Top Level Domain is .local

I inherited a single AD forest with a TLD of .local.  This forest has Exchange 2010 in it. From what I have discovered so far, it would be next to impossible to just rename the domain due to Exchange. The other possibility that I've found is to do a domain migration. I'm guessing this is as nasty as it sounds.  Does anyone out there know of any alternatives other than having an in-house CA as a work-around?  I may even consider the internal CA, but I'm not so sure that will resolve this issue for good. I'm afraid that eventually, we'll still need to get rid of the .local TLD name.

If a domain migration is my only hope, I could use some advise on how to get started and what things I need to consider (such as the Exchange piece) before getting started. We have almost a year left before I have to have my SSL certs reissued, so I have some time to do it right.
ShiftAltNumlockAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Having .local is fine. The few places that you'd want to use an SSL certificate, such as OWA, Autodiscover, or an SSL enabled send connector can all be configured to use a namespace other than the AD domain, so an external cert without the .local is fine.

An example is autodiscover. By default, outlook uses the domain name of the email address when constructing its URL searches, so an SSL cert with either domain.com or autodiscover.domain.com with secure autodiscover...no exchange changes necessary. You can specify a unique fqdn using DNS if you prefer.

Outlook Anywhere URLs can be changed using a simple powershell command and those will be the URLs autodiscover gives out, and can have an SSL with whatever name you chose for the URL. Again, no correlation to the local namespace.

I don't see this changing for the foreseeable future either. This will continue to work.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Seth SimmonsSr. Systems AdministratorCommented:
here is how to change the URLs so that you can keep .local internally
may also need to configure split dns

Configure Exchange Services for the Autodiscover Service
http://technet.microsoft.com/en-us/library/bb201695%28v=exchg.141%29.aspx

Windows - Setting Up Split DNS
http://www.petenetlive.com/KB/Article/0000830.htm
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.