Changing forward lookup zone
Mehdis
Win2K3 PDC). It contains records for internal use only....referencing PC's
and servers in the office. We are wanting to move away from this to
'companyname.local'. Is there an easy way of moving all records to the new
name?What would be the best way?
Any advice would be greatly appreciated.
Many thanks.
Mehds
Ace Fekay [MVP-DS, MCT]
If you are referring to an Active Directory installation with an AD DNS domain name of company.com, and you want to change it to company.local, it would require a complete migration from company.com to company.local. This is not an easy task, especially assuming that the new one you want to go to will have the same NetBIOS AD domain name.
Is the company.com name causing you any problems with resolving external resources? That is the usual complaint when configured with the 'same name internal and external domain name." If so, please read my blog on this. It's rather a simple solution to straighten it out.
Split Zone or no Split Zone - Can't Access Internal Website with External Name
http://msmvps.com/blogs/acefekay/archive/2009/09/04/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-name.aspx
Otherwise, let us know what problems you are seeing so we can offer a solution.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
Jonathan de Boyne Pollard
We are wanting to move away from this to 'companyname.local'.
Your Macintosh users won't like you. My educated guess is that "split
horizon" DNS service for DNS data at and below your actual,
properly obtained, domain name is the answer to your real problem.
Mehdis
Hi Ace, thanks for the info. Just a couple of things to mention - The
'companyname.com' forward lookup zone in our internal DNS (same server as AD
e.t.c) isnt causing us any technical problems. Its just that it seems good
practice to have any records used internally contained within a zone
'companyname.local' so we want to do this. For example, we have a CNAME entry
in our 'companyname.com' zone such as name 'server1.companyname.com'
Obviously this isnt strictly true so we'd like something more logical (.local
would be good.).
Therefore I'd like to know if its possible to stop using the companyname.com
zone and only use a new companyname.local zone instead.
Im not sure if I'm giving enough details. If not, let me know :)
Many thanks.
> .
>
Ace Fekay [MVP-DS, MCT]
> Hi Ace, thanks for the info. Just a couple of things to mention - The
> 'companyname.com' forward lookup zone in our internal DNS (same server as AD
> e.t.c) isnt causing us any technical problems. Its just that it seems good
> practice to have any records used internally contained within a zone
> 'companyname.local' so we want to do this. For example, we have a CNAME entry
> in our 'companyname.com' zone such as name 'server1.companyname.com'
> Obviously this isnt strictly true so we'd like something more logical (.local
> would be good.).
>
> Therefore I'd like to know if its possible to stop using the companyname.com
> zone and only use a new companyname.local zone instead.
>
> Im not sure if I'm giving enough details. If not, let me know :)
>
> Many thanks.
>
You are welcome, so far.
Just to get the facts straight, your AD DNS name is company.com, correct?
As for best practices regarding names, there really aren't any 'best practices' rather it's just a choice. There are pros and cons on which to use for an AD name, and the consequences if hosting internal resources that are also available on the public side.
And I would suggest to minimize, if not eliminate, the use of CNAMES. They can cause problems, especially with mail MX records (on the public side), or other issues with AD SRV records, or if you try to use it for resource sharing such as for mapped drives, or trying to create a matching server NetBIOS name under a different zone, etc.
And I believe just to make things more "logical" (not exactly sure what you mean by that), to create another zone, such as a .local zone to match the 2nd level name (the 'company' portion), I don't think it will really help, but then again, I don't exactly follow *why* you want to do this to begin with.
Ace
Mehdis
logical is that having .local for internal use and .com for external would
highlight that internal & external DNS serves different purposes - it just
saves confusion. With company.local internally and company.com externally,
its easy to visualize what you are trying to connect to. All the public
facing services like www, mail & ftp will all be associated with .com
addresses over the Internet. Internal services like servers & internal e-mail
will be associated with .local dns servers. I realise that it may not be
neccessary for us to change the zone name as we dont have any issues with
what we have already. It's just a matter of choice. Would this still need a
complete migration?
Thanks again.
"Ace Fekay [MVP-DS, MCT]" wrote:
> .
>
Ace Fekay [MVP - Directory Services]
<Meh...@discussions.microsoft.com> wrote:
>Yes thats right, company.com is our AD DNS domain name. What I mean by
>logical is that having .local for internal use and .com for external would
>highlight that internal & external DNS serves different purposes - it just
>saves confusion. With company.local internally and company.com externally,
>its easy to visualize what you are trying to connect to. All the public
>facing services like www, mail & ftp will all be associated with .com
>addresses over the Internet. Internal services like servers & internal e-mail
>will be associated with .local dns servers. I realise that it may not be
>neccessary for us to change the zone name as we dont have any issues with
>what we have already. It's just a matter of choice. Would this still need a
>complete migration?
>
>Thanks again.
