[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Additional domain alias

Posted on 2013-01-22
2
Medium Priority
?
468 Views
Last Modified: 2013-01-28
We have a Win2k8 r2 domain named domain.local (domain1). Recently we partner with another company who uses domain.tld (domain2) as their ad domain name. Their wireless users use their AD radius server with ssl cert doman.tld to authenticate to the wireless network. We are migrating partners ad into our, but since it's not possible to purchase SSL certificates for internal AD domain names (.local) any more we would like to re-use their radius server with the existing ssl certificate, so my questions are:

1. Is it possible to add additional AD alias (domain.tld) to domain.local so that ssl could be used once users from partner company log on with their new username username@domain.local?

2. Would users log on using existing domain alias domain1\username or using the UPN?
0
Comment
Question by:cphs
2 Comments
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 225 total points
ID: 38807415
I don't see why you couldn't create a zone in DNS of domain.tld and have it point to domain.local.
0
 
LVL 37

Assisted Solution

by:ArneLovius
ArneLovius earned 225 total points
ID: 38807744
I usually use internal CA (the Windows one works just fine) for requirements such as 802.1x and internal only web sites/services as you can push the CA root certificate to all domain joined clients through GPO, in your case you could also push the CA rot certificate out to the other domain computers as well.

Using a private certificate has the advantage of not costing anything (bar the maintenance of a CA server) and allows you to use private certificates for anything else that you need internally, this could be for web interfaces on copiers/printers/wireless access points etc.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question