Active Directory Domain Naming Considerations

Applies to all versions of Windows Server capable of creating Active Directory Domain Services (AD DS) domains. 

Note

 

You should

• Register your organization's root domain name and potentially any additional tree domain names that represent unique names subordinate to an existing top-level domain names (TLDs) as AD DS domain names. Otherwise, you run the risk of limiting your organization from using applications and services that rely on using registered Internet names. For example, you will not be able to synchronize your domain with Windows Azure Active Directory unless you own the domain name that you are trying to synchronize. 
• Follow the naming rules and best practices specified in 909264 Naming conventions in Active Directory for computers, domains, sites, and OUs.
• Create only AD DS domain names that are subordinate to existing TLD names. If you want to create a new TLD name for your organization, the cost may be significant. For more information, see New Generic Top-Level Domains FAQ for more information.

You should not

• Name your domain using any of the Internet Assigned Numbers Authority (IANA) Special-Use Domain Names as there can be multiple issues with application compatibility.
• Use single-labels for your AD DS domain names. Single-labels refers to names that are not separated by a dot (.), such as CONTOSO or FABRIKAM. Instead, you would use names like contoso.com or fabrikam.com.
• Do not name AD DS domains using names that are currently registered to another entity on the Internet. For example, you would not actually want to use contoso.com, because that is registered to Microsoft. You can use a whois service to perform domain name look-ups to ensure that the name you are selecting is not already registered.
• Use any invalid TLDs, root domain names, or tree domain names. 
• Use any NetBIOS domain names that are reserved by the operating system, such as system and internet. For a full list, see the Table of reserved words section in Microsoft KB article 909264 Naming conventions in Active Directory for computers, domains, sites, and OUs. 
• Use any NetBIOS domain names that are considered operating system names by the IANA.

Additional information

• Special-Use Domain Names (RFC 6761)
• Invalid top-level domain names as reported by IANA SSAC report SAC045
• Certificates using the .LOCAL TLD or any internal names will be refused by certificate vendors after November 1st, CY 2015
• Naming conventions in Active Directory for computers, domains, sites, and OUs
• Why you shouldn't use .local in your Active Directory domain name.
• 2.2.1 NetBIOS Name Syntax
• Use of Non-ASCII in DNS 

---