It seems more and more that I should rename my Active Directory domain.
There is a well-known process for making this change, which already includes very good answers on Server Fault (like this one). I understand that you may think that I want to ask a duplicate question, but that includes the delicate topic of "Do not trigger a revolution".
I need to
- sell the currency to managers
- minimize disruption to users, especially those who like convenience (see requirement 1).
It is inevitable that decisions are made during the planning and presentation of the change that increases the chances of success (that is, users do not come to my door with forks and torches). This is clearly a subjective question and the best answers would come from people who have already experienced the change.
I've inherited an Active Directory Active Directory Domain from the dawn of Active Directory. We will call it
ACRO.TLD with the name NetBIOS
ACRO (abbreviation of "acronym").
It was great when everyone was using a papi box behind the firewall. But this practice is now obsolete and could cause problems in the end. There are many more mobile devices and that would probably be very serious if the domain had been leaked to the internet at large.
To sell it to management is probably to explain the why behind the very bad things, combined with "the change should not be so bad".
So now the question is how to make sure that the change is not so bad, in other words, minimize the disruption to users. I hate to look open, but I stumble on something fundamental.
We have domains that I will call
COMPANYNAME.NET. Our external Web presence and our e-mail addresses (the e-mail address is hosted externally, there is no exchange)
COMPANYNAME.COM; we have
COMPANYNAME.NET as a buffer against domain squatting.
So, I think my best alternatives are
ACRO.COMPANYNAME.COM, the key point that users are used to
COMPANYNAME.COM and we are only bringing the two together. No need to change the NetBIOS domain name, and of course the Windows 10 login screen uses the domain to which a computer is associated by default.
Due to the existing practice I have already described, users are already trained in the use of separate usernames and passwords for Windows login and email (probably a good thing with hosted email).
Some of the disadvantages are
ACRO.COMPANYNAME.COMis already a registered hostname in the Internet DNS.
- there may be some confusion when both accounts contain
- a pain point to potentially triple what people need to type to enter login credentials.
But are these obstacles real to go forward with
ACRO.COMPANYNAME.COM? Am I missing something?