Alias for Domain Name

Microsoft Windows server 2003 r2 standar...
May 27, 2010 at 22:14:45
Specs: Server 2003 r2
I have a problem with my "local" domain name.
It is in the form XXX_YYY.local
Most things have no problems with this (it's been up for 5 years), but I now have a hardware firewall and one of the settings to use LDAP is the domain name. It will accept Only alphanumeric and "-" characters.
Can I ALIAS XXX_YYY.local to XXX-YYY.local in DNS without killing/damaging/destroying a working network?

See More: Alias for Domain Name

May 28, 2010 at 09:11:07
Better to see if they have a Firmware update to the Firewall to support the "_" but there should be no reason why you can't add the Allies to your DNS. It will probably make an Administrative night mare for you if you have all of the TCP/IP stacks set to automatic because they are going to try to reference the primary Domain Name.

That being said, I am not sure that LDAP will work this way so it may connect to the servers but it will not automatically authenticate. I don't know, I have never tried it before. Would love to try it some time when I have time to see if it works. Love to see what others have to say.

I definitely recommend you do it in a test environment first.

Report •

May 28, 2010 at 09:54:34
I don't think it is going to work...

"Typically, a Windows Server 2003 DNS namespace is deployed to mirror an Active Directory forest and domain infrastructure. In such a deployment, a partition of the DNS namespace is set aside for Active Directory, where a DNS domain name such as is used support the Active Directory forest root domain, and then subdomains of this name are created to suit additional Active Directory domains as needed."

If it does not then you may have to tunnel through your firewall with SSL or VPN but that would suck and you would probably see a performance hit.

This is why you never use special characters in your Domain Name or use well known DNS suffixes like .COM and for the love of Pete Microsoft will you change that darn example you have in your DCPROMO wizard?

Report •

May 28, 2010 at 10:03:08
Ok, found this....

hope it helps. (sorry)

So you may have to either rebuild your entire domain (This is the nightmare that no admin wants) or you might just create a second Domain Forest then setup a trust between the two forests. Then join the people on the other side of the Firewall to the new DC. This would cost you the price of a new server but it would make things easier and faster along with more secure. I like see what work around you ultimately come up with.

Report •
Related Solutions

Ask Question