Active Directory – Cosmetic Forestry
Over the past year the media have reported on banks and companies facing impending doom; government bailouts and other measures to ensure the global economy does not implode. As a result many mergers and aquisitions have occured and IT departments are now facing multiple challenges.
One such scenario may be: A manager who during logon notices a domain name is XYZ.com but realises his company is ABC.com and issues an edict to rename the XYZ.com environment or remove it, stating we bought them; I don’t want to see their name everyday when I log on.
How to convince the suits that it is purely cosmetic?
Trying to explain the technical issues around renaming an Active Directory environment to someone holding the budget for I.T. who is not necessarily technical is a major challenge, but associate costs to making the change and suddenly you are speaking the same language.
So what costs are involved?
The costs involved can be huge for very little gain, if any. Try to associate a value to each of the listed challenges.
This information is based on a Windows Server 2003 based Active Directory
To rename the domain one would have to touch all the domain controllers and all domain joined machines.
If Exchange is in the environment, you face multiple challenges.
Exchange 2007 – Does not even support a domain rename if installed; KB925822
Exchange 2003 > SP1 Supports domain rename but needs additional administrator intervention KB842116
Exchange 2003 RTM – Does not even support a domain rename; KB822590
Exchange 2000 All Versions – Does not even support a domain rename; KB822590
The entire PKI infrastructure would have to be uninstalled and started afresh.
Now some key challenges have been identified, consider COTS applications, bespoke applications and custom code that all may use Active Directory. All of this would need testing and then consider the impact to the business if it went wrong?
Having worked in IT for a number of years, what often appear to be simple changes to the environment are the most complex and ones that you wish you had never started. If the boss does shout and asks why he can see XYZ.com? Perhaps with these few identified challenges you can have a starting point in your defence as to why it has not been done.
So with these facts in mind, if you are designing a new Active Directory, keep one eye on the future as nobody knows what that may hold and use a non-company specific domain name, which in turn may help you or your peers in the future. … but in reality the most simplistic approach, instead of renaming the environment may be that of migration into a clean or existing forest.
(this is an old blog post – revisited)