Options
Talk about a crazy day.....
I'm curious if anyone here has renamed a domain before in a production type environment? I was asked to do this and I simply looked at the individual and stated "You want me to flat line our whole domain and re build it? This would require a lot more effort to accomplish..... Fun maybe but still a lot.
Reason? well Lets say you have a PKI infrastructure setup to trust a certain chain and your DC certs are from that CA authority (not your own but someone else provided it to you for the past 6 years). Then one day that CA does not give you any more DC certs because of your FQDN does not meet their requirements (which happen to change =/). Your smart cards have soft certs that chain up to that CA. PKI would be hosed.... I've bumped into an issue like this which resulted in a question to change my domain to what they want and then they would provide me the certs.
Wish I had my own smart cards..
Anyone else have similar days?
Reason? well Lets say you have a PKI infrastructure setup to trust a certain chain and your DC certs are from that CA authority (not your own but someone else provided it to you for the past 6 years). Then one day that CA does not give you any more DC certs because of your FQDN does not meet their requirements (which happen to change =/). Your smart cards have soft certs that chain up to that CA. PKI would be hosed.... I've bumped into an issue like this which resulted in a question to change my domain to what they want and then they would provide me the certs.
Wish I had my own smart cards..Anyone else have similar days?
Comments
-
Options
MickQ
Member Posts: 628 ■■■■□□□□□□
Renaming a domain is always a pain and even though it's easier in 2k8, it still should be looked at with a mine of salt. It takes a lot of careful planning and a lot of time to look into each nook and cranny to find out all the dependencies (as you have well pointed out), and even then... ugh, I just got a shiver down my spine.
Anyway, you can tell them yes, but then give them a rough budget of costs for planning, training, implementation, other "hangovers", as I call them (eg. your PKI), and of course - the so so wonderful - downtime and estimated loss of earnings.
The need to share a beer is calling.