How to change a windows 2000 domain name?

Posted on 2003-11-04
Last Modified: 2010-03-18
Hello everyone,

we are in the process of renaming the company name and subsequently we want to change the windows 2000 domain name and the Exchange 2000 server organization to reflect our new name.
Now, I know that there are many issues involved in changing the domain. I read almost everything in the Internet and I came out with different ideas.
I don't know if my ideas are correct, so I am here to ask for the help of you expert...
Requirements: we want to keep both names for the time being, so customers can gradually get used to the new name. We don't want to forward the mail directed to the old domain to our new domain. Users must be able to access both their old and newly created mailboxes. The win2k domain is behind a firewall. The Users in the new domain have to keep the rights they had in the old domain.

1) My first idea is to set up a domain controller and a mail server backup all the users' accounts and the mailboxes, take it off the network and demote the other domain controllers in order to start a new domain. I am aware that doing that I have to get rif also of the exchange organization. After that, I rejoin the server I took off the network and create trust relationship between the two domains for the time being until we decide to get rid completely of the old name.

2) create a new domain in a new box with the new name and create trust relationship between the two domains for the time being until we decide to get rid of the old name.

3) Set up a domain controller and a mail server backup all the users' accounts and the mailboxes, update the other domain controllers to win2k3, uninstall Exchange, change the name, reinstall exchange, create the trust. Keep the two domains for the time being.

I look forward to receive your suggestions,
Question by:fromano2802

Accepted Solution

vtobusman earned 250 total points
ID: 9679984
ok well how about this...
 Upgrade your servers to server 2003...
then built in to server2003 is a domain renameing tool that allows you to rename you active directory domain...

  takes allot of the pain of all the re-installs out...

 good luck

Expert Comment

ID: 9685521
The domain renaming tool is also available for Windows 2000 networks. Please use the search tool on


Author Comment

ID: 9686888
I don't think there is such a tool for win 2000. People at microsoft are advertising this as a new feature for win2k3.
Anyway, I'd like to leave the win2k3 option as my last resource in case there is no other way to do what it needs to be done.
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

LVL 32

Expert Comment

ID: 9700975;EN-US;292541
To Rename a Windows 2000 Domain
Create a backup of any and/or all domain controllers that may be involved in this process.
If there are no existing Windows NT 4.0 BDCs in the Windows 2000 domain, then you have to install one that is preferably running service pack 6 or 6a. If you want, you can install a second BDC and then physically remove it from the domain to serve as a backup for the domain information as it contains all of the domain user accounts, and the Security Accounts Manager (SAM) and security information.
Allow sufficient time for this BDC to acquire all domain security and SAM information. To force a full SAM/security database replication, run the following command on the BDC:
net accounts /sync

A record of the successful full replication events should be logged in the System log.
If there is only one Windows 2000 domain controller in the domain, leave the Windows NT 4.0 BDC connected to the network, and then physically remove the Windows 2000 domain controller from the network. Make sure that the Windows 2000 domain controller is isolated from the rest of the network. If it is plugged into a hub, make sure it is not connected to the rest of the domain. If you have only one Windows 2000 domain controller, you can perform step 6 now before you continue with the demotion of the Windows 2000 domain controller.
You must now demote all the Windows 2000 domain controllers to member servers by running the dcpromo command on the actual domain controller. To run this command, click Start, click Run, type dcpromo, and then click OK. If there are more than one Windows 2000 domain controller, run dcpromo on each of them to make each one a member server, until there is only one Windows 2000 domain controller remaining.

Now you can disconnect the Windows 2000 domain controller from the network, while leaving the Windows NT 4.0 BDC connected. Run dcpromo on this last domain controller, and be sure to choose the last domain controller in the domain option. When this completes, and the computer restarts, it will be a member server in a work group, which you can then rejoin to the domain if you want to. If you disconnected one Windows 2000 domain controller in step 4, then you simply run the dcpromo command on it as described in this step.

Note: To run dcpromo successfully, the network adapter must detect a network connection. Therefore, the Windows 2000 domain controller must be attached to an active hub or switch, even if there are no other connections to the hub or switch, and it is isolated from everything else which is desired.
Open Server Manager on the Windows NT 4.0 BDC and promote this computer to a primary domain controller (PDC). If a message appears stating that it cannot contact the PDC and asks if you want to continue, click Yes, and then complete the promotion. When this is complete and the server restarts, verify in Server Manager that the computer it is now described as the PDC.
Upgrade this Windows NT 4.0 PDC to Windows 2000. When the Windows 2000 upgrade is complete, the computer restarts to begin the Active Directory installation. During this process, enter the desired domain name.
If you have demoted other Windows 2000 domain controllers earlier, you can now promote them back to domain controllers by running dcpromo on them.

Hope this helps,


Author Comment

ID: 9701338
Thank you for your help,

but I don't think I can't use the method you suggested because my windows 2000 domain is in NATIVE mode not mixed, therefore I can't add any win NT domain controllers.

LVL 32

Expert Comment

ID: 9701383
Too bad, it was worth a shot :(

I'll see if I can find anything else.

Assisted Solution

dcmartinpc earned 250 total points
ID: 9731180
I agree with vtobusman.  It is not possible to change a Windows 2000 domain unless you revert everything to stand alone and then recreate the domain, but then you lose all of you domain information.  Sorry, Upgrade to 2003.  Then you could rename one of the DC's and then demote and promote the rest of your DC's to be in the new domain.  Just make sure replication has occurred before you demote any of the other DC's.  You should also make sure to upgrade the First DC in the domain to Server 2003.  This is because it is usually the Global Catalog server.

LVL 11

Expert Comment

ID: 10519403
No comment has been added lately (113 days), so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area for this question:

RECOMMENDATION: split points between vtobusman http:#9679984 and dcmartinpc http:#9731180
Accept vtobusman's suggestions

Please leave any comments here within 4 days.

-- Please DO NOT accept this comment as an answer ! --


EE Cleanup Volunteer

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
An article on effective troubleshooting
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question