The main decision to be made is how to name your internal Active Directory namespace. Microsoft makes a number of suggestions; which is recommended appears to have changed over the years. The two main options are as follows:
- Use a subdomain of the assigned DNS for your unit such as oucs-ad.oucs.ox.ac.uk, chem-ad.chem.ox.ac.uk
- Use a completely different domain name such as oucs-ad.local, chem-ad.local
In making your decision bear in mind that you must use a DNS name that cannot be resolved to a real DNS name that is in use, or may possibly be in use on the internet, or you will end up with total confusion for your clients. So don't use unit.com, unit.org, unit.ac.uk or anything along these lines.
Using adsubdomain.unit.ox.ac.uk is fine because currently subdomains of unit.ox.ac.uk are not generally used in the central DNS, so there is no danger of there being a clash. Also, if this situation changed, it is possible that any subdomains that you have set up could be configured on the main DNS servers.
If you use this configuration, then all of your servers and clients will usually still be registered in the central DNS with names of servername.unit.ox.ac.uk, clientname.unit.ox.ac.uk etc., but they will have a second identity of servername.adsubdomain.unit.ox.ac.uk, clientname.adsubdomain.unit.ox.ac.uk, etc. in DNS servers that you run on servers within your unit.
Using a subdomain of .local is also common practice. The .local domain is unlikely ever to exist as a real top level domain. However be a little cautious as it is used by Apple's Bonjour services for name resolution, so you may need to take care if you have Macs and want to use a subdomain of .local, or if you use Bonjour on your Windows desktops. See Apple's Developer Connection Domain Naming Conventions notes for more information.
If you use this configuration, then all of your servers and clients will usually still be registered in the central DNS with names of servername.unit.ox.ac.uk, clientname.unit.ox.ac.uk etc., but they will have a second identity of servername.adsubdomain.local, clientname.adsubdomain.local etc. in DNS servers that you run on servers within your unit.