I inherited a single AD forest with a TLD of .local. This forest has Exchange 2010 in it. From what I have discovered so far, it would be next to impossible to just rename the domain due to Exchange. The other possibility that I've found is to do a domain migration. I'm guessing this is as nasty as it sounds. Does anyone out there know of any alternatives other than having an in-house CA as a work-around? I may even consider the internal CA, but I'm not so sure that will resolve this issue for good. I'm afraid that eventually, we'll still need to get rid of the .local TLD name.
If a domain migration is my only hope, I could use some advise on how to get started and what things I need to consider (such as the Exchange piece) before getting started. We have almost a year left before I have to have my SSL certs reissued, so I have some time to do it right.