Domain rename

Add a comment March 8th, 2010

Domain renaming is not a daily task but a task you do if the management forces you to do it! (ie. because of a company restructure, take over etc )

There are many resources on the Internet sharing a “walk through” about this job, but I made my own documentation some years ago when I was told to rename the domain. So I just go with the flow and publish it.

To do this task your domain/forest functional level has to be at least 2003 and all DC’s need at least SP1.

Exchange 2003 SP2. This is the only version that supports a domain rename. Exchange 5.5, 2000 and 2007 is not supported and Exchange can’t be installed on a DC.

Before you proceed you do have to read the official documentation and requirements from Microsoft:  http://technet.microsoft.com/nb-no/windowsserver/bb405948(en-us).aspx

– Download the domain rename tools

– Understanding How Domain Rename Works

Step-by-Step Guide to Implementing Domain Rename

The environment consisted of:

One forest (2003 Functional level) with three domains (2003 FL, transitive trust and a parent-child trust), six DC’s (Win2003 SP1) and four Exchange servers (Win2003 SP1 with Exchange SP1).

The objective was to rename one of the three domains. (The domain without a child).

Before we started banging on the production environment, we made a test environment to test the rename and its impact on all third-part applications like Citrix, MSSQL based applications, HP Data Protector. After a month of testing and three successful renaming, we moved over to the production environment.

Preparing:

To increase your chance of a successful renaming your domain have to be in a good shape.

· Your event logs should be clean on all DC’s and Exchange servers
· “dcdiag /v /e /c” should be clean
· “netdiag /debug /v” should be clean

You need to have a domain member to act as the Control station (CS). Should be at least a Win2003 SP1 server. Log on to the control station with an enterprise admin (I guess you don’t bother the “run as” in this situation) and download the domain rename tools to this server (domainrename.exe and xdr-fixup.exe).

Install by running the domainrename.exe. It will install rendom.exe and gpfixup.exe to “C:\Program files\Microsoft Domain Rename Tools”

Copy both these files to “C:\Rename”

Now it’s time to take some System State backups of your domain controllers and keep them in a safe place.

In this documentation I will use theses domain names:

Old domain name: tottenham.int
New domain name: spurs.local

Create a new DNS zone:

· Open the DNS management consoll (dnsmgmt.msc)
· Right click “Forward Lookup Zones” > “Add new forward lookup zone”
· Call it “spurs.local” (without quotes)
· If you have a trusting domain, create the same zone as a secondary zone in the trusting domain

DNS suffix:

When you rename the domain the DNS suffix in the domain will change. Two conditions must be checked:

· The computers DNS suffix should be configured to change when the domain membership changes (default)
· No Group Policy must configured to set the primary DNS suffix to computers.

Do the renaming procedure:

Open cmd and change the directory to “C:\Rename”.

1. rendom /list

· This will create a list of the directory partitions in the forest
· Copy the “domainlist.xml” file to “domainlist-save.xml”
· Open “domainlist.xml” in Notepad and change it to the new forest description

2. rendom /showforest

· Verify that it reflect the new domain name

3. rendom /upload

· Generates the domain rename instructions
· Pushes the rename instruction to all DC’s
· Force a replication. “repadmin /syncall /APed”

4. rendom /prepare

· Verify that all DC’s are ready
· You should get an answer from all DC’s and they should NOT return an error. If they do, open “dclist.xml” (that was created in step 3). The DC’s that have reported errors will not be tagged with <state>prepared</state>. You have to troubleshoot any errors. DO NOT set the state to “prepared” manually in this file for any DCs!

You should fix any errors and re-run “rendom /prepare” until all DCs are in the “prepared” state.

5. rendom /execute

· If everything goes as planned you should get an answer from all DCs. The DCs will reboot automatically. When the DCs are back online the domain name is changed, but not the DNS suffix on the DCs itself. This has to be done manually on each DC in the renamed domain:

Add the new DNS suffix:

· netdom computername dc01.tottenham.int /add:dc01.spurs.local

Change the primary DNS suffix:

· netdom computername dc01.tottenham.int /makeprimary dc01.spurs.local

Reboot the server.

Remove the old DNS suffix:

· netdom computername dc01.spurs.local /remove:dc01.tottenham.int

Reboot the CS twice!

5.1. Exchange

(still working from the CS):

Before you proceed to the Exchange specific tasks, you got to be sure you are not going back with a domain restore.

· xdr-fixup /s:domainlist-save.xml /e:domainlist.xml /trace:TRACEFILE /changes:CHANGESCRIPT.ldf

This will create two files. changescript.ldf and restorescript.ldf. You run this command only one time (not one time per Exchange server).

· ldifde -i -f changescript.ldf

(to revert, run “ldifde -i -f restorescript.ldf”)

· Restart all Exchange servers twice

6. rendom /end

· this will unfreeze the forest


Side steps:

Reestablish external trusts and validate:

· “nltest /sc-query:foreign_domain.com” (from a DC in the renamed domain)

· “nltest /sc-query:spurs.local” (from the trusting domain)
Fix DFS topology (if you use DFS)

Fix GPO links:

gpfixup /olddns:tottenham.int /newdns:spurs.local /oldnb:tottenham /newnb:spurs /dc:dc01.spurs.local /user:administrator /pwd:password 2>1 > gpfixup.log

Look for errors in the created log.

Take a new System state of the DC’s.

Restart all other servers twice.

Verify the Exchange rename:

· xdrfixup /verify:restorescript.ldf /changes:verifycorrections.ldf

this should give you:

Verified that the server exch01.tottenham.int was renamed to exch01.spurs.local. Verify pass has completed.(it should list all Exchange servers involved in this output)

Verify/update the Recipient Update Services (RUS) which DC it should use.

