locked
Domain rename RRS feed

  • Question

  • Hello - 

    I've inherited a network in which the original admin decided to use a public domain name for the internal domain name, but not a public domain that the client owned.  We occasionally run into issues with DNS performance, not sure if that can be attributed to this or not, but I don't think it helps.  Along the way, to combat some of the DNS problems, various admins have added new forward lookup zones for what should otherwise be publicly accessible domains, completely unrelated to the pilfered domain name.   I see some occasional errors in the DNS log regarding duplicate zones (Microsoft has already loaded zone data blah blah blah) and I'm pretty sure these are related to the improperly named internal domain.

    Now, to the meat of the matter: I'm in the process of adding a new DC, migrating some data, and physically moving a server to a branch office. It seems to me that since we've already got some other changes going on that are a little disruptive, now would be the time to correct this issue.  

    Before I proceed, I have a few questions:

    1. Should I even bother with renaming the domain?  

    2. We have other domain member servers running ACT! and Microsoft Great Plains.  Does anyone know if these applications will support the domain rename operation or if there is a better route?

    3. I'm working in an MSP role for a small/mid-size business.  I'm pretty strapped for resources, but would really love to be able to test this entire process before executing in a production environment.  Does anyone have any suggestions for building a 5 server test AD environment on a budget? I have 3 member servers (ACT!, GP, and File Server) and two DCs that both run DNS and one runs DHCP.

    Thanks,


    Nehemiah

    Monday, December 16, 2013 6:25 PM

Answers

All replies

  • I've inherited a network in which the original admin decided to use a public domain name for the internal domain name, but not a public domain that the client owned.  We occasionally run into issues with DNS performance, not sure if that can be attributed to this or not, but I don't think it helps. 

    The DNS related challenge if you use a domain name which is the same as a public DNS domain is that you need to maintain a split-DNS setup. That means that you need to have an internal DNS zone where you need to maintain DNS records for public resources with the same domain name so that they remain accessible. However, this does not impact the DNS performance.

     Along the way, to combat some of the DNS problems, various admins have added new forward lookup zones for what should otherwise be publicly accessible domains, completely unrelated to the pilfered domain name.   I see some occasional errors in the DNS log regarding duplicate zones (Microsoft has already loaded zone data blah blah blah) and I'm pretty sure these are related to the improperly named internal domain.

    For duplicated DNS zones, please read Ace article: http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx

    1. Should I even bother with renaming the domain?  

    I do not see a requirement here. Also, domain rename will impact applications that do not support it.

    More details here: http://technet.microsoft.com/en-us/library/cc738208(v=ws.10).aspx

    2. We have other domain member servers running ACT! and Microsoft Great Plains.  Does anyone know if these applications will support the domain rename operation or if there is a better route?

    I would recommend asking them here: http://social.technet.microsoft.com/Forums/windows/en-US/home?category=w7itpro

    3. I'm working in an MSP role for a small/mid-size business.  I'm pretty strapped for resources, but would really love to be able to test this entire process before executing in a production environment.  Does anyone have any suggestions for building a 5 server test AD environment on a budget? I have 3 member servers (ACT!, GP, and File Server) and two DCs that both run DNS and one runs DHCP.

    You can simply see how to virtualize them (Example: By using Hyper-V) and use evaluation licenses for testing.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Get Active Directory User Last Logon

    Create an Active Directory test domain similar to the production one

    Management of test accounts in an Active Directory production domain - Part I

    Management of test accounts in an Active Directory production domain - Part II

    Management of test accounts in an Active Directory production domain - Part III

    Reset Active Directory user password

    • Proposed as answer by Michael_LS Tuesday, December 17, 2013 10:15 AM
    • Marked as answer by Michael_LS Wednesday, December 25, 2013 2:40 AM
    Monday, December 16, 2013 8:02 PM
  • Mr. X -

    Thanks for taking time to address the full post.

    The zones that were added are completely unrelated to the domain that would require split DNS, so I've got to believe that there's another problem in this network somewhere that was preventing name resolution of the specific domain in question.  This may just be me exhibiting some borderline OCD, but I just feel compelled to figure out why that forward lookup is in place when a properly functioning DNS server SHOULD resolve the domain without issue.  I can't help but think that if clients aren't able to resolve one particular website then it is likely that there will be/are others and that by working around the issue this way I'm just asking for trouble in the future, likely at a time when I don't have the time or resources to troubleshoot.

    I suppose that maybe I should redirect my focus and start a thread in a DNS forum to figure out what's going on there.


    Thanks agan.

    Monday, December 16, 2013 8:32 PM
  • Internal AD domain & their names shouldn't be the cause as long as they are not exposed to the internet. To me the problem is more related to mismanagement of the AD by previous admins or care has to be provided to maintain healthy state of the AD.

    If you see duplicate zones, that means it exists in the AD & might be created by earlier admins who didn't care to verify whether these zones exists or not? I would suggest perform health check & see, where your environment stands currently.

    What does DCDIAG actually… do?  

    Active Directory Replication Status Tool Released

    http://msmvps.com/blogs/ad/archive/2008/06/03/active-directory-health-checks-for-domain-controllers.aspx

    Domain rename is quite risky & complicated process, hence its something i would considered as a last option.


    Awinish Vishwakarma - MVP

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Marked as answer by Michael_LS Wednesday, December 25, 2013 2:40 AM
    Tuesday, December 17, 2013 2:02 AM