Changing forward lookup zone

Discussion in 'DNS Server' started by Mehdis, Apr 14, 2010.

  1. Mehdis

    Mehdis Guest

    Hi, we are currently using a zone 'companyname.com' on our internal DNS (on
    Win2K3 PDC). It contains records for internal use only....referencing PC's
    and servers in the office. We are wanting to move away from this to
    'companyname.local'. Is there an easy way of moving all records to the new
    name?What would be the best way?

    Any advice would be greatly appreciated.

    Many thanks.
    Mehds
     
    Mehdis, Apr 14, 2010
    #1
    1. Advertisements


  2. If you are referring to an Active Directory installation with an AD DNS domain name of company.com, and you want to change it to company.local, it would require a complete migration from company.com to company.local. This is not an easy task, especially assuming that the new one you want to go to will have the same NetBIOS AD domain name.

    Is the company.com name causing you any problems with resolving external resources? That is the usual complaint when configured with the 'same name internal and external domain name." If so, please read my blog on this. It's rather a simple solution to straighten it out.

    Split Zone or no Split Zone - Can't Access Internal Website with External Name
    http://msmvps.com/blogs/acefekay/ar...cess-internal-website-with-external-name.aspx

    Otherwise, let us know what problems you are seeing so we can offer a solution.

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
     
    Ace Fekay [MVP-DS, MCT], Apr 14, 2010
    #2
    1. Advertisements

  3. Mehdis

    Mehdis Guest

    Hi Ace, thanks for the info. Just a couple of things to mention - The
    'companyname.com' forward lookup zone in our internal DNS (same server as AD
    e.t.c) isnt causing us any technical problems. Its just that it seems good
    practice to have any records used internally contained within a zone
    'companyname.local' so we want to do this. For example, we have a CNAME entry
    in our 'companyname.com' zone such as name 'server1.companyname.com'
    Obviously this isnt strictly true so we'd like something more logical (.local
    would be good.).

    Therefore I'd like to know if its possible to stop using the companyname.com
    zone and only use a new companyname.local zone instead.

    Im not sure if I'm giving enough details. If not, let me know :)

    Many thanks.
     
    Mehdis, Apr 15, 2010
    #3

  4. You are welcome, so far.

    Just to get the facts straight, your AD DNS name is company.com, correct?

    As for best practices regarding names, there really aren't any 'best practices' rather it's just a choice. There are pros and cons on which to use for an AD name, and the consequences if hosting internal resources that are also available on the public side.

    And I would suggest to minimize, if not eliminate, the use of CNAMES. They can cause problems, especially with mail MX records (on the public side), or other issues with AD SRV records, or if you try to use it for resource sharing such as for mapped drives, or trying to create a matching server NetBIOS name under a different zone, etc.

    And I believe just to make things more "logical" (not exactly sure what you mean by that), to create another zone, such as a .local zone to match the 2nd level name (the 'company' portion), I don't think it will really help, but then again, I don't exactly follow *why* you want to do this to begin with.

    Ace
     
    Ace Fekay [MVP-DS, MCT], Apr 15, 2010
    #4
  5. Mehdis

    Mehdis Guest

    Yes thats right, company.com is our AD DNS domain name. What I mean by
    logical is that having .local for internal use and .com for external would
    highlight that internal & external DNS serves different purposes - it just
    saves confusion. With company.local internally and company.com externally,
    its easy to visualize what you are trying to connect to. All the public
    facing services like www, mail & ftp will all be associated with .com
    addresses over the Internet. Internal services like servers & internal e-mail
    will be associated with .local dns servers. I realise that it may not be
    neccessary for us to change the zone name as we dont have any issues with
    what we have already. It's just a matter of choice. Would this still need a
    complete migration?

    Thanks again.
     
    Mehdis, Apr 19, 2010
    #5

  6. Hello Mehdis,

    Yes, unfortunately it would require a migration. The TLD change is
    basically a completely different DNS name and would be a major change.
    It is not that simple to just change the name and AD work as to what
    you are desiring to do.

    I would suggest and recommend to just leave it alone if everything is
    working.

    Ace
     
    Ace Fekay [MVP - Directory Services], Apr 19, 2010
    #6
  7. Mehdis

    Mehdis Guest

    I see what you mean. In 3-4 months time we do actually plan on upgrading from
    Windows Server 2003 to 2008 so perhaps this would be an ideal opportunity to
    make the change? If we do decide to make the change, in brief, what would be
    the procedure to alter the DNS name during the migration process? I'm still
    doing some reading on this but any guidance from anyone would be great.

