In the past many IT architects designed the Active Directory namespace with .local domain. Even Microsoft distribute their best practises to not design this way but use common domain namespace.
Many administrators argued to be more save with a .local AD namespace. But security is not the option.
Now today this becomes an issue when you want to connect your AD namespace with cloud environment.
I’ve found the article from Mark Parris and I recommend you have look at it and be aware of this issue.