Microsoft 2008 R2 AD Domain Name Change (Rename)

Hello Experts,
I'm here because I'm yielding to those who have much more experience of which what is probably a simple process.   In the end I'm hoping for somewhat of a step by step process.  I'm a novice at AD and while I'm sure I could patch this project together, I was hoping to do something "the right way" for once.

Background:
I'm currently at a small school district which has recently gone through a name change.  The network consists of 4 sites with a single MS 2008 DC at each location.  The system is running well, but the name of the domain is inconsistant with the rest of the organization.

I'm sure the system would operate just fine if I left it alone, but I guess I'm a glutton for punishment because I'd like the naming to be congruent with one another.

Through research I've found that there are basically three options for my scenario:
1.) Complete rebuild of a new domain and then migration.
2.) Rename current domain
3.) Create a two domain structure with trusts.

I would prefer to do a complete rebuild as I feel I'll have a better understanding of the layout instead of any underlying configs from the previous administrator.

My problem is that I do not have funding for additional boxes to facilitate a proper test lab.  I need to somehow utilize the current boxes while allowing the current domain to remain operational until I migrate the users and machines to the new domain.  I do have solid backups of the current structure to fall back on.

Current Assets:
Approx 400 end user devices (mostly xp sp2)
Approx 15 production server (2003 & 2008)
AD is relatively straight forward, nothing complicated just users, computers, and security groups
CA is not involved
MS Exchange is not involved

Questions:
Can I utilize the current DCs to bring a new domain?
Will it be completely independant?
Will I need to touch every asset in order to join it to the new domain?
Is what I'm about to do stupid?

I'm open to any and all opinions

Thanks in advance.
M

LVL 2
irishmic33Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike KlineCommented:
Since exchange is not involved I'd probably try and test with a rename first.

1.  You can't utilize the current DCs for the new domain.  You could demote two of them then wipe and rebuild and make those two the new domain.

2.  Yes the new domain would be a new forest/independent

3.  Don't need to touch every machine using ADMT or another migration tool.

Not stupid but does require a lot of planning and testing. (regardless of method used.


Thanks

Mike
kevinhsiehCommented:
I would do a domain rename (and make it different from your public DNS name), so rename it to districtname.local, not district.k12.state.us. The advantage of a migration to a new forest is that you get to know every single detail because you have to touch everything. The downside is that you have to touch/fix everything. If you do a migration you also potentially break every user profile, have to deal with SID history, and a bunch of other stuff I know that I personally would really try to avoid.

If you are running XP SP2, PLEASE upgrade to SP3. It is now unsupported and doesn't receive any security updates. If you don't have WSUS or something similar, you can use that on Windows 2008. Group policies can configure all of your clients and you can get reports on the status of all of your machines.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
irishmic33Author Commented:
Thanks Mike for the info.

Kevin, why not name it the same as the public domain name?
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Sajid Shaik MSystem AdminCommented:
kevinhsiehCommented:
You don't want to name it the same as your public DNS, because http://district.k12.state.us won't work because that has to resolve to your domain controllers, not a web server. The recommended naming from Microsoft is domain.local because .local isn't valid for the Internet, so there won't be a namespace collision with the public Internet.

See more at
http://serverfault.com/questions/38208/sharing-domain-name-between-domain-controller-and-webserver
irishmic33Author Commented:
Thanks for the insight into the naming reasoning.

In the end (in lue of the above information) I will stay with the current convention.  It's working fine and until I muster up the confidence to wipe and redu I'llbe sticking with what I have.

Thanks for the attention to the question.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.