Enhancing Flexibility with Renaming Domains

Another new feature with Windows Server 2003 Active Directory is the ability to rename domains or move domains to different locations within an existing forest. Domain rename supports the ability to change the NetBIOS domain name , or the Active Directory namespace (companyabc.com for example).

The procedure to rename a domain is not a simple switch, and depending on the size of the organization, can require considerable downtime to complete. For these reasons, renaming domains should be planned out accordingly .

The best practices surrounding domain renames really boils down to understanding the limitations, meeting a list of prerequisites, following a six-step process, and providing the downtime necessary to complete the procedure. This section will help you to plan and navigate this process.

Understanding the Limitations

The domain rename process will not work in every scenario. It is important to know what cannot be done before planning a big rename weekend . The following is a list of restrictions for domain rename:

• Identity of the forest root domain cannot be changed. Although the forest root domain can be renamed , it cannot be moved to another location in the forest as other domains can. The forest root remains the forest root.

• Domains cannot be dropped or added during the process. There are other methods to accomplish this task, so this is not a big limitation. The key point here is that after the domain rename process is completed there should be the same number of domains in the forest as there were at the outset.

• Two domains in the forest cannot swap names in a single process. Essentially, one domain cannot give up its name to another production domain in the forest in a single restructuring process.

• A forest-prepped domain cannot be renamed. If the schema has been updated with an Exchange 2000 installation, it cannot be modified by the domain rename process.

Meeting the Prerequisites

After the constraints of the domain rename process are understood , you can begin to establish these prerequisites for carrying out the procedure:

• The forest must be in Windows Server 2003 functional mode. The process does not work with Windows 2000 domain controllers. All DCs in the forest must be running Windows Server 2003, and the forest must be elevated to Windows Server 2003 functional mode.

• DNS must be prepared. If the domain rename process involves renaming the DNS namespace, a DNS zone must be created to include the new namespace. This is not necessary for renaming the NETBIOS domain.

• The process cannot run on a DC. A member Windows Server 2003 server must be used as the "console" for the operation. Because domain controllers will be reconfigured and rebooted during the process, a DC cannot perform the actual operation.

• Temporary trusts might need to be created. If domain rename is being used as a reorganization tool with which domains will be moved around within the forest, temporary trusts must be created for any domain and its future parent domain.

The Domain Rename Process

After the limitations are understood and the prerequisites have been met, the actual domain rename process is fairly simple. It is important to keep in mind, though, that depending on the size of the organization this process might require a great deal of network downtime.

Step 1: Generate Current Forest Description

The tool used to perform the domain rename process is rendom.exe, which can be found in the Valueadd\Msft\Mgmt\Domren folder of the installation CD. The first step is to run rendom with the /list switch, which generates an XML file that lists the domain-naming information for a domain. A sample domainlist.xml file is shown in Figure 12.7.

Step 2: Modify the XML File

In this step, open the XML file generated from step 1 in a text editor, and modify domain-naming information. For example if companyabc.com is being changed to organizationA.org, a simple find and replace operation can be used to change all references from one domain name to the other. Further, any changes to DNS and NetBIOS names should be changed as well.

Step 3: Upload the Modified File

After the XML file is updated, run the rendom command with the /upload switch. This uploads the new information to every domain controller in the forest.

Step 4: Prepare Domain Controllers

Because every domain controller must participate in the update process, it is important to verify that each DC has received the update file and is ready for the migration. Run the rendom command with the /prepare switch. The prepare function will fail if it cannot contact every DC in the forest, in which case this process must be restarted. This step will ensure a successful migration to the new structure.

Step 5: Execute the Rename Procedure

After step 4 completes successfully, run rendom with the /execute switch. No changes to the production environment take place until this command is run. When executed, all domain controllers execute the change and automatically reboot. After the DCs reboot, every workstation and member server in the forest must also be rebooted to get the change. It might be necessary to reboot workstations and member servers twice to ensure all services receive the domain name changes.

Step 6: Cleanup Tasks

The final step in the domain rename process is to run rendom with the /clean switch which removes temporary files from the domain controllers and returns the domain to a normal operating state.

Also, each domain controller will need to have its primary DNS suffix changed via the netdom command-line utility. To perform this procedure, execute the following commands on each domain controller:

1. Open a command prompt window.

2. Type netdom computername oldservername /add:Newservername .

3. Type netdom computername oldservername /makeprimary:Newservername .

4. Restart the server.

5. Type netdom computername Newsservername /remove:oldservername .

Replace oldservername and newservername with the full DNS name of the old and new server, for example srv1.companyabc and srv1.organizationA.com.