I’ve had a situation recently (which is quite common particularly as Microsoft don’t support .local domains for things like SkypeForBusiness)
The issue arose when the company Active Directory domain matches the external website domain and the company isn’t using www. record for their site, so people can’t access the corporate website internally. e.g. http://joebloggs.com
My workaround is quite simple and I can’t see this solution elsewhere in this specific context so I thought I’d put it here.
In my example, my pretend company has a windows AD domain of joebloggs.com which all their users & computers are members of. Their website is http://joebloggs.com
- For AD to work joebloggs.com must be pointing to the internal IPs of your Domain Controllers.
- If you browse to joebloggs.com internally you’ll be greeted with either an error (if no IIS installed) or an IIS landing page.
- You can’t change your internal joebloggs.com A record to match the public IP of your web host as AD will break completely.
The solution is to use a reverse proxy. I’d thought of setting up a Linux VM and using NGINX or Apache but I discovered IIS has reverse proxy functionality available through a couple of extensions. This is obviously much cleaner as it can run on the DCs themselves.
The rough steps are as follows: