U-Tools: Unique Tools for Windows System Administrators
U-Move Help

DNS Aliases

We recommend that you do not swap the computer name unless you have a compelling need to do so. Renaming a domain controller has inherent risks. It can adversely affect installed applications and services that have the computer name embedded in their internal settings. And it can prevent Certificate Services from functioning correctly.

Instead, we recommend that you use DFS Namespaces and DNS aliases. This removes the need to rename the computer in order to access your network file shares or your web sites.

What is a DNS alias?

A DNS alias is a CNAME record in the DNS server's zone file that creates an alternate name for the computer. The CNAME record connects the computer's alternate name to its true (canonical) name.

Example: Adding a CNAME record for a web site

For example, let's assume that your old domain controller is named MyComputer.acme.com and that MyComputer has a web site named http://MyComputer.acme.com. On the primary DNS server for the zone acme.com you would add a CNAME record, like this:

www CNAME MyComputer.acme.com.

To add the new DNS alias to your web site, run IIS Manager and add a new binding for the web site called 'www.acme.com'.

Post-Upgrade step: Add or move DNS aliases

If your DC offers public web sites or other services, change all references from MyComputer.acme.com to service.acme.com. If your DNS server already has CNAME records point to the name of the old computer, change the CNAME records to point to the name of new computer. Do this as a post-upgrade step.

Moving or adding SSL certificates for secure web sites

If your domain controller offers a secure web site (https://MyComputer.acme.com), you will need to generate or obtain a new SSL certificate that has the alias name (www.acme.com). If you use self-signed certificates, use Certificate Services (CS) to generate and sign the new certificate.

If Certificate Services is running on the old DC, you will need to first migrate CS to the new computer during the post-upgrade step. Do this before you generate the new certificate.