Tuesday, November 27, 2012

Why you shouldn't use .local in your Active Directory domain name.

This post was updated on 14 November 2013

There are an awful lot of .local, .corp, and .lan Active Directory domains out there for many reasons. Sometimes, there is no easy way to change this due to things like Exchange, custom apps that integrate tightly with AD, or just the massive amount of testing that a domain rename requires. I can understand if you walk into a situation like this that you did not create, but please don't ever do this on a new domain.

The correct way to name an Active Directory domain is to create a subdomain that is the delegation of a parent domain that you have registered and have control over. As an example, if I ever started a consulting business and used the Internet-facing website mdmarra.com as my company's site, I should name my Active Directory domain ad.mdmarra.com or internal.mdmarra.com, or something similar. You want to avoid making up a TLD like .local and you also want to avoid the headache of using mdmarra.com for the Internet-facing zone and the internal zone.

Thursday, November 8, 2012

Comparing installed hotfixes on Windows Server using PowerShell


I recently had to track down a configuration issue between our production and dev environments. One of the first things that I looked at were installed hotfixes. Since we have a lot of dev machines that are supposed to mirror production, I decided to whip up a little PowerShell script to compare the installed hotfixes of the two servers.