AD Domain Rename with a pfSense Firewall



  • I'm preparing to rename an Active Directory domain that is in a location with a pfSense firewall. The firewall is configured with a FQDN in the current domain and will be changed. It's being used with IPSec (ShrewSoft client) w/ AD authentication using a domain account for authentication requests. The business has a static IP and the ShrewSoft client is using their static IP as the hostname.

    I know the firewall's FQDN will have to change from pfsense.oldname.local to pfsense.prefix.newname.com and the account used to authenticate users for the VPN will change from vpnusers@oldname.local to vpnusers@prefix.newname.com. The static IP and local IPs aren't changing.

    My question is if there anything else I need to consider? Will it work to just change those two settings? I'd like this transition to go smoothly and don't want to leave anything out.



  • i would think the pfsense would be the last minor detail to fix. i'd be worried about renaming the domain on the AD/exchange/wsus/sccm/… servers.

    how many times have you succesfully renamed the domainname on an operational AD environment ? (me = 0)



  • This is my first one. Did it successfully in a lab environment and am pretty confident everything will go smoothly. It isn't that large of an organization and they only have one physical server (w/ 2 VM DCs) and really good backups.



  • @bpwnes:

    This is my first one. Did it successfully in a lab environment and am pretty confident everything will go smoothly. It isn't that large of an organization and they only have one physical server (w/ 2 VM DCs) and really good backups.

    sadly i dont have anything to help you with ..
    but i am interested to know how your domain name change goes ..

    our systems team had very tough time when we did it few years ago.



  • We still haven't done the domain rename. The parent domain we were planning on joining ended up being a mess… still has a server 2003 box for some ungodly reason... IMO we should make a new domain of a different name, but I've been unable to convince the powers at be.

    As far as the firewall goes though, I'm pretty sure all I have to do when the time comes is change the domain name within the settings. This will trickle down to the IPSec VPN settings as well, correct?


Log in to reply