Domain Rename With or Without Exchange
Domain Rename With or Without Exchange
Ace Fekay, MCT, MVP, MCITP EA, Exchange 2010 Enterprise Administrator, MCTS Windows 2008, Exchange 2010 & Exchange 2007, MCSE 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP: Directory Services
Active Directory, Exchange and Windows Infrastructure Engineer
Originally Published 4/2009
3/3/2010 - General Syntax revision
10/11/2010 - Added additional information regarding DNS names and underscores, and Exchange 2010
I thought to offer my notes on domain renames, since it appears to be a necessary evil in some cases that can confuse even the experienced admin. There are a number of reasons to rename a domain, such as:
1. Single Label Name - The DNS Domain Name is a a single label, such as "DOMAIN" rather than the necessary minimal of "domain.com," "domain.net," "domain.local," etc.
2. Underscore in the DNS domain name - An underscore is an illegal DNS character, and AD relies on DNS.
The internal domain name conflicts with a public domain name that belongs to someone else - This can hinder the abiilty to purchase a UC/SAN certificate for Exchange 2007 or 2010. See the following blog for more information on this issue:
Exchange 2007 UC/SAN Certificate
3. Company Name Change
5. The admin is not happy with the DNS domain name - Ok, this is a lot of work just because you're not happy. But so as it may be, some will do it because of this reason.
I hope my notes are helpful with anyone facing this task. But as I said, I would rather perform, and recommend a migration to a fresh installation instead of a rename.
Before we start
Examples of applications that are incompatible with domain rename include but are not limited to the following products:
- Microsoft Exchange 2000
- Microsoft Exchange 2007
- Microsoft Exchange 2010
- Microsoft Internet Security and Acceleration (ISA) Server 2004
- Microsoft Live Communications Server 2005
- Microsoft Operations Manager 2005
- Microsoft SharePoint Portal Server 2003
- Microsoft Systems Management Server (SMS) 2003
- Microsoft Office Communications Server 2007
Are you sure you want to rename your domain?
Ok, so are you sure you want to rename the domain? PLEASE Read up on it first in this link
How Domain Rename Works, Updated: June 3, 2010 :
Domain Rename Procedure Notes
1. The Domain and Forest functional levels must be set to minimal 2003. This means no Windows 2000 domain controllers can exist in the Forest.
2. If Exchange 2000 or Exchange 2007 is installed, it is not supported. Exchange 2000 can be upgraded to Exchange 2003, however Exchange 2007 will need to be removed prior to the procedure. More info below on Exchange 2007.
Once you're met the prerequisites, you can now procede with the rename. I did not outline a step by step here, since there are numerous documents that exist outining the steps, but I wanted to consolidate specific links I thought will be helpful, including the Microsoft Technet Webcast, and Microsoft's Step By Step Guide to implementing a domain rename.
Support WebCast Microsoft Windows Server 2003 Implementing an Active Directory Domain Rename Operation:
TechNet Support WebCast: Renaming domains when Microsoft Exchange Server 2003 is in the Active Directory
Step-by-Step Guide to Implementing Domain Rename:
TechRepublic Tutorial: RenDom helps you to rename a Windows .NET domain
Workstations MUST be rebooted twice after a rename so they reflect the new NetBIOS name.
Domain Rename Part 1 - Setup
Domain Rename Part 2 - Renaming
Domain Rename Part 3 - Exchange 2003
[DOC] Download Details - Microsoft - Step-by-Step Guide to Implementing Domain Rename:
How Domain Rename Works
Step-by-Step Guide to Implementing Domain Rename
Understanding How Domain Rename Works
Download: Windows Server 2003 Domain Rename Tools
If a NetBIOS Name Change Was Chosen
For Workstations and member servers to reflect the new name in the drop-down domain list selection box, they must be rebooted twice. The following paragraph was quoted from the Step By Step Guide at:
Step-by-Step Guide to Implementing Domain Rename:
"Reboot member computers. Reboot twice all member workstations, member servers, and standalone servers (excluding domain controllers) that are running Windows 2000, Windows XP, and Windows Server 2003 Server family in the renamed domains in your forest. Rebooting twice ensures that each member computer learns of the domain name changes (LSA policy changes) and propagates them to all applications and services running on the member computer. Note that each computer must be restarted by logging into the computer and using the Shutdown/Restart administrative option. Computers must not be restarted by turning off the machine power and then turning it back on."