    Thanks again.
     
    Mehdis, Apr 20, 2010
    #7
  8. It's basically a Migration. You would setup the new domain/forest with
    a completely separate and different name. You won't even be able to
    use the first part of the name, such as domain.com, you can't make it
    domain.loca, because the first part of the name will become the
    NetBIOS name. The two NetBIOS domain names will conflict when
    installed on the same wire. And the tool you would need, ADMT (AD
    MIgration Tool), requires NetBIOS connectivity.

    Also, if you have Exchange, that will be another complexity, depending
    on which version you have.

    YOu can also go for a rename, but then again, Exchange interoduces a
    complexity with this, too, and furthermore, Exchange 2007 & 2010 do
    not support rename. The following is my blog on a rename, if you want
    to look into a rename.

    Domain Rename With or Without Exchange
    http://msmvps.com/blogs/acefekay/archive/2009/08/19/domain-rename-with-or-without-exchange.aspx


    As for an AD Migration, the following should help to understand what
    is involved. I've also included Exchange information, too, since I
    don't know if you have Exchange in use or not.

    Active Directory Migration Using ADMT 3.1
    http://www.sivarajan.com/admt.html

    ADMT v3.1 Guide: Migrating and Restructuring Active Directory Domains
    http://www.microsoft.com/downloads/...19-1BA5-41CA-B2F3-C11BCB4857AF&displaylang=en

    Active Directory Migration Tool version 3.1
    http://www.microsoft.com/downloads/...01-7DCA-413C-A9D2-B42DFB746059&displaylang=en

    Password Export Server version 3.1 (x86)
    http://www.microsoft.com/downloads/...3C-4757-40FD-8306-68079BA9C773&displaylang=en

    Password Export Server version 3.1 (x64)
    http://www.microsoft.com/downloads/...61-1C00-4DA7-9C0D-130200AED21A&displaylang=en

    Domain Migration Cookbook - Index and Cover:
    http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook/cookintr.mspx

    ADMT requires a two way trust between the forests - Create a trust
    between
    the two forests
    http://technet.microsoft.com/en-us/library/cc780479.aspx


    For Exchange mailbox moves...

    You Had Me At EHLO... : Exchange 2007 Cross Org Mailbox
    MigrationExchange
    Migration Wizard was used to perform this task in Exchange 2003.
    Exchange
    2007 has incorporated Cross Org migrations into the ...
    http://msexchangeteam.com/archive/2006/11/02/430289.aspx

    If Exchange 2003 is involved, you can use the Exmerge tool. If
    Exchange 2007
    is involved, you would need to use the MoveMailbox method from the
    source
    org to the target org after
    migrating user accounts.

    This is a weak overview of the mailbox move:
    http://itknowledgeexchange.techtarg...igration-from-exchange-2003-to-exchange-2007/

    How to Move a Mailbox Across Forests
    http://technet.microsoft.com/en-us/library/aa997145.aspx

    AD and Exchange Consolidation
    http://itknowledgeexchange.techtarget.com/itanswers/ad-and-exchange-consolidation/

    Inter-Forest Migration/Consolidation
    http://forums.techarena.in/active-directory/1135548.htm

    Deciding to Consolidate Exchange Messaging Systems
    http://technet.microsoft.com/hi-in/library/bb124206(en-us,EXCHG.65).aspx

    Server Consolidation Recommendations
    http://technet.microsoft.com/hi-in/library/aa998499(en-us,EXCHG.65).aspx

    If using the Quest tools (recommended), read this for an idea of what
    to
    expect, time per GB, etc. Thread: QMM throughput question
    http://migration.inside.quest.com/thread.jspa?messageID=27243

    I hope that helps.


    Ace
     
    Ace Fekay [MVP - Directory Services], Apr 20, 2010
    #8
  9. Mehdis

    Mehdis Guest

    That info will all help greatly. Thanks Ace. Regarding the NetBIOS domain
    name issue you mentioned, this only happens if you are upgrading on the same
    server and not migrating to a new server?
     
    Mehdis, Apr 21, 2010
    #9
  10. The issue is if you try to migrate to a new forest, but you are trying
    to keep the same NetBIOS domain name and/or server name. Say if the
    domain name is domain.com but you want to go to domain.local. By
    default "domain" is the NetBIOS name. In a migration scenario where
    you are truly migrating it, the NetBIOS domain names will need to be
    different, or you can't run the migration tools due to conflicts.

    This doesn't affect renames.

    Ace
     
    Ace Fekay [MVP - Directory Services, MCT], Apr 21, 2010
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.