Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
Course Of The Month
1 day, 19 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Considerations for Exchange 2010 when changing external domain name.
Posted on 2013-01-08
Exchange 2010 SP1
Single Site Domain/Organisation
HUB, MB and UM running on Server 2008
CAS running on Server 2008
We are, in the next few weeks, going to be changing our external domain name. The change will be distinct: ourcurrentdomain.co.uk -> ournewdomain.org. The change will not involve any changes to any servers or external IP addresses. We have configured our new DNS external zone with correct name to IP mappings. We will have to implement a new authoritative domain in Exchange 2010 as well as new email address policies for our clients to reflect the new domain in their SMTP addresses. Because my superiors want the old domain name to still be usable for a period of time TBD, we've altered our SAN cert by adding the new FQDNs for the new domain as well as making the new domain FQDN for CAS/OWA the CN of the cert whilst leaving all of the original FQDNs for the current (soon to be old) domain in. We are also aware that we will need to change the external URL for OWA in Exchange. Please note, we do not use autodiscover, nor do we have Outlook Anywhere enabled. My question is, after we've implemented these changes, will external users still be able to use https//mail.ourcurrentdoma
Also, on the new cert, I've left the FQDN for Activsync set to the old domain name (since it's not really going anywhere) to avoid having a rush on the IT office from all our mobile users. If we leave the old URL in the Activsync settings in Exchange, will this work? Kind regards,
Adam
Single Site Domain/Organisation
HUB, MB and UM running on Server 2008
CAS running on Server 2008
We are, in the next few weeks, going to be changing our external domain name. The change will be distinct: ourcurrentdomain.co.uk -> ournewdomain.org. The change will not involve any changes to any servers or external IP addresses. We have configured our new DNS external zone with correct name to IP mappings. We will have to implement a new authoritative domain in Exchange 2010 as well as new email address policies for our clients to reflect the new domain in their SMTP addresses. Because my superiors want the old domain name to still be usable for a period of time TBD, we've altered our SAN cert by adding the new FQDNs for the new domain as well as making the new domain FQDN for CAS/OWA the CN of the cert whilst leaving all of the original FQDNs for the current (soon to be old) domain in. We are also aware that we will need to change the external URL for OWA in Exchange. Please note, we do not use autodiscover, nor do we have Outlook Anywhere enabled. My question is, after we've implemented these changes, will external users still be able to use https//mail.ourcurrentdoma
Also, on the new cert, I've left the FQDN for Activsync set to the old domain name (since it's not really going anywhere) to avoid having a rush on the IT office from all our mobile users. If we leave the old URL in the Activsync settings in Exchange, will this work? Kind regards,
Adam
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
3
2
6 Comments
Active today
Seems you have covered your basis. The only item that might be overlooked deals with the outgoing portion of the configuration.
You may eventually need to update the reverse DNS to reflect the new domain reference as well as adjust the name exchange uses in the outgoing connection.
You may eventually need to update the reverse DNS to reflect the new domain reference as well as adjust the name exchange uses in the outgoing connection.
Active 2 days ago
Arnold,
Thanks for your response. Yes, we're aware of those items as well. What I'm really looking at is trying to figure out if the old OWA address (from our old domain) will still work after the change considering that all those domain references will still be listed on the SAN cert. I would've thought that this connection would be broken after modifying the external URL for OWA from within Exchange. If so, is there some sort of jiggery-pokery that we could do with the default website URL redirection in IIS? Also looking to see if anyone can verify that Activsync will continue to work with the old domain FQDNs since that DNS zone will remain active and the old domain listings will still be on the SAN. We want to avoid having to update everyone's mobile devices right at the time of the switch over (we'll phase them in gradually after the dust settles). Thanks.
Thanks for your response. Yes, we're aware of those items as well. What I'm really looking at is trying to figure out if the old OWA address (from our old domain) will still work after the change considering that all those domain references will still be listed on the SAN cert. I would've thought that this connection would be broken after modifying the external URL for OWA from within Exchange. If so, is there some sort of jiggery-pokery that we could do with the default website URL redirection in IIS? Also looking to see if anyone can verify that Activsync will continue to work with the old domain FQDNs since that DNS zone will remain active and the old domain listings will still be on the SAN. We want to avoid having to update everyone's mobile devices right at the time of the switch over (we'll phase them in gradually after the dust settles). Thanks.
Will external users still be able to use https//mail.ourcurrentdomain.co.uk/o wa to access OWA?
Yes. The domain portion isn't important in this instance - for example you can access OWA at https://IP.of.CAS.svr/OWA
In fact I've just tested pointing a different domain to OWA and it works fine.
Active 2 days ago
Thank you BlueCompute. I guess my question now is, how does that work? Is it just down to a DNS entry for the FQDN? If there's no http redirection in IIS and the external URL is set to a specific FQDN, how is the traffic routed to the right place? Got to be DNS, no?
The thing that makes it work is that IIS ignores the host header in the request (actually can't read the host header until it is decrypted from https) and passes the request to the site configured with the correct IP:port binding (in this case *:443). So the configured external URL is irrelevant! This is described far better here: http://blogs.iis.net/thomad/archive/2008/01/25/ssl-certificates-on-sites-with-host-headers.aspx
So long as the default website has a blank host name and is bound to port 443 then OWA will work with any URL that resolves to the correct IP and is included in the SSL certificate.
So long as the default website has a blank host name and is bound to port 443 then OWA will work with any URL that resolves to the correct IP and is included in the SSL certificate.
Featured Post
On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses
Course of the Month1 day, 19 hours left to enroll
717 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.