Our email, served by local Exchange 2019, has its own domain name (e.g; email.tld). The server itself is a member of the directory domain (e.g; mx.activedirectory.tld) as any other Exchange Server but it's set to respond at the naked email.tld both in and out of the intranet for IMAP, webmail, SMTP, ActiveSync and Exchange's own protocol plus virtual directories, not on the server's actual subdomain/hostname. It's got its own domain so we just went to town with it.
But now we're are adding email.tld as a alternative UPN suffix to the main activedirectory.tld to make it easier for users but, as we know, the naked or main domains are reserved for domain controllers and even if we'd make them host anything, Exchange cannot be installed in Domain Controllers.
Researching I learned that alternative UPN suffixes don't actually have to exist, moreorless like the .local domain names, but .local domain names do actually exist when they're main directory domains, only not publicly. I didn't find anything more specific, I skimmed the documentation back to Windows Server 2008 but even skimming it took forever to get there. The newer information regarding UPN suffixes is specific to Azure-joined domains. My question is, do the rules for main directory domains apply too for alternative UPN suffixes?
Thanks for your help!