A. Ideally, you'd migrate the DNS zone to a new Windows-based DNS server. If that isn't possible, don't use domain.com for your Active Directory (AD) domain. Instead, use either ads.domain.com or, if ads.domain.com isn't practical, domain.net.

There's no reason to use domain.com. However, if you must use it and can't move the domain to another DNS server, you can delegate the four core subdomains that AD uses to a Windows DNS server. These subdomains are

  • _msdcs.domain.com
  • _sites.domain.com
  • _tcp.domain.com
  • _udp.domain.com

You'd create subdomains as new zones on your Windows DNS server and enable dynamic update. These zones would then contain all the service records that AD needs. However, you'd still need to manually add a host (A) record in the main DNS zone for domain.com for each domain controller's (DC's) IP address (e.g., domain.com IN A 128.10.20.12) and one host record per DC. Adding these records is easy, although you must remember to update the A record if your IP addressing changes.