October 24, 2010

How to change a Server 2003/2008 Domain Name

If your company name has changed or you’re suffering the DNS consequences of having the same internal domain name as your external domain name. You may want to change the name of your Active Directory domain.

  • - Domain function level must be Windows Server 2003 or higher.
  • - Create an Active Directory Integrated DNS zone for the new domain name.
  • - Convert any DFS Namespaces to Stand-Alone.
  • - You CANNOT rename a domain that runs Exchange above 2003 SP1.
  • - Setup a member server with server 2008 and Remote Server Administration Tools Pack.
  • - Make sure no changes are being make to active directory or group policy and that all changes have been replicated.
Here are the steps:
1. Use windows backup to do a system state backup of all your domain controllers.
2. On the member server create a work directory like C:\rendom and copy rendom.exe, dfsutil,exe and gpfixup.exe from the system32 directory to the work directory.
3. Run "rendom /list" to generate a state file named Domainlist.xml. This file contains the current forest configuration.
4. Edit the state file, changing the <DNSname> and <NetBiosName> fields to the desired values for the new domain name.
5. Run "rendom /showforest" to show the potential changes; this step does not actually make any changes.
6. Run "rendom /upload" to upload the rename instructions to the configuration directory partition on the domain controller holding the domain naming operations master role. The instructions are then replicated to all other DC's in the forest. Once replicated to all DC's, the rename instructions are ready to be carried out. You can force replication by running the "repadmin /syncall" command.
7. Run "rendom /prepare" to verify the readiness of each domain controller in the forest to carry out the rename instructions. This should contact all DC's successfully and return no errors before proceeding.
8. Run "rendom /execute", this verifies readiness of all DC's, then preforms the rename action on each one. There will be a service interruption during this period. Upon completion domain controllers will be rebooted. If an error occurs on a DC during this phase, the entire transaction is rolled back. Any DC's that don't complete successfully after this phase must be demoted and removed from service.
9. Run "gpfixup" to refresh all intradomain references and links to group policy objects.
10. Reboot client computers and member servers twice to obtain new domain name. Because the GUID's of the domain remain the same during the rename process, domain membership is not affected. The DNS suffix of the client machines will also be updated assuming the default option of "Change primary DNS suffix when domain membership changes" is enabled.
11. Run "rendom /clean" to remove references of the old domain name from Active Directory.
12. Run "rendom /end" to unfreeze the forest configuration and allow further changes. This was frozen during the rendom /upload step.
13. Update the DNS suffix of all Domain Controllers.