http://blogs.technet.com/canitpro/archive/2006/03/05/421256.aspx

Between the arguments over "IT", and the religious wars over .local and DNS routing..... here we go again...why do certain setups just seemingly bring out a near religion effect?  Even me.. look how I'm reacting to this post.

Let's see how many of these are an issue with me and my firm in the real world:

  • Spam scores... let's see if you go to your ISP and point the MX records to your box and your Exchange server says "domain.com" exactly how do we have this issue?  Publish those Sender IDs while you are out there will ya?  It only when we do pop connector that we might have that issue and then we bounce stuff through SmartHost.
  • Identity on the web going forward.... you can always edit up the A records... but right now my web site is over "there" not in here and I don't want it inside the network.  Remember that I look interally for DNS and then rely on DNS forwarding or root hints.  Get someone that it easy to do DNS changes like zoneedit, but remember we don't expose our DNS for external resolution when we're this sized anyway.
  • Self signed certs - even on Mobile 5, as long as you can get the certs "on" the device, there isn't an issue.  I use self signed (as do many) and as long as you can get the cert on the device, we have no issues.  You know how EASY it is to use a self signed cert than to try to get an external cert and the hassle of that?  During the CEICW wizard I name that self signed wizard whatever I want to be... it's not tied at all to .local or .lan or .whatever.  I name it whatever I want.  And when I'm running that wizard, I'm making it match what that MX record is ...and it's certainly not called .local.
  • Macs after OSX don't hate it but you can always use .lan and there are ways to "fix" the issue anyway.
  • Active Directory Federation Services?  Dude.. Oh..man... let's not even start down that one.... and don't even start that religious war that that topic will start... It's only on the Windows 2003 R2 Enterprise edition and thusly not even available to us SBSers at all.  By the time we need to worry about that one, we'll have grown out of SBS and past the transition pack and probably merged with another Company and into their AD domain namespace anyway.  By that time the "routable" issues are the problem of that much much larger merged firm.

Why .local?  Or more precisely, a private domain name?  Go talk to the SBS Dev team.  Because they wrote the wizards, and folks, unless you really and truly know what you are doing (and chances are folks even if you have been designing AD infrastructure for small and midsized firms... it's still better to stay with the wizards of SBS) go take up your issues with them.

Because .local works and I have not found it limiting at all in my firm. 

And you run the Connect to Internet Wizard and it DOES name the default recipient policy whatever externally resolvable name that you enter in the wizard.  AD works for SBS because we don't even open up the Active Directory MMC snap in unless we really want to torture ourselves.

I haven't found that calling our boxes .lan or .local has limted the SBS domains from growing at all.  But at the same time understand that there are some firms (like mine) that want to stay small.  We've actually turned down offers to join with other firms because we wanted to stay the size we are.

Why do it?

Go install a SBS.

Go run the wizards... ALL of the wizards.

I'm going to challenge you....go install SBS ..... go see exactly what the wizards (or as a certain person would say... whizards) do and then you tell me why you think your way is easier.... 'cause so far the issues you've brought up.... I honestly just haven't seen them in SBSland...in my little brain... I just haven't seen them as deal breakers at all.

Share this post: email it! | bookmark it! | digg it! | live it!