external gateway/firewall is returned.
  This approach simplifies the end-user experience – users only have to know a single namespace (e.g., mail.contoso.com) to access their data, regardless of where they are connecting. A split-brain DNS infrastructure, also simplifies the configuration of Client
  Access server virtual directories, as the InternalURL and ExternalURL values within the environment can be the same value.
  *Managing Certificates in Exchange Server 2013 (Part 2)
  *Nice step by step article
  Designing a simple namespace for Exchange 2013
  Regards,
  Satyajit
  Please“Vote As Helpful”
  if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• CRM2015 IFD Internal and External Domains

  I am trying to setup CRM2015 with IFD. My internal domain is xr.local and external domain name is somethingelse.com. When going through the directions and searching through the forums I see similar questions regarding with no real information on the possibility.
  Am I able to set this up to support 2 different domains and where might I find some guidance to do so?
  Thanks...
  GY

  Hi David,
  Yes. the above setup should "do the trick" as the servers you put with blank DNS entry should be excluded in the NRPT table.
  You can confirm this by running at the client: netsh name show polocy
  at command line and see something like:
  Settings for da.domain.com
  Certification authority                 :
  DNSSEC (Validation)                     : disabled
  DNSSEC (IPsec)                          : disabled
  DirectAccess (DNS Servers)              :
  DirectAccess (IPsec)                    : disabled
  DirectAccess (Proxy Settings)           : Use default browser settings
  Settings for .domain.com
  Certification authority                 :
  DNSSEC (Validation)                     : disabled
  DNSSEC (IPsec)                          : disabled
  DirectAccess (DNS Servers)              : 1234:1234:1234:3333::1
  DirectAccess (IPsec)                    : disabled
  DirectAccess (Proxy Settings)           : Bypass proxy
  So in this scenario the .domain.com is using the DA while the specific entry (da.domain.com) is set as exclude and have emptry DNS ...
  Hope this helps,
  Ophir.

• Same internal and external domain names - AGAIN!

  Hi all-
  Like many of you, I am confronting the problem of having the same FQDN for both my Active Directory domain and Internet domain.  For the sake of discussion, let's call the domain rlh.com.
  I need to access an externally-hosted website on the rlh.com domain.  The site is coded exclusively to use rlh.com and NOT
  www.rlh.com.  Therefore, the old trick of adding a static www A record on my internal DNS server will not work.
  It looks like another option is to install IIS on my DC and then configure some type of forwarding to the external site.  While this might work, frankly, I don't want IIS on my DC.  It's a DC, not a web server.
  Yet a third option, correct me if I'm wrong, looks to be using some type of "split DNS."  Though I have not read the particulars (yet) of this solution, I am suspicious of it causing DNS inefficiencies.
  All of these solutions look to me to be workarounds.  I am preparing to install a new DC (upgrading from 2003 to 2008 R2) and want to FIX the problem, not work around it.  That said, it looks like I have two options:
  1.  Rename my existing 2003 AD domain using rendom
  2.  Install the new 2008 R2 DC with the new domain name, setup domain trust between the old and new domains, and then use ADMT.
  Can someone please comment on my logic here?  Does anyone have experience with both of the two options?  Is one less painful than the other?
  As I preparatory step, I have migrated from my onsite Exchange 2003 server to Office 365.  Exchange is no longer present in my organization, though some slight "remnants" may remain in Active Directory.  Other than Exchange, I have a
  Hyper-V host, 2 SQL Servers, and 3 RDS servers present in my environment.
  Thanks.

  I realized this was answered, but I would like to add the following comprehensive blog on this subject.
  Can't Access Website with Same Name (Split Zone or no Split Brain)
  Published by Ace Fekay, MCT, MVP DS on Sep 4, 2009 at 12:11 AM  1278  0
  Note - In an AD same name as the external name (split zone) scenario, if you don't want to use WWW in front of URL, such as to access it by
  http://domain.com, then scroll down to "So you don't want to use WWW in front of the domain name"
  http://blogs.msmvps.com/acefekay/2009/09/03/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-name/
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• Lync Implementation with different internal and external domain sync

  Hello Experts,
  Having Windows 2012r2 with Lync 2013 frontend and Edge 2012 server on Win2012. Internal domain name is test.local and Internet domain name is : tgroup.com. Internally all the clients are able to sync with frontend
  server using [email protected] or [email protected] Internal CA and External Digicert works fine. But only problem is with external clients who want to communicate through edge server. 
  Edge server has 3 LAN ip address (nat with public IP), 10.10.10.2, 10.10.10.3, 10.10.10.4 and another Internal network interface which has ip 10.10.20.3
  which uses that to communicate with front-end. 
  How to achieve this ?  We dont have reverse proxy configured and we have only two servers. 
  Regards, Ganesh, MCTS, MCP, ITILV2 This posting is provided with no warranties and confers no rights. Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.

