How do you change the name of a Domain

[MusicMelody]

Hi,

I'm a real newbie at this and am working as an intern... please be gentle in your responses!

The company that I am at recently updated to Windows 2000 Server Business Edition (from Win NT 4.0) with approximately 25 client workstations having Win98 to Win2000 OS.

The boss wants to add several features including Exchange OWA in the future, but there are some issues that need to be resolved before this next step can even start. There was a poor naming scheme at set up. It seems my job is to begin with a name change on the domain to allow for better security management and less confusion. Is there an easy way to do this? And if so, how? Active Directory is functioning well and the domain sits behind a firewall and router with an private IP address.

Can anyone give me a heads up on this? It would be very much appreciated! Thanks in advance........

 

[ricpinto]

Let's start it this way, hopefully somebody will join in:

Do you think there's a problem with your domain name then what is it?
Did you have it registered? like domainname.com,.org .com.au etc? If you have it registered, do you plan to use it in your AD? How many public and static ip address do you have?

 

[MusicMelody]

My appologies for lack of info. There are so many issues, I'm not sure what or where to start...

There are two public ip addresses. One is registered as a (.org) and assigned to the web site. Yes, it is currently being used in the AD. The other is free to be used having no domain registered for it yet.

The company moved from peer-to-peer to a server/client setup a couple of months ago. DHCP was never activated, so the 25 client workstations and networked peripherials still contain their assigned static ips. (That's another task!)

Anyway, the organization has only one server on which they have Win2000 Server Business Edition and began setting up Exchange 2000 on the same server before I got here. They also in the near future plan to configure OWA on this server as well. The internal domain that was set up uses the same name as the registered .org domain name. The naming scheme that was chosen internally is not at all very secure and would really be an easy target for hacking. They want me to change the internal domain name in preparation of registering it. They already have Windows Outlook set up to receive/send mail through this. So changing the domain name means changing all the naming on client mail too, right?

I'm looking for any type of solution, or at least a direction to research. I've no real experience with either Exchange or OWA. Again, thanks for your help..

 

[ricpinto]

You must do a lot of reading I will give some links to start and you decide the final solution.

First you must have security, you need to have a DMZ. Look at Gia site on how to create one and this will also solve the one name for both external and internal network:

http://www.almondeyes.net/getart.asp?id=12

As for OWA you need 2 exchange server one is front end and the other is the back end. Put the front end server (web and exchange) in the DMZ.

http://support.microsoft.com/default.aspx?scid=kb;en-us;326276

If you want to use ISA server as your firewall then read this link :

http://support.microsoft.com/default.aspx?scid=kb;en-us;326276

 

[ricpinto]

There's a correction:

> If you want to use ISA server as your firewall then read this link :

http://www.isaserver.org/pages/article_p.asp?id=1221

My post is written that way because you're configuring OWA later on.

 

[MusicMelody]

It's a good thing I like to read! Thanks for the links. I will begin there. I am very greatful for the help.

 

[jkupski]

ricpinto,

I don't think your suggestion of a front-end/back-end configuration is particularly feasible. Exchange 2000 front end servers have to be Enterprise Edition. I can't see any company as small as this one is described dropping $4k (plus hardware) like that.

MusicMelody,

I don't understand what you mean by "the internal naming scheme would be an easy target for hacking" or why that would require you to rename the domain.

Also, renaming a Win2k domain is _not_ a fun task, though it's possible using the Active Directory Migration Tool, a spare server, and about 8 hours of work. A better idea would be to modify your default recipient policy to include your new domain name, so mail sent to john.doe@olddomain.org and john.doe@newdomain.com would be delivered to the same user.

Lastly, I do agree with ricpinto that it's a _bad_ idea to expose your company's one-and-only server to the internet--personally, I think it's a bad idea to expose Winows machines directly to the net period. Some sort of front-end in a DMZ would be a good idea, and personally I would reccomend a linux or *BSD based box running Postfix. You can sell the added security to your boss by pointing out that you can also run spam filtering, antivirus, etc, software on the gateway, and preventing any of that crap from ever getting to your Exchange server. The cost to do all of that would be the hardware and your time.

You could also install squid on the gateway and reverse proxy OWA.

 

[MusicMelody]

Thanks for the advice jkupski. I am currently looking into how to setup a front-end server within a DMZ.

I would love to implement a linux machine here, but there will be no one here to maintain it when the internship is done. The net admin has no knowledge of Linux. Therefore, I am limited to Windows... and a strict budget. Also, I will look into modifying the default recipient policy. The organization is quite small and extra servers are not a feasible option to play with.

Thanks again for the help.