Few of the blog readers asked me on few occasions if they can change the AD domain name to the different domain name. Answer is yes you can, but you need to aware of the issues it can occur as well. Otherwise you will be end up in a mess with non-functioning infrastructure. Idea of this post is to demonstrate how to rename AD and also to point out some issues you may face with a domain rename.
Following are the critical points you need to consider before AD rename.
1. Forest Function Level – Forest Function level must be windows server 2003 or higher to perform AD rename.
2. Location of the Domain – in forest it can have different level of domains. Those can be either complete different domains or child domains. If you going to change the location of the dc in the forest you must need to create trust relationships between domains to keep the connectivity.
3. DNS Zone – DNS Zone files must be created for the new domain name prior to the rename process in relevant DNS servers.
4. Folder Path Change – if DFS folder services or roaming profiles are setup, those paths must change in to server-based share or network share.
5. Computer Name Change – Once the domain is renamed the computers host names will also renamed. So if those are configured to use by applications or systems make sure you prepare to do those changes.
6. Reboots – Systems will need to reboot twice to apply the name changes including workstations. So be prepare for the downtime and service interruptions.
7. Exchange Server Incompatibility – Exchange server 2003 is the only supported version for AD rename. All other versions are not supported for this. Also there can be other applications in environment which can be not supported with rename. Make sure you access these risks.
8. Certificate Authority (CA) – if CA is used make sure you prepare it according to https://technet.microsoft.com/en-us/library/cc816587
Once your infrastructure is ready, to perform the rename process we need an administrative computer or server. It must be a member of domain and should not a DC. It must have “Remote Server Administration Tools” installed. For windows 2012 server it can be add as feature via server manager. For windows 8 or later can download it from http://www.microsoft.com/en-us/download/details.aspx?id=28972
In demo, I am going to rename contoso.com domain to canitpro.local domain. It is runs with windows server 2012 R2.
I have prepare a server which runs windows server 2012 R2 as member server to perform the rename. You can install Remote Server Administration Tools by Server manager > Add roles and features. Make sure you select AD DS and AD LDS tools under the RSAT.
Before we start the rename make sure forest domain activities are stopped. Such as adding new DC, changing forest configuration etc.
Also I went ahead and create the relevant DNS zone for new domain name in primary DNS server. (in my blog you can find complete dns article which explain about DNS zone setup)
Then in the member server log in as domain admin and open the command prompt with admin rights.
First we need to create a report which explains the current forest setup. To do that type rendom /list and press enter.
This will create an xml file with name Domainlist.xml in the path above command is executed. In my demo its C:\Users\Administrator.CONTOSO
To proceed it need to be edited to match with the new domain name. Make sure you save the file after edits.
Then type rendom /upload command from same folder path.
To check the domain readiness before the rename process type rendom /prepare
Once its pass with no errors, execute rendom /execute to proceed with rename. It will reboot all domain controllers automatically.
All workstations and servers will needs to reboot twice to apply changes. Username and password will not change, but the domain name will be new one.
With rename process domain controllers will not be renamed. Those need to change manually.
It can do using command netdom computername DC.contoso.com /add:DC.canitpro.local
Then type netdom computername DC.contoso.com /makeprimary:DC.canitpro.local once complete, reboot the DC.
We can see it’s changed after reboot.
The next thing we need to fix is the group policies. It’s still uses the old domain name.
To fix this type and enter gpfixup /olddns:contoso.com /newdns:canitpro.local
Then run gpfixup /oldnb:CONTOSO /newnb:canitpro
We done with that too. The only thing we need to run is rendom /end to stop the rename process and unfreeze the DC activity.
This ends the rename process and we have a dc now with a new domain name.
If you have any question about this feel free to contact me on rebeladm@live.com
nice post. thanks for your time
Very actually! Thanks
Very useful. Thanks!
Hey There, Great Article.
Just a note you have some small spelling mistake in the commands that need to be run
This is fantastic. Thank you so much for posting it. I think this is going to make my life a lot easier.