  The reverse proxy is used to publish URL's like the meet and dialin url, the address book url and the lync mobile client (smart phones and tablets) urls. This doesn't impact the external desktop user access as thats via the edge server. There is more to
  it than that but for the sake of keeping this simple lets stick to that for now.
  As far as SIP domains go. Think of your Lync users as having a SIP address similar to email addresses. You wouldn't have a user with an internal email address but with a different external email address. In fact best practice is to have the Lync SIP address
  match the email address.
  My reccomendation is to use the ttgoup.com as a sip domain and not the test.local
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Lync Sorted blog

• Same usernames, internal vs. external domains, conflict when usingWebAccess

  Currently running GW 8.0.2hp2 on NetWare 6.5sp8.
  We have a single domain and single post office, and a single WebAccess
  and single GWIA gateway. We about 25 external domains setup to allow
  using external users' e-mail addresses our in internal corporate address
  books and distribution lists following the procedure outlined here:
  http://www.novell.com/documentation/...a/a2zvyc4.html
  The problem is that one of my internal users in our corporate domain/PO
  has the same userid as a user in one of the external domain/PO's. So,
  for example, their e-mail addresses are:
  [email protected]
  [email protected]
  Everything works except that my internal user cannot use GW WebAccess.
  Trying to login to WebAccess results in the following error:
  "Please login again. You may have typed your name or password
  incorrectly. Remember that your user name must be unique."
  If I either change my internal user's GroupWise userid, or if I delete
  or rename the external user's userid, then my internal user can login
  into WebAccess without a problem. So this does appear to be due to
  non-unique username's. The WebAccess is seeing the internal and
  external user names, and not allowing my internal user to login.
  Is there a work around for this since the users are in separate domains
  and PO's, or do I need to just rename my internal user's account? I
  have no control over the external user's e-mail address, so I can't
  rename their userid.
  Is there a way to keep the "default WebAcess" gateway from looking at
  external domain's for user account authentication? I have tried setting
  up a class of service in the WebAccess gateway to deny access to the
  external domain, and that hasn't worked either.
  Thanks,
  -Greg
  former e-mail for posting:
  [email protected]

  I knew I should have looked a little longer.
  http://www.novell.com/support/kb/doc.php?id=7006447
  Thanks,
  -Greg
  On 1/7/2013 12:38 PM, Greg N. wrote:
  > Currently running GW 8.0.2hp2 on NetWare 6.5sp8.
  >
  > We have a single domain and single post office, and a single WebAccess
  > and single GWIA gateway. We about 25 external domains setup to allow
  > using external users' e-mail addresses our in internal corporate address
  > books and distribution lists following the procedure outlined here:
  >
  > http://www.novell.com/documentation/...a/a2zvyc4.html
  >
  >
  > The problem is that one of my internal users in our corporate domain/PO
  > has the same userid as a user in one of the external domain/PO's. So,
  > for example, their e-mail addresses are:
  >
  > [email protected]
  > [email protected]
  >
  > Everything works except that my internal user cannot use GW WebAccess.
  > Trying to login to WebAccess results in the following error:
  >
  > "Please login again. You may have typed your name or password
  > incorrectly. Remember that your user name must be unique."
  >
  > If I either change my internal user's GroupWise userid, or if I delete
  > or rename the external user's userid, then my internal user can login
  > into WebAccess without a problem. So this does appear to be due to
  > non-unique username's. The WebAccess is seeing the internal and
  > external user names, and not allowing my internal user to login.
  >
  > Is there a work around for this since the users are in separate domains
  > and PO's, or do I need to just rename my internal user's account? I
  > have no control over the external user's e-mail address, so I can't
  > rename their userid.
  >
  > Is there a way to keep the "default WebAcess" gateway from looking at
  > external domain's for user account authentication? I have tried setting
  > up a class of service in the WebAccess gateway to deny access to the
  > external domain, and that hasn't worked either.
  >
  > Thanks,
  > -Greg
  >
  former e-mail for posting:
  [email protected]

• Non-Web Server Publishing Rule for Internal and External

  Hi there,
  I have a problem with my TMG and publishing SSH for Internal and External users to an internal Server.
  Network:
  Internal Network
  SSH Server, 10.10.10.25
  Internal DNS record "ssh.domain.com" pointing to 10.10.10.254
  TMG Server, 10.10.10.254/192.168.0.254
  External Network
  External DNS record "ssh.domain.com pointing to 192.168.0.254
  I want my users (internal AND external) using their SSH client to connect to ssh.domain.com and TMG to forward the request to the SSH server. Note that internal clients and the SSH server are in the same network.
  I have created a custom "SSH Server" protocol with inbound TCP for port 22 and created a Non-Web Server publishing rule.
  Traffic Tab: SSH Server Protocol
  From Tab: Internal, External
  To Tab: 10.10.10.25, original client
  Networks Tabs: Internal, External
  External users cann connect without a problem, all fine here. Internal users get a timout. The TMG Log says: Denied Connection (Default Rule,
  The policy rules do not allow the user request) and doesn´t recognize this is an inbound request. The log gives me dest IP 10.10.10.254 and protocol SSH and not 10.10.10.25 and SSH Server.
  I read a lot of networking rules and NAT/Routing, tried a bit but never got a success.
  Can you help me fix or working around this and tell me whats going on there and if there a limitations in TMG I don´t know yet?
  Regards,
  Sascha

  Hi,
  According to your description, it seems that request was denied by the TMG rules so the request from the internal users
  could not be forwarded to the SSH server. I would appreciate it if you can post the logs to us and the results of running ipconfig/all on the TMG server.
  In addition, maybe you can change the firewall policy only from
  External and add another firewall policy for the internal user to see if the issue persists.
  More information:
  Creating and using a server protocol
  TMG
  Back to Basics - Part 1: Server Publishing Rules
  Best regards,
  Susie

• DNS Forwarding Same Internal and External Zone

  Hi,<o:p></o:p>
  So we have decided that we want our internal domain to be the same as our external domain e.g. domain.uk. I understand that split DNS can be used
  to fulfil this requirement but is it possible to set up a forward so if the DNS entry is not available in the internal zone it will forward onto one of our external name servers where it can resolve?<o:p></o:p>
  We are basically trying to avoid having to add the entry on both external and internal DNS servers for it to resolve. So far I have added the external name servers to
  the forwarders and disabled root hints which didn’t work. I’ve tried to add a conditional forwarder but it says the zone already exists. It seems the only to achieve the internal resolution is by creating the DNS entry both internally and externally.<o:p></o:p>
  Does anyone know if this is the case? It seems strange that you couldn’t point the DNS to another external name server for resolution? <o:p></o:p>
  Any help would be appreciated.<o:p></o:p>

  You must ask in networking forum
  https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverNIS&filter=alltypes&sort=lastpostdesc

• Delivery report shows status of Pending for external address. Email sent to both internal and external addresses.

  We have an Exchange 2013 on-premise server and seem to have an issue with emails sent to internal and external users at the same time.
  The issue came to light because someone sent an email to 44 recipients, of which one was internal. None of the external recipients received the email. I checked the delivery report in the EAC and found the internal email marked as 'Delivered' and all of
  the external ones marked as 'Pending'. I checked the queues and there were none. I did some testing and sent an email to just one of the external addresses on the list, it arrived. I tried sending the email again to all of the recipients, the external ones
  all showed 'Pending'. I tried it again, but this time excluded the internal email address and all of the 43 external emails were immediately delivered.
  So it seems that the issue only arises when we are sending to both internal and external addresses.
  I then tried a test email to one internal address and one external address. The Delivery report says that the internal address was delivered immediately, while the external address is 'Pending' and gives more information saying: 'Message delivery is taking
  longer than expected. There may be system delays. For more information, contact your helpdesk.'. To add further mystery to this, the email was actually delivered.
  So, I have two concerns:
  First is seems that some emails sent both internally and externally are only arriving internally. This is a huge problem because I don't know how many have been affected. There may be many lost emails we don't know about.
  Second, it looks like I can't trust the delivery report. It says pending for some emails which didn't arrive, but it also says pending for some which did arrive. That is no good at all.
  For info the server is running Windows Server 2012. I have run a Microsoft Update to check if there are any to apply and the only Exchange one is a spam filter update, which I doubt has any bearing but I will apply when I get chance.

  Hi Neil,
  According to the description, I find a related KB on Exchange 2010:
  https://support.microsoft.com/kb/2694474?wa=wsignin1.0
  It has the similar situation as yours.
  This issue occurs because a function in a message tracking component tries to obtain the information for the recipient instead of the external recipient.
  Please try to upgrade to the latest Exchange update to check whether this issue can be solved.
  Also please check whether Throttling has been set.
  Please run "Get-TransportService | fl" to check the MaxOutboundConnections parameter value.
  More details to see:
  Message throttling 
  http://technet.microsoft.com/en-us/library/bb232205(v=exchg.150).aspx
  Thanks
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support

• SharePoint 2013 - Office Web Apps - Internal and External Use

  I have successfully installed SharePoint 2013 and Office Web Apps on Azure VMs inside an Azure Virtual Network (IaaS model). Everyting is working well. However, my testing has shown that external users and internal users can't use Office Web Apps at the
  same time.
  Office Web Apps, installed on its own vm, accomodates an external and internal URL quite well. However, SharePoint 2013 appears to only allow one setting for WOPI Zone, either internal or external but not both. I've set the WOPI zone to Internal-HTTPS (Set-SPWOPIZone
  –Zone “internal-https”). OWA works just fine if accessed from inside the Azure Virtual Network. However, if I try to access from outside the Virtual Network, from the Internet, Office Web Apps fails. The exact oppisite is also true. I can set WOPI Zone to
  External-HTTPS and accessing from the Internet works fine, but accessing inside the Virtual Network fails.
  Am I missing something? I, obviously, want Office Webs Apps to function properly for both internal and external users simultaneously.
  I appreciate any help anyone can provide here.
  Glenn

  Hi Glenn,
  To have both the use of Internet and Internal available to your end-users, you first need to configure AAM setting. Open Central Administration > Application Management > Configure alternate access mappings. Let's say there is an existing web application
  named http://sharepoint and my end-users from local network are able to access it using the URL http://sharepoint (root site collection). Here you need to add the Internet URL by select the web application and click Edit Public URLs. Add the Internet domain
  to the web application, e.g http://sharepoint.abc.com. You don't necessarily have to edit binding setting in IIS. Before continuing next steps, make sure you are able to access http://sharepoint.abc.com from the Internet while being able to access http://sharepoint
  from local network (aka Internal).
  On the machine where Office Web App (OWA) Server 2013 is installed, open PowerShell to add OWA module and use the following command to re-create a new OWA server farm if you've completed configuring it previously.
  New-OfficeWebAppsFarm -InternalUrl "http://owa" -ExternalUrl "http://owa.abc.com" -EditingEnabled.
  In this case, I'm not using SSL certificate to encrypt data over the Internet. You can use Internet-public IP of the OWA server like -ExternalUrl "http://198.xxx.xxx.xx". Add CertifcateName parameter if you want to use whether CA-issued certificate
  or self-signed certificate.
  On your SharePoint machine, you need to re-bind all WFE machines to WAC farm using the cmdlet New-SPWOPIBinding. Next, you need to set the WOPI zone for both internal and external.
  Set-SPWOPIZone -zone "external-http"
  Note: I'm not all using certificate in my guidance. But the steps to have it configured is just to add more parameter. 
  I've recently successfully deployed OWA multi-server farm for both internal and internet uses for two big clients. In real-world scenario, ideally OWA should be published through firewall (Forefront UAG, TMG, F5...etc). Please let me know if you still have
  issues after following my steps. My email: [email protected]
  Regards,
  -T.s
  Thuan Soldier
  A 23-year-old man loving Microsoft technologies and making crazy ideas on business journey.
  SharePoint Vietnam |
  Blog | Twitter

• How to configure AD on windows 2012 server for Exchange 2013 internal and external email flow

  Dear Experts,
  I have to configure exchange 2013 on Windows server 2012 STD. Company has registered Static IP addresses and can get the MX record pointing to any of this Static IP.  
  The registered domain name is e.g.  contoso.com. 
  a. What should I use as domain name on AD? contoso.com or contoso.local
  b. Is it recommended to have two different servers  for AD and Exchange?
  c. What should be my connector settings for mail flow?
  d. how can I set 2 email servers in company for load balancing?

