To totally unlock this section you need to Log-in
Login
With long checklists, constraints and precautions, renaming a domain is not a simple undertaking, and the time required to complete a domain rename is proportional to the deployed AD forest: in terms of domain count, domain controllers and computers.
Following are the critical points you need to consider before AD rename process.
- Forest Function Level – Forest Function level must be at least Windows Server 2003 or higher to perform AD rename.
- Location of the Domain – in forest it can have different level of domains. Those can be either complete different domains or child domains. If you going to change the location of the DC (Domain Controller) in the forest you must need to create trust relationships between domains to keep the connectivity.
- DNS Zone – DNS Zone files must be created for the new domain name prior to the rename process in relevant DNS servers.
- Folder Path Change – if DFS folder services or roaming profiles are setup, those paths must change in to server-based share or network share.
- Computer Name Change – Once the domain is renamed the computers host names will also renamed. So if those are configured to use by applications or systems make sure you prepare to do those changes.
- Reboots – Systems will need to reboot twice to apply the name changes including workstations. So be prepare for the downtime and service interruptions.
- Exchange Server Incompatibility – Exchange server 2003 is the only supported version for AD rename. All other versions are not supported for this. Also there can be other applications in environment which can be not supported with rename. Make sure you access these risks.
- Certificate Authority (CA) – if CA is used make sure you prepare it according to https://technet.microsoft.com/en-us/library/cc816587
Once your infrastructure is ready, to perform the rename process we need an administrative computer or server. It must be a member of domain and should not a DC. It must have “Remote Server Administration Tools” installed.
Before we start the rename make sure forest domain activities are stopped. Such as adding new DC, changing forest configuration etc.
Also we went ahead and create the relevant DNS zone for new domain name in primary DNS server.
The Domain Rename Tool (Rendom)
Rendom.exe is the command-line utility for renaming domains in Windows Server forests. Rendom is included on the Windows Server operating system CD/DVD.
The Domain Rename State File
When you issue the first command to begin the domain rename process, Rendom generates an XML-structured text file, called a state file, which contains a list of all the domain controllers in the forest. As domain controllers progress through the various steps in the procedure, Rendom updates the state file to track the state of each domain controller relative to the completion of the domain rename process.
As you perform each step in the domain rename operation, Rendom automatically updates the state file. By using the state file to monitor the state of completion of each domain controller in the state file, you receive the information that you need to issue the next Rendom command in the sequence.
Now, in the member server, log in as domain admin and open the Command Prompt with admin rights.
First we need to create a report which explains the current forest setup. To do that type rendom /list and press Enter.
This will create an xml file with name Domainlist.xml in the path above command is executed. In our demo its C:\Users\Administrator.CONTOSO.
To proceed it need to be edited to match with the new domain name. Make sure you save the file after edits.
Then type rendom /upload command from same folder path.
To check the domain readiness before the rename process type rendom /prepare.
Once its pass with no errors, execute rendom /execute to proceed with rename. It will reboot all domain controllers automatically.
All workstations and servers will needs to reboot TWICE to apply changes. Username and password will not change, but the domain name will be new one.
With rename process domain controllers will not be renamed. Those need to change manually.
It can do using command netdom computername DC.contoso.com /add:DC.canitpro.local.
Then type netdom computername DC.contoso.com /makeprimary:DC.canitpro.local once complete, reboot the DC.
We can see it’s changed after reboot.
The next thing we need to fix are the Group Policies. They'll still use the old domain name.
To fix this type and enter gpfixup /olddns:contoso.com /newdns:canitpro.local.
Then run gpfixup /oldnb:CONTOSO /newnb:canitpro.
We done with that too. The only thing we need to run is rendom /end to stop the rename process and unfreeze the DC activity.
This ends the rename process and we have a DC now with a new domain name.
During the Domain Rename: Local vs Remote
When you are performing the domain rename operation, connect as many workstations via wired LAN. Any remote computers that connect to the new domain through a remote connection such as a VPN will need to unjoin the old domain and rejoin the new domain.
Reboot Workstations Twice
Once the domain rename is complete, each user’s computer that is joined to the renamed domain must be rebooted twice AFTER all domain controllers are back up.
Rebooting twice ensures that each user’s computer learns the new domain name and also propagates to all applications running on the user’s computer. Each computer must be restarted by logging into the computer and using the Shutdown > Restart option. Do not restart the computer by turning the computer power off and then turning it back on.
Remove the Old Domain
Once the domain members are updated, perform the rendom /clean command which removes the old domain names from Active Directory. If you run rendom /clean command and there are members that have not been rebooted twice you will have to rejoin them to the domain.
Also, if you execute rendom /clean before all the machines in the domain get rebooted twice, they won’t be able to access the domain because random / clean removes the old domain name from Active Directory, including all values of ms-DS-DnsRootAlias from the domain name Operations Master.
Computer Host Name Requirement
By default, the primary DNS suffix of a member computer of an Active Directory domain is configured to change automatically when domain membership of the computer changes. The same default behavior is true when the DNS name of the domain to which a computer is joined changes. Therefore, a rename of an Active Directory domain can cause modification of the primary DNS suffix and, consequently, of the full DNS host names of the computers that are the members of the renamed domain.
For example, if the sales.contoso.com domain is renamed to marketing.contoso.com, the primary DNS suffix of the member computers of this domain might also change from sales.cohowinery.com to marketing.cohowinery.com, depending on whether the default behavior is in effect. If the default behavior is in effect, the full DNS host name of a computer in the renamed domain will change from hostName.sales.contoso.com to hostName.marketing.contoso.com.
Conditions for automatic computer name change
The primary DNS suffix, and therefore the full DNS name of a member computer in an Active Directory domain, changes when the domain is renamed if both of the following conditions are true:
- The primary DNS suffix of the computer is configured to be updated when domain membership changes.
- No Group Policy setting specifies that a primary DNS suffix is applied to the member computer.
These conditions represent the default configuration for domain computers.
 |  |