Active DirectoryMicrosoft TechnologiesWindows Server

Step-by-Step guide to rename Active Directory Domain Name

Few of the blog readers asked me on few occasions if they can change the AD domain name to the different domain name. Answer is yes you can, but you need to aware of the issues it can occur as well. Otherwise you will be end up in a mess with non-functioning infrastructure. Idea of this post is to demonstrate how to rename AD and also to point out some issues you may face with a domain rename.

Following are the critical points you need to consider before AD rename.

1.    Forest Function Level – Forest Function level must be windows server 2003 or higher to perform AD rename.
2.    Location of the Domain – in forest it can have different level of domains. Those can be either complete different domains or child domains. If you going to change the location of the dc in the forest you must need to create trust relationships between domains to keep the connectivity.
3.    DNS Zone – DNS Zone files must be created for the new domain name prior to the rename process in relevant DNS servers.
4.    Folder Path Change – if DFS folder services or roaming profiles are setup, those paths must change in to server-based share or network share.
5.    Computer Name Change – Once the domain is renamed the computers host names will also renamed. So if those are configured to use by applications or systems make sure you prepare to do those changes.
6.    Reboots – Systems will need to reboot twice to apply the name changes including workstations. So be prepare for the downtime and service interruptions.
7.    Exchange Server Incompatibility – Exchange server 2003 is the only supported version for AD rename. All other versions are not supported for this. Also there can be other applications in environment which can be not supported with rename. Make sure you access these risks.
8.    Certificate Authority (CA) – if CA is used make sure you prepare it according to https://technet.microsoft.com/en-us/library/cc816587

Once your infrastructure is ready, to perform the rename process we need an administrative computer or server. It must be a member of domain and should not a DC. It must have “Remote Server Administration Tools” installed. For windows 2012 server it can be add as feature via server manager. For windows 8 or later can download it from http://www.microsoft.com/en-us/download/details.aspx?id=28972

In demo, I am going to rename contoso.com domain to canitpro.local domain. It is runs with windows server 2012 R2.

I have prepare a server which runs windows server 2012 R2 as member server to perform the rename. You can install Remote Server Administration Tools by Server manager > Add roles and features. Make sure you select AD DS and AD LDS tools under the RSAT.

rename1

Before we start the rename make sure forest domain activities are stopped. Such as adding new DC, changing forest configuration etc.

Also I went ahead and create the relevant DNS zone for new domain name in primary DNS server. (in my blog you can find complete dns article which explain about DNS zone setup)

rename2

Then in the member server log in as domain admin and open the command prompt with admin rights.

First we need to create a report which explains the current forest setup. To do that type rendom /list and press enter.

rename3

This will create an xml file with name Domainlist.xml in the path above command is executed. In my demo its C:\Users\Administrator.CONTOSO

rename4

To proceed it need to be edited to match with the new domain name. Make sure you save the file after edits.

rename5

Then type rendom /upload command from same folder path.

rename6

To check the domain readiness before the rename process type rendom /prepare

rename7

Once its pass with no errors, execute rendom /execute to proceed with rename. It will reboot all domain controllers automatically.

rename8

rename9

All workstations and servers will needs to reboot twice to apply changes. Username and password will not change, but the domain name will be new one.

With rename process domain controllers will not be renamed. Those need to change manually.

rename10

It can do using command netdom computername DC.contoso.com /add:DC.canitpro.local

rename11

Then type netdom computername DC.contoso.com /makeprimary:DC.canitpro.local once complete, reboot the DC.

rename12

We can see it’s changed after reboot.

rename13

The next thing we need to fix is the group policies. It’s still uses the old domain name.

rename14

To fix this type and enter gpfixup /olddns:contoso.com /newdns:canitpro.local

rename15

Then run gpfixup /oldnb:CONTOSO /newnb:canitpro

rename16

We done with that too. The only thing we need to run is rendom /end to stop the rename process and unfreeze the DC activity.

rename17

This ends the rename process and we have a dc now with a new domain name.

If you have any question about this feel free to contact me on rebeladm@live.com

Related posts
Cyber SecurityMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide : Process Entra ID Entitlement Management Access Package on-behalf of another user (preview)

Entra ID Entitlement Management access packages enable administrators to offer a self-service…
Read more
Azure servicesMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide: Configure Entra ID lifecycle workflow to trigger mover task on user profile changes

The Entra ID lifecycle workflow is a feature of Microsoft Entra ID identity governance and Microsoft…
Read more
Cyber SecurityMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide: How to setup Entra ID Restricted management Administrative Units ?

In my previous blog post, I discussed what Entra ID Administrative Units are and how they can be…
Read more
Newsletter
Become a Trendsetter

Sign up and get the best of RebelAdmin, tailored for you.

59 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *