Solved

Rename Active Directoty Domain Name Windows 2003 R2

Posted on 2014-09-08
6
442 Views
Last Modified: 2014-09-24
I have a Windows 2003 R2 Standard Domain that I inherited and I would like to change the Domain Name to something more logical than it currently is.  The Domain Functional Level is Windows 2003 (Operating at the highest level...) and the Forest Functional Level is Windows 2003 as well.

This Domain has a Trust with a parent company's Domain (Domain & Functional Level Windows 2008 R2) and the ultimate goal is to separate these two Domains, the Windows 2003 R2 Domain should have a new Domain name (There is no Exchange on this Domain yet) and I want to introduce two new Windows 2008 R2 servers and DCPROMO each to have  the Domain & Functional Level Windows 2008 R2.

What are the steps I need to take and in what order?  
Can I introduce the two new Windows 2008 R2 servers as DC's prior to renaming the Domain?

Thanks!
0
Comment
Question by:iNetSystem
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 4

Accepted Solution

by:
Neeraj Kumar earned 500 total points
ID: 40311253
Find the below mentioned steps :

1. Rendom utility is used to rename domain. It is availabe in windows support tool
2. Rectify any replication issue if exist (repadmin /showrepl)
3. Create an AD integrated zone in DNS with new domain name
4. Go to command prompt and type:  rendom /list (Will generate a state file named Domainlist.xml. This file contains the current forest configuration)
5. Edit the file with notepad and change this existing domain name to new domain name
6. rendom /showforest. (This is to show the potential changes; this step does not make any changes.)
7. rendom /upload (This is to upload the rename instructions (Domainlist.xml) to the configuration directory partition on the domain controller holding the domain naming operations master role)
8. rendom /prepare (This use to verify the readiness of each DC in the forest to carry out the rename instructions. This should contact all DC’s successfully and return no errors before proceed to next process)
9. rendom /execute (This is to verifies readiness of all DC’s and then preforms the rename action on each one) .It will restart the DC after execution
10. open CMD again, and type gpfixup /olddns:domainname /newdns:doaminname (This is to refresh all intradomain references and links to group policy objects)
11. rendom /clean. This is to remove references of the old domain name from AD.
12. Now we need to change the FQDN of domain controller. to perform that we need to follow below mentioned steps
      
netdom computername server-dc.oldomainname /add:server-dc.newdomainname

netdom computername server-dc.olddomainname /makeprimary:server-dc.newdomainname

To take effect a reboot of the domain controller is needed.

13. All intraforest shortcut trusts within the forest in which the domain rename occurred are automatically adjusted during the domain rename operation so that they continue to work. However, as a result of the domain name changes in your forest, any external trust relationships that your forest has with other forests (including trusts across forests) will not be valid. Therefore, they must be re-established.

14. Once domain rename procedure completes you can add the additional domain controller

Also refer the below mentioned article for help

http://www.vkernel.ro/blog/renaming-an-active-directory-domain
http://mizitechinfo.wordpress.com/2013/06/10/simple-guide-how-to-rename-domain-name-in-windows-server-2012/
0
 

Author Comment

by:iNetSystem
ID: 40323882
Are there any command that will tell me the name of the domain as it is now?
0
 
LVL 4

Expert Comment

by:Neeraj Kumar
ID: 40324566
You can verify through GUI however through find through command below are the commands

1. systeminfo | findstr /B /C:"Domain"
2. echo %userdomain%

You can also get the same information from powershell command

Get-ADdomain |fl name
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:iNetSystem
ID: 40330489
Fantastic!
The systeminfo command returned the domain as "domain.domain.com" where domain replaces my actual domain name.  

The echo command returned "domain"

In a perfect world I would have something like "domain.local"
That's what I'm trying to do.

So without renaming the domain right now can I jump ahead and add a new Windows 2008 R2 DC?
0
 

Author Comment

by:iNetSystem
ID: 40331528
Do you see an issue with me adding an additional DC now before I rename the Domain at some point?
0
 
LVL 4

Expert Comment

by:Neeraj Kumar
ID: 40332157
There is no issue in adding additional DC before renaming the domain.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question