Domain Name .local

Hello, I walked into a new server 2012 install. The domain that has been set up and has 2 servers joined to it is anydomain.local. The registered domain is anydomain.us. This install will be adding Exchange and I believe it is a nightmare if the domain is .local. Can I change this to .us? Should I change this to .us? There are no plans to ever host a website or have one hosted elsewhere. The purpose for the domain is simply for email.

Thank you
LVL 1
daskas27Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Zacharia KurianAdministrator- Data Center & NetworkCommented:
Well the issue comes when you use SSL cert for your exchange. All publicly trusted SSL Certificates issued to internal names, are no more supported. Any one who uses internal names in their publicly trusted SSL cert has to remove it. For a better clarification read this

You have 2 options either switch to your registered domain or as per the link provided do the work around.

Zac.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MASEE Solution Guide - Technical Dept HeadCommented:
Please check this to make your internal and external name the same and get rid off certificate errors
http://www.experts-exchange.com/articles/13676/Out-Of-office-not-working.html
daskas27Author Commented:
I would like to switch the current private network anydomain.local to anydomain.us which is the registered name. The links you provided do not offer any help with that. I need to mention that Exchange has NOT been installed on this domain yet.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

daskas27Author Commented:
My last post was a reply to Zach.
MASEE Solution Guide - Technical Dept HeadCommented:
I still suggest you give a name which is not equal to any external name. It will not create a big issue though.
For example your website name is anydomain.us and you won't be able to open your website without typing www.anydomain.us. if your user type only  anydomain.us you will get a page cannot be displayed screen.
daskas27Author Commented:
But won't this cause trouble with setting up Exchange?
MASEE Solution Guide - Technical Dept HeadCommented:
No it will not create problem for Exchange servers as the recommended way to access OWA,ECP etc is to use external name instead of using internal FQDN in all the new versions of Exchange servers.

You can make both internal and external URLs the same using this
arnoldCommented:
Exchange can support multiple domains, if you make the internal AD domain use the same as the external, you will run into DNS issues and having to maintain conflicting.
To handle you would have an Internal PKI/CA that will issue internal SAN certificates, and use public SAN for external hosts.  You would define two sets of transports, one for internal and one for external.

Depending on your environment, you could have the certificate terminated on a pair of clustered reverse proxy, load balancer, to deal .............
Amit KumarCommented:
what is your local Domain name?

Simple thing if anything.us is only a DNS which publshed externally but you have Domain controller with local domain then you will have to add Exchange org in your local domain. You will have add both domains as accepted and publish all URLs with .us domain. even when you will apply e-mail address policy so change it with .us domain. it will work like this.

However if you have domain controller for .us domain and you did not prepare Exchange infra like schema and prepare AD also did not setup Exchange services on it then you can just disjoin from .local domain and re-join in .us domain. but don't change if you have already prepared AD and install Exchange services.
daskas27Author Commented:
Yikes, that last one just blew me away. If you guys were setting this up, what would you use for the internal name?
daskas27Author Commented:
Again, Exchange has not yet been installed.
Amit KumarCommented:
if you have .us domain controller in place then just disjoin your computer from .local domain and re-join in US domain. thats all you need to do.
daskas27Author Commented:
The controller is currently anydomain.local
Amit KumarCommented:
so you are good to go .... just install Exchange and add .us domain in accepted domain.

Once you are done then publish your all DNS URLs with .us only. also you will have to use .us URLs certificate.

Create an e-mail address policy using .us domain only. this architecture will definitely work.

It depends on you now if you create .us DNS internal and external both or you just ok with using .us URLs from internet in internal and external both networks...
arnoldCommented:
Here is a write up,
http://social.technet.microsoft.com/wiki/contents/articles/17974.active-directory-domain-naming-considerations.aspx
what is the issue that you think is an obstacle?

One thing I would not do is rename it to the public domain.

You having just got into .., you are asking the wrong people, you should ask those whose server/setup it is whether they would consider such a change with you providing the reasoning behind it.

Presumably when one gets into addressing/setting someone elses existing, they need to work with what those individuals have.  The first thing to them should not be hey, we need to change this or that, the systems you got are this or that, you need to get new ones, etc.

The rename of a domain is fairly straight forward depending on the type, the renaming might be limited and are you willing to put yourself without seemingly understanding their environment.  The change you want to make is only because the public certificate will not be issued with a .local SAN host names for a single application, exchange, is not a sufficient reason to upend whatever the existing setup is.
Amit KumarCommented:
there are many organization those never use external domain name in their internal domain. even I am working with an org. and we don't use external domain as our domain controller's domain name. we have diff. one and there is no issue using like this as you can segregate it easily. Exchange has functionality to accept domain and you can use e-mail address policy to assign specific domain's e-mail address and definitely .local domain will not be a certificate name that is why .com or .us will be domain's certificate.
daskas27Author Commented:
So if I leave it as .local I will not have any issues with certificate?
arnoldCommented:
Is certificate the inky and priMary impediment that you see? Let's say the firm has multiple domains anydomain.us, anydomain.com, anydomain.info and they got you to setup their exchange such that each domain have their own respective hostnames for inbound/outbound. Would that be a problem?

The certificate is the least important in my opinion.
Amit KumarCommented:
Agree certificate is least important. you can create certificate as per your convenience it is in your hand.
daskas27Author Commented:
Thank you
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.