This really work nice. I tried this on my real lab and went well. Mostly changing from a single label to fully qualified domain name. eg ( Cisco) to (DavidCisco.com).
Great, worked perfect – only one small typo – you wrote "random /end" instead of "rendom /end"
Excelent my friend, God Bless you!
You also need a rendom /clean at the end of the process to remove references to the old name
Will following these steps also transfer trusted relationships with other trusted domains?
Thanks for the guide. Very helpful!
Thanks for the walkthrough, it worked for me!
Awesome guide, worked for me, thank you so much.
Biutiful
But I had to do everything from the DC anyway as trying to run the domain commands from another member server would not work error: (Could not find the domain or something) this worked anyway.
Thanks
Very very helpful! Work fine on Windows Server 2016 also. Thank you 🙂
Awesome article, worked for me. Thank you…
Very useful thankful
Thanks for the walkthrough, it worked for me!
Before type this command gpfixup /olddns:contoso.com /newdns:canitpro.local,
my server reboot, after rebooting i can't loggon.
Please, need your help
Perfect, Thank You !!
perfect
Thank you for taking your time with this. Very helpful
Nice job. Thanks for providing great piece of work.
When changing the domain name – will I have to exit the old domain and enter the new one on each computer that uses the old domain?
Dishan:This is great step by step process to explain it now my question is what will happen to the users who have been created in AD with old domain and gets updated with New Domain.And they have been assigned some Office 365 license where they use that login id and password and also created the content using the same domain what will happen to those content we need to migrate those for the user in the new domain right?
i want remove Old DNS
Thanks a lot. It works well.
Works perfectly. Thanks
Name change was successful thank you.
Bat if I already have work PC and terminal server in the old domain, I can add it to the new domain name. Or I need remove from the old AD and start a new one. In user accounts haw many information. (((
I’m looking for a quick way.
Please help me, or give me a useful link.
The PC do not need to re-add and terminal server either. if users do not use are just saved as local profiles then those can move after rename.
Very nice step with your kind!!! 🙂
Thanks. its worked for me..
Thank you for this article, worked for me on an azure domain controller vm!
Very useful and accurate post. Thank you!
Nice
Amazing post. Really beneficial.
Great post!
Solved my problem with renaming my domain easy.
Thanks for your time creating this!
Don't do that if you have Exchange server 2012 or a Forest trust with another domain.
I didn't try it after reading forums about domain rename with an exchange server, it's better to just create a new domain and transfer using ADMT
For the computers that need to recognize the new domain do they need any kind of special servicing or will they register that the domain name has changed when they check in and just require the 2 restarts? Im a little fuzzy on how client end of this goes down.
Very nice article, just one observation:
While logging in after renaming the domain, the username had to be specified as >>> "canitpro.local\Administrator"{password remained unchanged}
Thanks a lot!
So helpful and straight forward. thanks.
That was really helpful! Thanks a lot!
Thanks a lot ! i had done all steps above, and just have a question.
How to login on old computer had joined old-domain with new users in AD User and Computers.
very very usefull exactly my scenario thanks for this article!.
oh man this is golden stuff right here, I have to do this coming up soon and tested out the steps at home in my virtual lab, worked beautifully. Thank you so much for this write up.
Very helpful article, thanks for sharing
This was gold! Thanks for sharing!
Great guide. Do we also need to remove the old “Forward Lookup Zone” in the DNS. After following these steps I still see this.
Helpful article
Nice Post
Smooth! that worked nicely – tx for sharing!
I have done it very smoothly and easily.
My Dns records still show my olddomain names.
When I want to add a new domain server to existing, it’s still showing old names for replication.
Please guide.
All of our users are currently working remotely, but our DCs are on-premise in our office. Is it possible to follow this guide in this scenario? I do have to rename our domain due to a reorganization and I’m trying to determine if it’s going to be possible.
Hello.
Very nice and interesting article!
Amd… I have a question: when you have a trust relationship between two simple domains: domain1.local and domain2.local, is it necessary to recreate the trust relationship between them, after renaming one of them (like renamed.local and dom2.local)?
Regards!
Great Artical,
almost reloaded the whole domain.