How to rename Active Directory domain between trusted sites?

Posted: 4 May 2015 in Microsoft
Tags: , , , ,

When creating a new Active Directory structure or you’re adding a new site, it is quite important decision to make to choose a correct domain name because there could be a lot of errors and software repercussions on the topology infrastructure if something could go wrong. This is of course a business decision influenced by organization needs, so sometimes this task can be heavy. Also administrators don’t have day experience on this task, so there is a scary factor.

The task is quite easy to achieve IF everything in the network is correctly configured (especially DNS, trusts and GPO).

1. Main prequisite is to test DNS servers and domain controllers between the sites. To achieve this you simply can do from both servers:

nslookup [servername1]

2. For the rename for the sack of safety you should remove the trusts between the servers or just make in one-directional from the Active Directory Domains and Trusts panel.

3. If you aren’t quite sure if the structure is totally valid there’s an easy command to do so. This command is also the main command for changing the Domain names. An xml file will be created that lists the current domain information, namely ForestDNSZones, DomainDNSZones and NetBios name. The file is in %sysdrive%\Users\[user_that_issued_command], e.g. C:\Users\Administrator\

rendom /list

4. Open the DomainList.xml and rename all names for ForestDNS, DomainDNS and NetBios. Save it to the same location, I mean like this:

(...)
DomainDNSZones.old.domain.com
(...)
ForestDNSZones.old.domain.com
(...)
old.domain.com
(...)
OLD
(...)

Change it to:

(...)
DomainDNSZones.new.company.com
(...)
ForestDNSZones.new.company.com
(...)
new.company.com
(...)
NEW
(...)

5. You can verify your changes by typing command

rendom /showforest

6. Now that we feel more confident, it is time to upload the modified xml to our domain controllers using the command:

rendom /upload

From this place a Windows firewall should be turned off because there could be a couple of errors showing.

7. If there are no errors you can go to this command and verify the domain name change radiance:

rendom /prepare

8. From this point you will type last command, but wait, the domain controllers will restart and the same time:

rendom /execute

9. You should reboot the servers twice, because… this is Microsoft, and sometimes gpupdate /force is quite annoying. Otherwise it will continue to use credentials from the old domain and will no longer be able perform changes on the new domain. By the way, all member servers and workstations will need to be rebooted twice to reflect the change, but not yet!

10. Renaming the GPO’s:

gpfixup /olddns: old.domain.com /newdns:new.company.com
gpfixup /oldnb:OLD /newnb:NEW

11. Renaming computers:

netdom computername dc0.old.domain.com /add:dc0.new.company.com
netdom computername dc0.old.domain.com /makeprimary:dc0.new.company.com

12. NOW is the time to reboot workstations and log users in the new manner. AFTER this operation you can do:

rendom /clean

13. Hint: if something doesn’t work – always rebo0t twice…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s