Solved

AD / DNS changes

Posted on 2012-04-05
3
354 Views
Last Modified: 2012-04-09
So to give a little background on the setup, the previous IT guy configured the Active Directory name as site1.mycompany.com and he assumed that the second site would be site2.mycompany.com and so on. I guess he had a problem with that so now all 4 office locations are under the DNS site1.mycompany.com and the root domain for the company is site1.mycompany.com. So any server or workstation (regardless of which physical site it's at) is name as follows:
site1_server.site1.mycompany.com
site2_server.site1.mycompany.com
site3_workstation.site1.mycompany.com
and so on

Each site has a domain controller, local file server, DHCP and DNS servers. For the most part things seem to be working OK, but there are odd "slownesses" when logging in or opening local shares at the remote offices. The main site, where the original and primary DC resides, everything works perfect, it's the remote offices that act funny which makes me believe it's caused by the odd way things were configured. Most of the DC's are server 2008, so the functional level is still at 2003.

So what I would like to do, if it's even possible with out starting over from scratch, is the following:

change the primary domain to mycompany.local.

have each site have it's own secondary zone, site1.mycompany.local, site2.mycompany.local and so on.

do this without rebuilding all of the group policies i've worked so hard to clean up

finally and probably the most important, do this without effecting normal work.

is any of these even possible?

Thanks a lot.
0
Comment
Question by:mcjim2k
3 Comments
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37812334
Slow response from those remote branches could be because it cannot find a DC in it's site.
A loose translation but: Sites are configured as authentication and replication boundaries.
If the users are on a specific IP and there is a DC on that network, then that DC should reside in the site that has the subnet defined.

Make sure that each site has the correct subnet attached in AD Sites and Services, then move the corresponding DC into that site too.

Ideally you'd want to do this on the server holding the Infrastructure Master role...reduces the amount of wait time for domain synchronization.

P.S. Are your DC's currently replicating correctly?
Run DCDIAG on each DC to check the health of AD.
0
 

Author Comment

by:mcjim2k
ID: 37812891
Thanks for the response. The DCs seem to be replicating just fine and all of the sites are setup properly with their own subnets and DCs assigned to each.

For this particular question, I'd like to focus on the possibility of renaming the domain and reconfiguring the secondary DNS zones.
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 37813669
Well you can keep site1.company.com but then create Sites with AD Sites this will fix the weird slowness issues the reason is that the computers are not locating their local DCs. Without Sites setup then DNS will not be able too determine what the closets DC is for those clients systems.

You can rename the domain with a domain rename http://technet.microsoft.com/en-us/library/cc738208(v=ws.10).aspx

No point on creating secondary zones you should keep everything under the mycompany.com domain. The key here is to create AD Sites.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OfficeMate Freezes on login or does not load after login credentials are input.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html) provided 218 attendees with a step-by-step guide for identifying Acti…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question