  Hi,
  a, I suggest use contoso.com as domain name. It is convenient to add urls into our certificate for internal and external mail flow.
  b, Recommended that installing AD
  and Exchange Server on two separate
  Servers. If Exchange Server downed unfortunately, it can prevent AD server from crushing at the same time.
  c, Found some articles for your reference:
  Configure Mail Flow and Client Access
  http://technet.microsoft.com/en-us/library/jj218640(v=exchg.150).aspx
  Configuring Outbound Mail Flow in Exchange Server 2013
  http://exchangeserverpro.com/configuring-outbound-mail-flow-in-exchange-server-2013/
  d, Load Balancing
  http://technet.microsoft.com/en-us/library/jj898588(v=exchg.150).aspx
  Hope it is helpful
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Cisco ISE with both internal and External RADIUS Server

  Hi
  I have ISE 1.2 , I configured it as management monitor and PSN and it work fine
  I would like to know if I can integrate an external radius server and work with both internal and External RADIUS Server simultanously
  So some computer (groupe_A in active directory ) will continu to made radius authentication on the ISE internal radius and other computer (groupe_B in active directory) will made radius authentication on an external radius server
  I will like to know if it is possible to configure it and how I can do it ?
  Thanks in advance for your help
  Regards
  Blaise

  Cisco ISE can function both as a RADIUS server and as a RADIUS proxy server. When it acts as a proxy server, Cisco ISE receives authentication and accounting requests from the network access server (NAS) and forwards them to the external RADIUS server. Cisco ISE accepts the results of the requests and returns them to the NAS.
  Cisco ISE can simultaneously act as a proxy server to multiple external RADIUS servers. You can use the external RADIUS servers that you configure here in RADIUS server sequences. The External RADIUS Server page lists all the external RADIUS servers that you have defined in Cisco ISE. You can use the filter option to search for specific RADIUS servers based on the name or description, or both. In both simple and rule-based authentication policies, you can use the RADIUS server sequences to proxy the requests to a RADIUS server.
  The RADIUS server sequence strips the domain name from the RADIUS-Username attribute for RADIUS authentications. This domain stripping is not applicable for EAP authentications, which use the EAP-Identity attribute. The RADIUS proxy server obtains the username from the RADIUS-Username attribute and strips it from the character that you specify when you configure the RADIUS server sequence. For EAP authentications, the RADIUS proxy server obtains the username from the EAP-Identity attribute. EAP authentications that use the RADIUS server sequence will succeed only if the EAP-Identity and RADIUS-Username values are the same.

• Setup internal and external DNS namespaces best practice

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local) able to run on the same DNS server (using Microsoft Windows DNS servers)?
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly
  or companydomain.com then create a subdomain corp?
  Thanks in advanced.
  William Lee
  Honf Kong

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local)
  able to run on the same DNS server (using Microsoft Windows DNS servers)?
  Yes, it is technically feasible. You can have both of them running on the same DNS server(s). Just only your public DNS zone can be published for external resolution.
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com
  if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly or companydomain.com then create a subdomain corp?
  What is recommended is to avoid having a split-DNS setup (You internal and external DNS names are the same). This is because it introduces extra complexity and confusion when managing it.
  My own recommendation is to use .local for internal zone and .com for external one.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• All my hard drives (internal and external) have a small lock in the lower left corner of the icon and I don't have permissions to access. Permissions are set to 'Custom' in the get info window and I can't change them.

  All my hard drives (internal and external) have a small lock in the lower left corner of the icon and I don't have permissions to access. I have 3 user accounts set up and I cannot access any of them.   Permissions are set to 'Custom' in the get info window and I can't change them. Originally I had Snow Leopard installed on one hard drive and 10.5.8 installed on another.   I started to have some problems accessing data between them and so I tried changing the permissions on ONE hard drive partition.   The next thing I know, all my drives are locked (except the ones with the systems on them), the small lock appeared in the lower left corner of the drive icons and I don't have permissions to access any of them.   In the get info window, permissions are set to 'Custom' and I can't change them.

  There is suddenly a lock icon on my external backup drive!
  Custom Permissions