>
Hello Mehdis,
Yes, unfortunately it would require a migration. The TLD change is
basically a completely different DNS name and would be a major change.
It is not that simple to just change the name and AD work as to what
you are desiring to do.
I would suggest and recommend to just leave it alone if everything is
working.
Ace
Mehdis
I see what you mean. In 3-4 months time we do actually plan on upgrading from
Windows Server 2003 to 2008 so perhaps this would be an ideal opportunity to
make the change? If we do decide to make the change, in brief, what would be
the procedure to alter the DNS name during the migration process? I'm still
doing some reading on this but any guidance from anyone would be great.
Thanks again.
> .
>
Ace Fekay [MVP - Directory Services]
a completely separate and different name. You won't even be able to
use the first part of the name, such as domain.com, you can't make it
domain.loca, because the first part of the name will become the
NetBIOS name. The two NetBIOS domain names will conflict when
installed on the same wire. And the tool you would need, ADMT (AD
MIgration Tool), requires NetBIOS connectivity.
Also, if you have Exchange, that will be another complexity, depending
on which version you have.
YOu can also go for a rename, but then again, Exchange interoduces a
complexity with this, too, and furthermore, Exchange 2007 & 2010 do
not support rename. The following is my blog on a rename, if you want
to look into a rename.
Domain Rename With or Without Exchange
http://msmvps.com/blogs/acefekay/archive/2009/08/19/domain-rename-with-or-without-exchange.aspx
As for an AD Migration, the following should help to understand what
is involved. I've also included Exchange information, too, since I
don't know if you have Exchange in use or not.
Active Directory Migration Using ADMT 3.1
http://www.sivarajan.com/admt.html
ADMT v3.1 Guide: Migrating and Restructuring Active Directory Domains
http://www.microsoft.com/downloads/details.aspx?familyid=6D710919-1BA5-41CA-B2F3-C11BCB4857AF&displaylang=en
Active Directory Migration Tool version 3.1
http://www.microsoft.com/downloads/details.aspx?familyid=AE279D01-7DCA-413C-A9D2-B42DFB746059&displaylang=en
Password Export Server version 3.1 (x86)
http://www.microsoft.com/downloads/details.aspx?familyid=F0D03C3C-4757-40FD-8306-68079BA9C773&displaylang=en
Password Export Server version 3.1 (x64)
http://www.microsoft.com/downloads/details.aspx?familyid=5B4E5C61-1C00-4DA7-9C0D-130200AED21A&displaylang=en
Domain Migration Cookbook - Index and Cover:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook/cookintr.mspx
ADMT requires a two way trust between the forests - Create a trust
between
the two forests
http://technet.microsoft.com/en-us/library/cc780479.aspx
For Exchange mailbox moves...
You Had Me At EHLO... : Exchange 2007 Cross Org Mailbox
MigrationExchange
Migration Wizard was used to perform this task in Exchange 2003.
Exchange
2007 has incorporated Cross Org migrations into the ...
http://msexchangeteam.com/archive/2006/11/02/430289.aspx
If Exchange 2003 is involved, you can use the Exmerge tool. If
Exchange 2007
is involved, you would need to use the MoveMailbox method from the
source
org to the target org after
migrating user accounts.
This is a weak overview of the mailbox move:
http://itknowledgeexchange.techtarget.com/itanswers/inter-forest-exchange-migration-from-exchange-2003-to-exchange-2007/
How to Move a Mailbox Across Forests
http://technet.microsoft.com/en-us/library/aa997145.aspx
AD and Exchange Consolidation
http://itknowledgeexchange.techtarget.com/itanswers/ad-and-exchange-consolidation/
Inter-Forest Migration/Consolidation
http://forums.techarena.in/active-directory/1135548.htm
Deciding to Consolidate Exchange Messaging Systems
http://technet.microsoft.com/hi-in/library/bb124206(en-us,EXCHG.65).aspx
Server Consolidation Recommendations
http://technet.microsoft.com/hi-in/library/aa998499(en-us,EXCHG.65).aspx
If using the Quest tools (recommended), read this for an idea of what
to
expect, time per GB, etc. Thread: QMM throughput question
http://migration.inside.quest.com/thread.jspa?messageID=27243
I hope that helps.
Ace
On Tue, 20 Apr 2010 04:45:01 -0700, Mehdis
Mehdis
name issue you mentioned, this only happens if you are upgrading on the same
server and not migrating to a new server?
> .
>
Ace Fekay [MVP - Directory Services, MCT]
to keep the same NetBIOS domain name and/or server name. Say if the
domain name is domain.com but you want to go to domain.local. By
default "domain" is the NetBIOS name. In a migration scenario where
you are truly migrating it, the NetBIOS domain names will need to be
different, or you can't run the migration tools due to conflicts.
This doesn't affect renames.
Ace
On Wed, 21 Apr 2010 01:21:01 -0700, Mehdis