Solved

Top Level Domain is .local

Posted on 2014-10-20
3
21 Views
Last Modified: 2016-06-15
I inherited a single AD forest with a TLD of .local.  This forest has Exchange 2010 in it. From what I have discovered so far, it would be next to impossible to just rename the domain due to Exchange. The other possibility that I've found is to do a domain migration. I'm guessing this is as nasty as it sounds.  Does anyone out there know of any alternatives other than having an in-house CA as a work-around?  I may even consider the internal CA, but I'm not so sure that will resolve this issue for good. I'm afraid that eventually, we'll still need to get rid of the .local TLD name.

If a domain migration is my only hope, I could use some advise on how to get started and what things I need to consider (such as the Exchange piece) before getting started. We have almost a year left before I have to have my SSL certs reissued, so I have some time to do it right.
0
Comment
Question by:ShiftAltNumlock
3 Comments
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 250 total points
Comment Utility
Having .local is fine. The few places that you'd want to use an SSL certificate, such as OWA, Autodiscover, or an SSL enabled send connector can all be configured to use a namespace other than the AD domain, so an external cert without the .local is fine.

An example is autodiscover. By default, outlook uses the domain name of the email address when constructing its URL searches, so an SSL cert with either domain.com or autodiscover.domain.com with secure autodiscover...no exchange changes necessary. You can specify a unique fqdn using DNS if you prefer.

Outlook Anywhere URLs can be changed using a simple powershell command and those will be the URLs autodiscover gives out, and can have an SSL with whatever name you chose for the URL. Again, no correlation to the local namespace.

I don't see this changing for the foreseeable future either. This will continue to work.
0
 
LVL 34

Assisted Solution

by:Seth Simmons
Seth Simmons earned 250 total points
Comment Utility
here is how to change the URLs so that you can keep .local internally
may also need to configure split dns

Configure Exchange Services for the Autodiscover Service
http://technet.microsoft.com/en-us/library/bb201695%28v=exchg.141%29.aspx

Windows - Setting Up Split DNS
http://www.petenetlive.com/KB/Article/0000830.htm
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now