STATIC DISCLAIMER: All the stuff in here is purely my opinions, and they tend to change depending on what mood I'm in. If you're going to get bitter if I say something about you that you don't like, then maybe don't read. I avoid using names as much as possible, and would request that people who know me do the same in their comments. Basically, I often vent my frustrations on here, so if you happen to be someone who frustrates me, expect to read a description of someone very much like you in here!

Friday, August 26, 2005

Domain rename

Sorry people, but this is going to be a technical post. I'm just kind of "thinking out loud" and thought I'd put it on here so the tech-savvy amongst my readers can comment if they have stuff to contribute.

Currently at my work, we have a single forest, single domain Active Directory infrastructure. Simple, easy and now fast becoming impractical. Why is that? Well, we took the advice of Microsoft's deployment guides and set up an isolated internal domain (stpauls.lan) and then our external domain name (stpauls.nsw.edu.au) is just setup in DNS using a normal zone file. Nothing wrong with any of this, and it's worked fine for a long time.
The problem becomes that some new services we're setting up aren't happy about this arrangement. For starters, our users don't know what this "stpauls.lan" business is all about. They don't know that their actual usernames include "@stpauls.lan" on the end of them. They're just happy with knowing two bits of info - their samid, and their email address. This is one of the primary reasons I want to rename our domain. Because then, their email address is their logon ID. Handy. Especially when our SharePoint Portal is assuming when a user authenticates with their samid externally, that it should tack "@stpauls.nsw.edu.au" on the end of it. Why does it do this? Well, the URL for the portal is within that realm. So it assumes users authenticating are within that same realm. Not good for the average user. They don't understand why it's not working. I need to fix that.
The other thing is that I'm in the process of planning to deploy Live Communication Server 2005. It does this wonderful thing called "federation" where users can connect from outside the local network. Only problem is, that LCS requires a SRV record in your DNS for SIP (YAY!!! 3 letter acronyms GALORE!), and that SRV record has to resolve to a host within the same DNS zone. So for example, if a user's SIP address is justin@stpauls.nsw.edu.au, and the server is rtc.stpauls.lan, it's not going to work. The client will look for the SIP SRV record in the stpauls.nsw.edu.au realm, when actually the server is in the stpauls.lan realm. Not only that, but if you created a SIP SRV record in the stpauls.nsw.edu.au realm that pointed to rtc.stpauls.lan, it wouldn't work because the SRV record needs to resolve to a host in the same realm. Craphouse, hey.
So yeah, basically I want to rename the domain. I have some minor concerns about this. One of these concerns is whether we have applications that have the domain statically stored in them. Another concern is whether client machines will update their domain membership after the rename, or whether I'll have to reattach our 400+ clients. Another concern if this will all just go belly up and I'll be so increadibly stuffed... :(
Ah well, you gotta do what you gotta do. Anyone who's had any experience in this, please let me know.

No comments: