0

So looking for some opinions on if this is a piece of work I should look to pursue.

I started at my current company a year ago and they have an on-premise domain of contoso.local with a domain suffix of contoso.com. The environment is federated to M365 and uses ADFS. So all users use contoso.com for logins and e-mail but the computers and servers are connected to contoso.local.

Now I am looking to use things like Autopilot and Azure Serverless File servers but seem to have an issue in my tests that prevents these functions from working unless connected to the corporate network. My gut (its a guess) says it is because devices and Azure Storage accounts are linked to the contoso.local and as such need to talk to on premise domain controllers to successfully complete/authenticate.

If my assumption is correct I can look to start a work on renaming the domain from contoso.local to contoso.com, I know it would be best practice not to use the root domain but I think that would be even more work for little benefit. However I was wondering if anyone in ServerFault had ever done it with a domain already federated to O365 and if you came across any gotchas in the move.

Thanks in Advanced for your thoughts.

WelshPretender
  • 21
  • 3
  • 1
    Not touching on how to actually rename your domain but some answers regarding naming best practices: https://serverfault.com/questions/76715/windows-active-directory-naming-best-practices – Bob Nov 23 '20 at 10:50
  • Thanks Herman I will have a read through it – WelshPretender Nov 23 '20 at 11:33
  • Thanks HermanB, read through that and I am changing my mind about just switching to contoso.com. Will look into using another public domain name entirely. I doubt it will on reflection cause me anymore issues than doing a migration to contoso.com and will likely save me some headaches on the public website. I am still interested to hear if anyone has experience of doing a rename when already federated to O365 – WelshPretender Nov 23 '20 at 11:48

1 Answers1

0

I'm a little late to the party on this one, but I would avoid renaming the local domain to contso.com. I once configured a domain that way for playing around on, and it was just a bit of a pain. DNS was probably the biggest headache.

Renaming a domain is never fun anyway and you will end up with all sorts of little issues, depending on the size of your company. I ended up renaming the above domain due to this but in the end blew everything away and started afresh.

The way I would tackle this is with Azure AD Domain Services and setup a trust relationship between that and your on prem domain.

Andrew Dash
  • 1
  • 1