I have taken over all IT responsibilities for a company that is using Active Directory (2008 R2 native level) and Exchange 2010. I have come to find out that their internal Active Directory domain name is the same as an external internet domain name that they do not own. I understand that domain rename with Exchange 2010 / server 2008 r2 is not possible as far as I have read. Could someone help me to realize what other options may be available to me? They have quite a large infrastructure so moving to a new forest would be a massive job I would like to try to avoid if possible.

Thank you in advance for your help.


Solution 1:

Domain rename with Exchange 2007/2010 is not supported by Microsoft. If you want to go this route, you will not be able to get any support from Microsoft, and there is a good change that your infrastructure will be damaged in some way. Most sites I have read on this say NOT to do this.

So this leaves you with three options:

1)Do Nothing - This is the easiest of the three options. If the external domain is not something people are going to go to, then there is probably nothing to worry about. There may be some issues in getting UC/SAN certificates for Exchange, but the only issue I am aware of will be a security warning in Outlook when you're using the program inside your firewall.

2)Remove Exchange, then do a domain rename - I don't know what other AD-aware/AD-connected applications you have, so this may not be an option. How this works is that you take a long outage, back up your Exchange databases, remove Exchange from your environment, rename your domain, and then re-install Exchange and configure your environment. This would be a lot of work, and you would have no email during this outage. You would also need to extensively document your Exchange environment so that it is reconfigured with the same settings.

3)AD Migration - Create a new Active Directory forest and migrate all of your AD-objects to this domain. This will require the most work and the most testing to make sure that a migration doesn't break any of your applications.

3a)New AD Domain in the same forest - Some of the Microsoft material that I have read for my MCITP states that you can have discontiguous DNS naming structures in the same forest. This means that you can have one Active Directory forest with domains xyz.com and abc.local. This is a supported configuration for Microsoft Exchange 2010 (see http://blogs.technet.com/b/exchange/archive/2009/10/27/3408616.aspx), and it should allow you to solve your issue without a large-scale migration to a new forest.

If you decide to make any major changes to your AD environment, I would recommend contacting a Microsoft partner to go over your scenario in greater detail than what you can provide here. There may be other caveats that you can't go into detail on that could hinder your project.