AD Domain Rename with a pfSense Firewall
-
I'm preparing to rename an Active Directory domain that is in a location with a pfSense firewall. The firewall is configured with a FQDN in the current domain and will be changed. It's being used with IPSec (ShrewSoft client) w/ AD authentication using a domain account for authentication requests. The business has a static IP and the ShrewSoft client is using their static IP as the hostname.
I know the firewall's FQDN will have to change from pfsense.oldname.local to pfsense.prefix.newname.com and the account used to authenticate users for the VPN will change from vpnusers@oldname.local to vpnusers@prefix.newname.com. The static IP and local IPs aren't changing.
My question is if there anything else I need to consider? Will it work to just change those two settings? I'd like this transition to go smoothly and don't want to leave anything out.
-
i would think the pfsense would be the last minor detail to fix. i'd be worried about renaming the domain on the AD/exchange/wsus/sccm/… servers.
how many times have you succesfully renamed the domainname on an operational AD environment ? (me = 0)
-
This is my first one. Did it successfully in a lab environment and am pretty confident everything will go smoothly. It isn't that large of an organization and they only have one physical server (w/ 2 VM DCs) and really good backups.
-
This is my first one. Did it successfully in a lab environment and am pretty confident everything will go smoothly. It isn't that large of an organization and they only have one physical server (w/ 2 VM DCs) and really good backups.
sadly i dont have anything to help you with ..
but i am interested to know how your domain name change goes ..our systems team had very tough time when we did it few years ago.
-
We still haven't done the domain rename. The parent domain we were planning on joining ended up being a mess… still has a server 2003 box for some ungodly reason... IMO we should make a new domain of a different name, but I've been unable to convince the powers at be.
As far as the firewall goes though, I'm pretty sure all I have to do when the time comes is change the domain name within the settings. This will trickle down to the IPSec VPN settings as well, correct?