If a PKI infrastructure exist...
The PKI infrastructure will need to be removed first prior to a domain rename:
How to Manually Remove an Enterprise Windows Certificate Authority from Windows 2000/2003 Domain
How to decommission a Windows enterprise certification authority and how to remove all related objects from Windows Server 2003 and from Windows Server 2000
HOWTO: Move a certificate authority to a new server running on a 2003 or 2008 CA, Standard or Enterprise
HOWTO: Move a certificate authority to a new server running on a domain controller (2003).
Is Exchange In The Picture?
Exchange 2000 does not support a rename. Your main option is to upgrade Exchange 2000 to 2003. If you do not have the option to upgrade to Exchange 2003, SP1 (preferred SP2), you can Exmerge all of your mailboxes to PSTs, uninstall Exchange 2000, run the domain rename operation, then reinstall Exchange 2000, and use Exmerge to pump the mailboxes back in the user's newly created mailbox accounts.
Exchange 2003 supports a rename. In order to support it, it must be minimally at SP1.
Rename a Windows 2003 Forest with Exchange 2003 installed (if you don't have Exchange, you can ignore the Exchange part in the tutorial)
Here's what you need as well for Exchange 2003 renames:
Supplemental steps for using the Exchange Server Domain Rename Fixup tool together with the Windows Server 2003 domain rename tools:
Exchange 2007 or Exchange 2010
As of this writing, unfortunately, Exchange 2007 nor Exchagne 2010 support a domain rename. The choices are:
1. Export your mailboxes and Public Folders to PST files, uninstall Exchange 2007, then rename the domain, then reinstall Exchange 2007. I know it is easier said then done, but that seems to be the only option at this time.
2. Migrate to a fresh, pristine forest with the proper name.
Your best bet is Option #2 - Simply create a new domain in a new forest with the correct name, install Exchange 2007, use ADMT to migrate the user accounts, then perform a move mailbox to move the mailboxes and Public Folders from the old to the new forest.
Exchange 2007 and Exchange 2010 domain rename related Links
Introduction to Administering Active Directory Domain Rename, Jul 9, 2010
The domain rename operation is not supported in Microsoft Exchange Server 2007 or Exchange Server 2010. DNS domain rename is supported in Exchange 2003. However, renaming of the NetBIOS domain name is not supported in any version of Exchange Server.
If Exchange 2007 is in use, a domain rename is not supported:
The Microsoft Exchange System Attendant service does not start on a computer that is running Exchange Server 2007 after you rename a Windows Server 2003 domain:
Exchange 2007 and Domain Rename - You can't perform a domain rename with Exchange 2007 is installed.
This article will show you how to use a temp domain with Exchange 2007 installed to move all of your mailboxes and PFs to this temp organization, then uninstall Exchange 2007, rename the domain, re-install Exchange 2007, then move the mailboxes and PFs back to the original organization:
How to raise domain and forest functional levels in Widows Server
[...] The attribute is msDS-Behavior-Version on the CN=Partitions, CN=Configuration, DC=ForestRootDom, DC=tld object. Value of 0 or not set=mixed level forest [...]
Error messages encountered on renaming domain
The following was quoted from:
"Keep in mind after a rename procedure, the DC's Primary DNS Suffix is not automatically changed to match the new domain name. You are required to change the Primary DNS Suffix to match the new name. In other words, unlike the names of member computers, the DNS names of domain controllers in a renamed domain will remain unchanged. The domain controllers can be renamed in a separate step, using a special domain controller rename procedure, after the domain rename operation is complete. You must double-check ALL domain members to insure that their Primary DNS Suffix matches the new domain name."
The DNS suffix of the computer name of a new domain controller may not match the name of the domain after you upgrade a Windows NT 4.0 primary domain controller (PDC) to Windows 2000
Windows Server 2003 Active Directory Domain Rename Tools:
Comments, suggestions and corrections are welcomed!