Renaming a domain in Windows Server 2008

Print Friendly, PDF & Email

Well, I hope this never touches you, or at least in a complex organization, In the document we will see what are the steps for a correct renaming of our domain. We will rely on Microsoft's utility called RENDOM.EXE; We will have to take into account certain prerequisites to perform the migration, as well as:

– The domain functional level must be Windows Server 2003 at least.
– The user's account with which we will execute the commands will be a member of the Company Administrators group.
– If we have a DFS root hosted on the domain, these servers must have at least Windows Server 2000 SP3.

– If we have Microsoft Exchange in the organization and it's a 2003 SP1 we must apply the patch (http://go.microsoft.com/fwlink/?LinkID=122982). If we have another previous version of Exchange or the Exchange is installed on a domain controller, We will not be able to continue.

And of course, A backup of domain controllers, as well as the Active Directory.

We start!!!

On a domain controller we run: rendom /list file to generate the Domainlist.xml file with the current information/configuration of our forest.

List,

We edit this file Domainlist.xml with Notepad,

We check its format and modify it.

We must modify the DNSname entry with the DNS name that we want the domain to have new and NetBiosName with its NetBios name. We keep it.

Run: rendom/showforest to see the changes that will be executed, This doesn't change anything, It's simply for safety,

Ok, Checked,

Now, to load the configuration we just renamed, Run: Rendom /upload. This will upload the data to the Active Directory configuration partition on the domain controller which is the Domain Name Master Operations Master FSMO server.

List! Subsequently, This change will be replicated to all other domain controllers in the forest, Once replicated we can continue.

To force this reply to be immediate, We will rely on the command: repadmin /syncall.

We check that the replications have been carried out, and we can continue.

We will execute 'rendom /prepare’ to check if each domain controller in the forest is ready to run the command so that you can rename the domain perfectly. This command should not give us any error,

Perfect, We move forward,

And finally we run the command 'rendom /execute’ to proceed with the domain name change, check again that everything is correct and continue if everything is correct! From now on we will have a service stop, This is, All domain controllers will be restarted and if everything is still correct it will proceed with the change, If there is any fault during the change, it will return to its previous state without problems, If we have problems with a domain controller, the ideal is to unpromote them and promote them again.

Ok, command executed, tells us that everything was correct, Hope…

It will send us a message that all domain controllers will be closed and will automatically restart them,

Once rebooted, We check that the new domain is already out, We logged in and continued!

We need to run GPFIXUP.EXE to refresh the references and bindings in our Group Policy objects, So first we run the command: gpfixup /olddns:NOMBRE_DOMINIO_DNS_VIEJO /newdns:NOMBRE_DOMINIO_DNS_NUEVO.

We check after a few seconds that the directives are corrected…

And now the same, but with the domain's NetBios name: gpfixup /oldnb:NOMBRE_DOMINIO_NETBIOS_VIEJO /newdns:NOMBRE_DOMINIO_NETBIOS_NUEVO.

OK, Ready too,

Now as a recommendation, Restart the domain controllers 2 times each and then your servants members and positions as well, to get the new domain name automatically, we have to take into account that the GUID of the domain remains the same, therefore, Domain membership must not disappear in member seats/servers; if any of them fails, I recommend you to take him out of control and put him back in, either through GUI or “Netdom Remove EQUIPO_PELEON /Domain:NOMBRE_DOMINIO_VIEJO /force” & “netdom join EQUIPO_PELEON /domain:NOMBRE_DOMINIO_NUEVO /userd:USUARIO_CON_PRIVILEGIOS /passwordd:PASSWORD

We run 'netdom /clean’ to remove all possible references to the old domain in the Active Directory,

Ok,

And finally to 'defrost’ Active Directory settings and allow changes from this point on, We must execute “'rendom /end', since when we run 'rendom /upload’ the Active Directory was blocked to not allow modifications.

Ok, ready, Everything perfect.

We can open any console of the Active Directory and check that it works correctly.


Recommended Posts

VPN with Citrix NetScaler III - Authentication with certificates
Read
SmartCard logins to Active Directory
Read
Implementing FSSOs to integrate Fortigate with Active Directory
Read
Implementing Windows LAPS
Read

Author

by Héctor Herrero 
nheobug@bujarra.com
Autor del blog Bujarra.com Cualquier necesidad que tengas, Do not hesitate to contact me, I will try to help you whenever I can, Sharing is living ;) . Enjoy documents!!!

Renaming a Windows Server Domain Controller 2008

29 December 2008

Emulating a WAN with WANem

31 December 2008