There are situations when companies reorganize their structure, merge with another company or simply expand their work or services. As a system admin, you are asked to change domain name in your active directory environment. The task is not straightforward, and has many considerations to note before planning and implementing the domain rename.
Issues you may face:
- During the domain rename users cannot connect to the domain resources. So you cannot perform this task in work hours.
- Remote VPN users will have to unjoin the old domain and rejoin to the new one.
- After the domain rename is complete, users must restart the PC’s TWICE.
- Once the rendom /clean command is executed to clean the active directory from old domain records, any PC that has not restarted twice will have to be rejoined.
- Some Microsoft applications especially Exchange 2007, 2010, 2013 and 2016 do not support domain rename. In that case, you will be required to do some workaround (Install exchange in new domain and move mailboxes).
- Some Non-Microsoft applications may also have impact of domain rename.
After considering the above mentioned points, if you still want rename the domain, you can go through the following step by step procedure:
Domain Rename Step by Step:
Open DNS in Domain Controller, Right click on the Forward Lookup Zone and Click “New Zone”.
Click next on the Welcome Screen, In the Zone type select “Primary Zone” and click Next
For the AD Replication screen, select “To all DNS Servers running on domain controllers in the domain contoso.com”
In the New Zone screen, enter the New domain name, Adatum.com in my case.
For the dynamic updates screen, keep the default option of “Allow only secure dynamic updates” and click next.
Finally, click Finish to complete the new zone creation process.
Next Step is to open the command prompt with Admin privileges.
In the command prompt type “Rendom /list”
It shows the operation completed successfully. That means it has generated Domainlist.xml file in the current directory.
We need to edit this file, so open it in notepad
Replace the old domain name with the new one, Contoso.com to Adatum.com in our case.
After the changes are made, Save the file.
Now we run rnedom /showforest . This step does not make any changes, but it shows us what changes will be made.
Next step is to upload the Domainlist.xml file by running rendom /upload
Now we will run rendom /prepare to check the domain readiness. This should complete without any errors.
Finally, we will run rendom /execute to apply the changes to all the domain controllers.
Once the operation is complete, the Domain Controller will restart automatically. After the reboot is complete, we will change the domain name for Domain controllers by the following steps:
Open CMD and run netdom computername DC.Contoso.com /add:DC.Adatum.com
After that, run netdom computername DC.Contoso.com /makeprimary:DC.Adatum.com
Once this process is complete, Reboot the Domain Controller to apply the changes.
Update Group Policy References:
Now we need to update the Group Policies to have our new domain DNS and Netbios names by running these command.
gpfix /OldDNS:Contoso.com /NewDNS:Adatum.com
gpfix /OldNB:Contoso.com /NewNB:Adatum.com
After the group policy fix is complete, you MUST reboot all your PC’s and Servers Twice to take the new domain name, that may take few hours to days. Don’t over look this step, it is an important part of change domain name process. Once any PC is restarted twice, you can select other user option to enter the Adatum\User to login with the new domain.
Clean and End:
Final step is to clean and end the rename domain process. But before proceeding to this step make sure all member servers and PCs are restarted. Because prior to this step if any PC is not restarted twice, will have to be rejoined to the new domain.
From the command prompt run the following commands:
rendom /clean it will remove any references to the old domain name
rendom /end it will unfreeze the forest configuration and allow further changes
This step completes the change domain name process.
Manually Join Domain Error:
In case you are joining PCs manually you may get the following error:
Just click OK, the user/password prompt will appear, enter the “new domain\adminuser” and password to complete the domain join process.