If applicable, update the Active Directory Connector (ADC)

Reboot every computer in the domain twice. When it’s done. Do the last step **:

7. rendom /clean

Side steps:

· Authorize the DHCP server
· Delete the old Forward Lookup Zone from DNS
· dcdiag /v /e /c
· netdiag /debug /v
· Check Event logs

** If you have many domain member laptops out of the house during the rename, you can wait with step 7 until they have logged on the domain and rebooted twice. I think I waited a week before I ran step 7.

If you run step 7 and there are members that have not been booted twice you have to rejoin them to the domain. I made a script to keep track of computers that have not been updated with the new domain name.

''''''''''''''''''''''''''''''''''''''' Save me as a vbs file '''''''''''''''''''''''''''''''''''''''

On Error Resume Next

Const ADS_SCOPE_SUBTREE = 2

Set objFSO = CreateObject(“Scripting.FileSystemObject”)

””” Create a text file with all computers holding the old domain name

Set objResultsFile = objFSO.CreateTextFile(“C:\temp\tottenham.txt”, True)  Set objConnection = CreateObject(“ADODB.Connection”) Set objCommand = CreateObject(“ADODB.Command”) 

objConnection.Provider = “ADsDSOObject” objConnection.Open “Active Directory Provider” 

Set objCommand.ActiveConnection = objConnection objCommand.Properties(“Page Size”) = 1000 objCommand.Properties(“Searchscope”) = ADS_SCOPE_SUBTREE  

””’ Modify the query so that it responds to your domain 

objCommand.CommandText = _ “SELECT dnsHostName, distinguishedName FROM ‘LDAP://dc=spurs,dc=local'” & _ “WHERE objectCategory=’computer’ AND dnsHostName=’*tottenham.int'”

Set objRecordSet = objCommand.Execute

Do Until objRecordSet.EOF 

objResultsFile.Write objRecordSet.Fields(“dnsHostName”).Value & ” –> OU: ” objResultsFile.Write objRecordSet.Fields(“distinguishedName”).Value objResultsFile.Writeline objRecordSet.MoveNext Loop

Wscript.Echo objRecordSet.RecordCount objResultsFile.Close

'''''' EOF ''
  1. October 3rd, 2011 at 12:29 | #1
    Andrés

    Thanks, great concise guide. Just what I needed!

  2. January 5th, 2012 at 14:20 | #2
    carol

    Excellent and thanks for sharing!

  3. August 10th, 2012 at 19:59 | #3
    Freeaqingme

    Thanks, brilliant read. Concise, thorough and clear. Works like a charm 😉

  4. August 15th, 2012 at 12:28 | #4

    Thank you sooo much for simplifying this process! I was very cautious about renaming a domain but I had no choice as it was named with a singe label by a previous IT person and we wanted to migrate to a new server. You saved me so much time. Thank you for donating yours! The only problem i had was acquiring the domain rename tool – All MS links appear to be broken right now.

  5. July 15th, 2014 at 09:31 | #5
    Olivier

    Hi,

    just a quick question,

    Why should you use a control station and not a domain controller to perform this operation?
    Why exactly?

  6. July 22nd, 2014 at 09:15 | #6
    Rune

    Hi, I can’t recall to have read anything about why, but my guess is that you should use a domain member as a control station (CS) because the DCs will be rebooted multiple times automatically (Remote reboot invoked from the CS) at the same time. It would be too bad to lose Control over the CS during this.

  7. October 14th, 2014 at 07:40 | #7
    Olivier

    Hi,

    Thank you for answering me Rune.
    It must surely be that the fact that the Dcs restarted several times.

    In any case, I perform the procedure rename the domain name for a client and everything went well.

    Just one problem with Citrix but it was not due to rennommage itself.

    Anyway thank you for your site, it was very useful to me even if I redid my own procedure, taking some info on other site including MS .

  8. December 14th, 2014 at 23:14 | #8
    Jon

    Your information for the preparation and follow through is on the money. I ran into a problem I haven not been able to find a solution for. Our domain controller and ba kup DC needed a renaming and while all the tests and preparation all passed muster, ths rendom /prepare with a fail for both servers generating an error message 5. I am unable to locate an explanation in all readings I’ve done. Do you know of any explanation for this error? Since both servers are listed in the xml files as “Initial”, is it possible to delete the new zone which is now populated with A records and start over or is thdre a method to make corrections and finish what was started?

  9. December 19th, 2014 at 14:18 | #9
    Rune

    Hi, error 5 is often refered to Access denied errors. Are your user a member of the domain’s Enterprise Administrator group?

  10. February 7th, 2015 at 01:56 | #10
    Juan dela Cruz

    Hi,

    Thanks for this info. But how about for netBios rename?

    Thanks.

  11. February 7th, 2015 at 11:07 | #11
    Rune

    Hi,
    you can change the NetBIOS name as well during a domain rename. You can rename the FQDN, the NetBIOS name or both. If I remember correctly, it’s not supported to rename the NetBIOS name when you rename a domain with Exchange 2003.

    Thx

  12. June 15th, 2016 at 07:34 | #12

    It’s impressive that you are getting thoughts from this article as well as from our argument made at this place.

  13. October 19th, 2016 at 02:12 | #13

    Choosing compatible software is very important, so you
    have to choose carefully which CCcam sharing protocol you
    need to ggo along with your Dreambox. You wull begin the
    proces oof setting up your own CCcam syswtem by buyng proper equipment.

    Other functions that will make the servers beneficial include their quality, service reputation along with the cluster numbers they will offer.

  1. No trackbacks yet.
Comments feed


nine + = 13