Server 2008 Domain Rename

Daniel Petri recently had a good article on his site describing the steps for renaming a Windows Server 2008 domain controller. Here I’m going to describe a related but different task, renaming the actual domain. Renaming a domain is something you don’t want to find yourself having to do very often, or ever, in a production environment. However I have found the need to do it several times in a test setup; the process is similar to renaming a Server 2003 domain and isn’t as difficult as one might think.

Microsoft has pages and pages of documentation covering the ins and outs of domain renaming, and I recommend using those (see link at end of this post), especially when attempting this on a production domain. However the steps below will give a good overview and should be sufficient for testing purposes. First, the major prerequisites for a domain rename in a simple single domain forest:

  • Enterprise Administrator credentials are required.
  • The domain should be well formed and healthy.
  • The forest functional level must be Windows Server 2003 or 2008, and all DC’s running at least Server 2003.
  • A DNS zone for the new domain must be in place.
  • The Rendom and Gpfixup tools must be copied to a domain member workstation to perform the rename operations. The operations should not be initiated from a domain controller.
  • See the TechNet link below for details on requirements if you’re using DFS redirection, roaming profiles, running a CA, or Exchange Server.

The domain rename is performed using the Rendom.exe tool, which is installed with Active Directory when running dcpromo. Once this process is started, you must ensure that no changes are made to the forest configuration until complete. The steps are as follows.

1. Run “rendom /list” to generate a state file named Domainlist.xml. This file contains the current forest configuration.
2. Edit the state file, changing the <DNSname> and <NetBiosName> fields to the desired values for the new domain name.
3. Run “rendom /showforest” to show the potential changes; this step does not actually make any changes.
4. Run “rendom /upload” to upload the rename instructions to the configuration directory partition on the domain controller holding the domain naming operations master role. The instructions are then replicated to all other DC’s in the forest. Once replicated to all DC’s, the rename instructions are ready to be carried out. You can force replication by using the “repadmin /syncall” command.
5. Run “rendom /prepare” to verify the readiness of each domain controller in the forest to carry out the rename instructions. This should contact all DC’s successfully and return no errors before proceeding.
6. Run “rendom /execute”, this again verifies readiness of all DC’s, then preforms the rename action on each one. There will be a service interruption during this period. Upon completion domain controllers will be rebooted. If an error occurs on a DC during this phase, the entire transaction is rolled back. Any DC’s that don’t complete successfully after this phase must be demoted and removed from service.
7. Run “gpfixup” to refresh all intradomain references and links to group policy objects.
8. Reboot client computers and member servers twice to obtain new domain name. Because the GUID’s of the domain remain the same during the rename process, domain membership is not affected. The DNS suffix of the client machines will also be updated assuming the default option of “Change primary DNS suffix when domain membership changes” is enabled.
9. Run “rendom /clean” to remove references of the old domain name from Active Directory.
10. Run “rendom /end” to unfreeze the forest configuration and allow further changes. This was frozen during the rendom /upload step.

Should you have any problems with clients recognizing the new domain name, you can remove them by running “netdom remove <machine-name> /Domain:<old-domain> /Force”, rebooting, then rejoining the new domain. Once the rename is complete, there is one final change required on domain controllers. The DNS suffix of a DC is not updated as part of this process. This must be changed manually on each one or the DC’s will have a DNS suffix that differs from the AD domain name.

For further details on renaming Server 2008 domains, reference this TechNet article: http://technet.microsoft.com/en-us/library/cc794869.aspx

Advertisements

11 Responses

  1. Thanks a lot !
    It’s a great article, clear and well explained.

  2. Really very good article. Wanted to know about DNS forward and reverse look zone after renaming domain.

    Thanks,
    RajanW

  3. Worked like charm, Very smooth process and better then MS Doc.

    Thanks a lot

  4. Just tried to follow these instructions. Everything seemed great until the end — changed the DNS suffix on the domain controllers and rebooted… to find that all Active Directory and DNS catalogs had been lost. I’m now very, very unhappy as I have two dysfunctional domain controllers and 15 orphaned workstations on my hands. I would strongly discourage anyone else from following these instructions. Leaving now to go rebuild from scratch what was an hour ago a completely well-functioning domain… sigh.

  5. I am sorry that these steps did not work for you. As you’ll see from previous comments this worked well for others besides me. There were a number of prerequisites required to make this successful, I assume you verified all of these steps? I also suggested that this not be done in a production environment without reading all of the related documentation from Microsoft. If, as you say, this was successful up to the point of changing the DNS suffix, I see no reason why that would have caused your AD database to be “lost”. Being a production environment I would assume that you had recent backups which would make recovery easier, rather than building from scratch. Again, I’m sorry this did not work for you, and best of luck in your recovery. As with anything done in a production environment, I recommend testing and verification in a test environment first.

  6. This is a great article!

    Thanks for the info. Recently completed 2 windows server 2003 Domain Renames in order to setup a 2-way trust.

    Will need to do a rename on a 2008 AD Domain Shortly.

    From what i’ve been told creating a new domain from scratch and importing everything is the easier path, but this process is easy (if you know what you’re doing.

  7. I wish that I had read this yesterday. Had to rename a clients domain and did it through DCPROMO, now what was to be a 3 hour job has turned into 13 hour job.

    Thanks for the write up, I will be sure to use it in the future should this need ever come up again.

  8. Great article. Clear and to the point !

    Planning a rename like this. Good to have your step by step.
    Do you have a similar step by step for an exchange running on the domain being renamed?

    much appreciated
    /John

  9. thanks for the great post

  10. The Microsoft technet article says to run the process from a “control station” – a seperate machine, not a domain controller. In my test lab it worked fine without doing this. Do you feel this is necessay? Thanks.

  11. collection of free DNS tools for troubleshooting, testing, checking, or simply just exploring.Online DNS Tools,Open Port Scan ,Network and Free DNS tools. Check smtp mail server blacklists, run port scans,Free Domain Name Registration.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: