26 January, 2011

Domain Rename - The Complete Process

Domain Rename - The Complete Process

1.Backup all the Domain Controllers

2.Setup the Control Station

- On a Member Server
- Member of a Local admin
- Copy Rendom.exe and Gpfixup.exe from Valueadd\Domren
- Copy Repadmin and Dfsutil from Support Tools

Rendom.exe is included with the Windows Server 2003 operating system CD. However, an updated version of Rendom.exe is available for download in the following Microsoft Windows Server 2003 Domain Rename Tools Web site: http://technet.microsoft.com/en-us/windowsserver/bb405948.aspx

3. Create a DNS ZONE with the NEW Name

4.Generate Current Forest Description

- Rendom /List
- Rendom contacts the Domain Naming Master
- An XML File (DomainList.XML) is Created

5. Specify The New Forest Description

- Open the DomainList.XML file in a Notepad and edit the changes (New Domain Name)
- Changes : Domain Directory Partition and Application Directory Partition (Forest DNS and Domain DNS)
- Rendom /Showforest: Display the contents of the DomainList.XML File

6.Generate Domain Rename Instruction

- Rendom /Upload: Generates instruction and upload them to the Domain Naming Master
- Rendom generates the instructions to update the forest depending upon the XML file that was Edited.
- The Instructions are uploaded to the configuration partition on the Domain Naming Master
- It also creates a file DCLIST.XML that contains entry of every domain controller in the forest
- This step writes all the changes to
a. msDS-UpdateScript
b. msDS-DNSRootAlias

7. Push Instructions To All DCs

- Repadmin /Syncall /d /e /P /q DomainNamingMaster
- Push replication so that the domain rename instructions that were uploaded to domain naming master will be pushed to all the domain controllers
- Check if all the domain controllers have registered their records in DNS with the new domain

8.Verify Readiness of Domain Controllers

- Rendom /Prepare
- Causes the control station to issue RPC to all the domain controllers and verify if domain controllers is in good state

9.Execute Domain Rename Instructions

- Rendom /Execute
- Issues an RPC to every Domain Controller to execute the instructions
- Once you run this command the DC reboots automatically and you now login to new domain on the DC.
- Reboot control station twice

10.Exchange Domain Rename Fix up Tool

- XDR-Fix up

11.Unfreeze Forest Configuration

- Rendom /End
- After domain rename, the forest configuration is in a frozen state. You cannot add any domain or can create a new trust
- Reboot work station twice

12.Re-Establish External Trust

- The intra forest shortcut trust remain intact. Its only the external trust that has to be Recreated

13.Fix DFS Topology

- Dfsutil / RenameFTRoot /Root: DfsRootPath /OldDomain:OldName /NewDomain:NewName /Verbose

14.Fix Group Policy Objects and Links

- Repairs GPO and Group Policy Links
- Does not fix any inter domain GPO links
- Inter domain GPO Links has to be manually broken and reconfigured

15.Clean Up Process

- Rendom / Clean
- Removes all the values from DNSRootAlias and UpdateScripts

* All the domain controllers should be on Windows 2003 and the forest functional level set to Windows 2003
* The Control Station for Domain Rename should be on a Member Server
* Domain Rename and Domain Repositioning are two different things. In case of Domain Repositioning a shortcut trust has to be created

* Exchange 5.5 : Domain rename does not detect Exchange 5.5
* Exchange 2000: Will not run, Will give an Error
* Exchange 2003: Run Exchange  Domain Rename Fix Up Tool
* Exchange should not be on a domain controller

* Folder Redirection using domain based DFS will fail
* Either change the domain based DFS to Standalone or Server specific. If using NetBIOS Name and if the NetBIOS name does not change after domain rename, then there is no effect of domain rename 

* The DNS Suffix of a Member Server changes automatically but for a domain controller we have to manually change the DNS suffix
* Since the DNS Suffix of all the computers will change and will trigger off the replication, to avoid this, either apply the group policy specifying the DNS Suffix or uncheck the option “Change Primary Domain Suffix When Domain Membership Changes”
* Once you add a new DNS suffix in the group Policy, the DNS Suffix on the member will still be the old one as Domain Rename has not yet taken place
* To Resolve the Conflict, add the new DNS Suffix in the “msDS-AllowedDNSSuffixes”
* If you apply the Primary DNS Suffix Group Policy setting to the computer in the domain to be renamed, then also set the DNS Suffix Search List Group Policy
* The DNS Suffix search List should contain the New and the Old DNS Suffix

* Certificate Authority should not be installed on a Domain Controller
* Certificate Authority should include both LDAP and HTTP URL in AIA and CDP
* After domain rename, LDAP extensions will become invalid
* After domain rename, the name constraints might not be valid. Inter domain trust relationships are based on cross certification with name constraints

*With Inputs from Yogesh Sir (yogek)