Solved

Top Level Domain is .local

Posted on 2014-10-20
3
36 Views
Last Modified: 2016-06-15
I inherited a single AD forest with a TLD of .local.  This forest has Exchange 2010 in it. From what I have discovered so far, it would be next to impossible to just rename the domain due to Exchange. The other possibility that I've found is to do a domain migration. I'm guessing this is as nasty as it sounds.  Does anyone out there know of any alternatives other than having an in-house CA as a work-around?  I may even consider the internal CA, but I'm not so sure that will resolve this issue for good. I'm afraid that eventually, we'll still need to get rid of the .local TLD name.

If a domain migration is my only hope, I could use some advise on how to get started and what things I need to consider (such as the Exchange piece) before getting started. We have almost a year left before I have to have my SSL certs reissued, so I have some time to do it right.
0
Comment
Question by:ShiftAltNumlock
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 250 total points
ID: 40392641
Having .local is fine. The few places that you'd want to use an SSL certificate, such as OWA, Autodiscover, or an SSL enabled send connector can all be configured to use a namespace other than the AD domain, so an external cert without the .local is fine.

An example is autodiscover. By default, outlook uses the domain name of the email address when constructing its URL searches, so an SSL cert with either domain.com or autodiscover.domain.com with secure autodiscover...no exchange changes necessary. You can specify a unique fqdn using DNS if you prefer.

Outlook Anywhere URLs can be changed using a simple powershell command and those will be the URLs autodiscover gives out, and can have an SSL with whatever name you chose for the URL. Again, no correlation to the local namespace.

I don't see this changing for the foreseeable future either. This will continue to work.
0
 
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 250 total points
ID: 40392734
here is how to change the URLs so that you can keep .local internally
may also need to configure split dns

Configure Exchange Services for the Autodiscover Service
http://technet.microsoft.com/en-us/library/bb201695%28v=exchg.141%29.aspx

Windows - Setting Up Split DNS
http://www.petenetlive.com/KB/Article/0000830.htm
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question