Considerations for designing namespaces in a Windows 2000-based domain

This article was previously published under Q285983
This article has been archived. It is offered "as is" and will no longer be updated.
You must carefully consider how to design namespaces for internaland external networks in a Microsoft Windows 2000-based domain. This article provides some suggestions about implementing namespaces.
More information
The preferred method of creating a namespace is to create an internal namespace that is different from the external namespace. This creates a barrier between your internal resources and the Internet. For example:

Internal domain: IDEALLAB.INTERNAL
External domain: IDEALLAB.COM

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
300684 Information about configuring Windows for domains with single-label DNS names
It is important to understand the distinction between Domain Name System (DNS) namespaces and Active Directory (Lightweight Directory Access Protocol, or LDAP) namespaces. Your internal DNS namespace should be identical to your Active Directory namespace. If you name your internal DNS namespace "Ideallab", your Active Directory name should also be "Ideallab". If you use an internal name of "", this name is a DNS name but is completely disassociated from the Internet. The "Ideallab" DNS name places you at the .com, .org, .edu, .gov level of the DNS hierarchy.

Some advantages and disadvantages of separating your internal and external namespaces are:


The internal namespace is not registered with Internic. Internal resources are not exposed.

Proxy clients need to exclude only the external namespace, which allows any external DNS queries to the Internet to proceed through the Proxy Server.


Logon and e-mail names are different. Each must be mapped to the appropriate namespace.

The user logon name will use the internal LDAP namespace as a suffix, such as user@ideallab. This can be mapped to the external namespace by using an alternate Universal Principal Name (UPN) suffix.

For more information, refer to the following article in the Microsoft Knowledge Base:
243280 Users can log on using user name or user principal name

In this example, e-mail names coming from the Internet would use a suffix of This can be mapped to a number of different namespaces, including LDAP and Simple Mail Transfer Protocol (SMTP). Your DNS server will need an Mail Exchange (MX) record to ( and a corresponding Host (A) record.

Article ID: 285983 - Last Review: 10/26/2013 10:29:00 - Revision: 5.0

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • kbnosurvey kbarchive kbinfo KB285983