domain rename or rebuild?
-
I'm about to start at a company that is using their public domain name for AD. i know from watching itpro that this isn't that correct way to set it up(shouldn't use a pubic domain name, it should be unique and never used on the internet). how should i go about renaming this? or would it be better to build a new domain. any recommended videos to watch regarding this topic?
-
Other's with more experience than you or I will hopefully chime in here to give you better background and info.. but having said that...I will tell you what I know from experience.
If you're changing the name of the domain. It's probably better that you rebuild if possible. It may not always be possible.
Even then, you're probably talking about having to do some type of AD migration of objects too when rebuilding. Renaming is a bad idea. I'm not sure if you can even do it. Even if you can, it's not a process that you're ever going to want to try.I'm not sure if we have any show that talks about this situation specifically, we normally emphasize the best practice of making sure you same it what you need to from the beginning so you don't have to change it. So you may want to check out those planning and designing AD shows in 70-413.
Cordially,
Ronnie Wong
Host, ITProTV -
@matthew-meyer said:
I'm about to start at a company that is using their public domain name for AD. i know from watching itpro that this isn't that correct way to set it up(shouldn't use a pubic domain name, it should be unique and never used on the internet). how should i go about renaming this? or would it be better to build a new domain. any recommended videos to watch regarding this topic?
Hello Matthew,
As someone that is heavy into the administration of multiple ADs and forests, I can probably answer that for you. Definitely C&P (Clean & Pristine), domain renames aren't very easy and it isn't really worth the headache once what they've done above is the case. Your internal Active Directory I hope is not exposed to the internet, as that's like Crossing the Streams. :)
If this is going to be your prime responsibility at your new company, I might recommend "the Cat book" from O'reilly. This is pretty much the seminal text as far as understanding all the nuts and bolts involved with AD management, building new directories and so on.
My other recommendation would be that you establish group lifecycles and user lifecycles, as well as server and desktop naming schemes in advance and get them to sign off on it so that all of your systems follow the pattern.
Some folks choose geography, some choose logical design of networks for OU structures. In the end, one thing to remember when you get to that part is that it's best if you focus on the business organization rather than the logical or the geography, that's what Sites & Services is for. :)
AD lends itself a bit to programming, everything is derived from a higher level class with certain attributes, starting with TOP. Anyway, before I start to ramble about any of it any more than I have the point is that you want to get a basic grasp of inheritance from any object oriented language, i.e. C# or C++. You follow this pattern as you create your directory and it will function very cleanly and efficiently. In one small company where a single AD forest/domain is enough, it's often much easier to be nimble and do something like that type of C&P re-creation. Now, it does mean that once you create the new directory, you'll need to either recreate the users/mailboxes (if Exchange is used with AD) etc or you'll have to migrate the users. Domain migration is a pretty complex topic, I can only recommend that you read that book I mentioned, the articles on Technet. It involves an understanding of trust relationships between your directories as well as proper handling of your internal network and DNS so people get forwarded to the right domain controllers and so on.
"The Cat Book": http://shop.oreilly.com/product/9780596520601.do?sortby=bestSellers
Migrating Active Directory (technet): https://technet.microsoft.com/en-us/library/cc974332(v=ws.10).aspx -
Thanks for the feedback and advice.