10

I have taken over all IT responsibilities for a company that is using Active Directory (2008 R2 native level) and Exchange 2010. I have come to find out that their internal Active Directory domain name is the same as an external internet domain name that they do not own. I understand that domain rename with Exchange 2010 / server 2008 r2 is not possible as far as I have read. Could someone help me to realize what other options may be available to me? They have quite a large infrastructure so moving to a new forest would be a massive job I would like to try to avoid if possible.

Thank you in advance for your help.

Blax
  • 145
  • 1
  • 2
  • 8
  • 2
    Can you define what you mean by large infrastructure? How many users, computers, and servers? Is this a single site or multiple sites? Further, is the internal domain name overlapping with a site that is used or requested frequently, or is it something that most people will never go to? – smassey Aug 21 '11 at 00:20
  • I have to be a bit reserved with details due to the nature of the company and my relationship with them. Sufficed to say there are just about 60 servers, mostly virtual. Not very many users around 20 or so and about the same number of workstations. It is a single site and I don't think anyone would ever go to the external domain name. The real rub is they have a ton of AD connected applications, much like Exchange 2010 itself. Is there any third party software out there that allows you to do a rename? – Blax Aug 21 '11 at 17:10
  • Internal AD domain with a random public name? Wow, *that*'s foreseeing. – Massimo Mar 21 '15 at 14:58

3 Answers3

6

Domain rename with Exchange 2007/2010 is not supported by Microsoft. If you want to go this route, you will not be able to get any support from Microsoft, and there is a good change that your infrastructure will be damaged in some way. Most sites I have read on this say NOT to do this.

So this leaves you with three options:

1)Do Nothing - This is the easiest of the three options. If the external domain is not something people are going to go to, then there is probably nothing to worry about. There may be some issues in getting UC/SAN certificates for Exchange, but the only issue I am aware of will be a security warning in Outlook when you're using the program inside your firewall.

2)Remove Exchange, then do a domain rename - I don't know what other AD-aware/AD-connected applications you have, so this may not be an option. How this works is that you take a long outage, back up your Exchange databases, remove Exchange from your environment, rename your domain, and then re-install Exchange and configure your environment. This would be a lot of work, and you would have no email during this outage. You would also need to extensively document your Exchange environment so that it is reconfigured with the same settings.

3)AD Migration - Create a new Active Directory forest and migrate all of your AD-objects to this domain. This will require the most work and the most testing to make sure that a migration doesn't break any of your applications.

3a)New AD Domain in the same forest - Some of the Microsoft material that I have read for my MCITP states that you can have discontiguous DNS naming structures in the same forest. This means that you can have one Active Directory forest with domains xyz.com and abc.local. This is a supported configuration for Microsoft Exchange 2010 (see http://blogs.technet.com/b/exchange/archive/2009/10/27/3408616.aspx), and it should allow you to solve your issue without a large-scale migration to a new forest.

If you decide to make any major changes to your AD environment, I would recommend contacting a Microsoft partner to go over your scenario in greater detail than what you can provide here. There may be other caveats that you can't go into detail on that could hinder your project.

smassey
  • 696
  • 5
  • 13
  • Smassey, thank you so much. I am going to review these options carefully and try to come up with the best one for the situation. I think #2 will probably be the easiest but I will have to consider all avenues. Thanks again very much for your assistance. – Blax Aug 22 '11 at 15:57
  • You're welcome, Blax. Best of luck with your AD changes. – smassey Aug 22 '11 at 21:59
-1

you just need to change CAS Name and Outlook error will disappear. follow the below article and set CAS name according to your DNS.

http://blogs.technet.com/b/danielkenyon-smith/archive/2010/05/13/the-name-on-the-certificate-is-invalid-or-does-not-match-the-name-of-the-site-part-2.aspx

Abdul Waheed
  • 1
  • 2
    This is, at the very best, a small aspect of the problem the OP is facing and doesn't contribute to his problem. – Sven Nov 08 '12 at 08:56
-2

If you do not plan to change your active directory then it's so simple. Just change your route for CAS and make it your default SMTP and pop for sending and receiving mail. Another way is you can make an policy on your exchange to route over your new domain for your CAS

masegaloeh
  • 17,978
  • 9
  • 56
  • 104
Eka Tama Prasetiya
  • 1