Designing a Windows Server 2008 R2 Active Directory : Renaming an AD DS Domain

1/24/2011 5:01:11 PM
AD DS in Windows Server 2008 R2 gives domain designers the flexibility to rename their domain namespace and/or splice domains in a forest to different locations within a forest. This capability gives AD DS great new functionality because design changes can be made because of corporate mergers or organizational changes.

Domain rename supports renaming either the AD DS namespace (for example, or the NetBIOS (legacy NT) domain name or both. The procedure is a rather brute-force process, however, and should not be considered to be a routine operation.

The domain rename functionality in Windows Server 2008 R2 is mainly a psychological factor because the prerequisites for deploying domain rename make it unlikely to be widely performed, at least in the initial stages of Windows Server 2008 R2 adoption. Domain rename offers long-term answers to the previous barriers to AD DS adoption, which revolved around the fact that organizations did not want to be locked in to any decisions that could not be changed. Because a Windows 2000 AD DS namespace decision was irreversible, this effectively put many decision makers on edge, as they did not want to “paint themselves into a corner,” so to speak. Domain rename removes this stipulation and makes AD DS adoption much more palatable to decision makers within an organization.

Domain Rename Limitations

Domain rename has several limitations. It is important to understand the following restrictions before considering a domain rename operation:

  • Cannot reduce the number of domains in a forest— The domain rename tool cannot be used to drop additional domains from a forest. For example, if a forest is composed of four domains, there must be four domains remaining after the procedure is complete. This type of domain consolidation role can be performed only through the use of other tools, such as the Active Directory Migration Tool.

  • The current root domain cannot be demoted— Although the domain rename tool can splice and transplant domains from one portion of an AD DS namespace to another, it cannot fundamentally change the root domain in a tree. A root domain can be renamed, however.

  • Cannot transfer current domain names in one cycle— A production domain cannot be named the same as another production domain that exists in a forest. You need to run the domain rename procedure twice to achieve this type of desired functionality.

Outlining Domain Rename Prerequisites

In addition to the limitations of the domain rename tool, specific prerequisites for domain rename must be met before a domain can be renamed. These prerequisites are as follows:

  • The entire forest must be at least Windows Server 2003 functional level— All domain controllers in the domain must be first upgraded or replaced with Windows Server 2003, 2003 R2, 2008, or 2008 R2 and the forest functional level raised to at least Windows Server 2003 functional level.

  • New DNS zones must be created— The DNS server(s) for a domain must have a zone added for the new domain namespace to which the domain will be renamed. The exception is if the domain rename procedure will be renaming only the NetBIOS domain name.

  • Domain rename must run from a console server— A member Windows Server 2008 R2 computer (not a domain controller) must serve as the console server for the domain rename procedure. All domain rename operations are run from this one box.

  • Shortcut trust relationships might need to be created— Any domains that will be “spliced” into a new location in the AD DS forest will need to have a shortcut trust established between itself and the parent domain where it will be transplanted.

Renaming a Domain

The domain rename procedure, from the back end, is not extremely complex. Most of the barriers to domain renaming, aside from the limitations and prerequisites listed in the preceding section, come in the form of the disruption to the forest that is caused by the reboots applied to all the computers in the forest.

After the prerequisites have been satisfied, the domain rename process can proceed. The entire domain rename process is accomplished through six basic steps. As previously mentioned, however, this routine is rather harsh on the network because it causes downtime to a network infrastructure and should not be considered to be a common operation.

Step 1: List Current Forest Description

The tool used for domain rename is known as Rendom. Rendom has several flags that are used in import and export operations. The first procedure run from the console server is rendom /list, which locates the domain controllers for a domain and parses all domain-naming information into an XML document named Domainlist.xml.

This XML document can easily be modified by any text editor such as Notepad and, as will become evident, is central to the domain rename procedure.

Step 2: Modify Forest Description with New Domain Name(s)

The XML file generated by the /list flag must be modified with the new domain-naming information. For example, if CompanyABC is changing its name to CompanyXYZ, all references to companyabc in the XML list are changed to companyxyz. This includes the NetBIOS and DNS names.

Step 3: Upload Rename Script to DCs

After the XML document is updated with the new domain information, it can be uploaded to all domain controllers in a forest through the use of the rendom /upload command. This procedure copies the instructions and new domain information up to all domain controllers within a forest.

Step 4: Prepare DCs for Domain Rename

Domain rename is a thorough process because it is absolutely necessary that all domain controllers in a forest receive the update information. It is, therefore, necessary to run rendom /prepare to initiate a preparation process that checks to see if every single domain controller listed in AD DS responds and signifies that it is ready for the migration. If every single domain controller does not respond, the prepare function fails and must be restarted. This precaution exists to keep domain controllers that are powered down, or not accessible across the network, from coming up at a later time and attempting to service clients on the old domain name.

Step 5: Execute Domain Rename Procedure

After all domain controllers respond positively to the prepare operation, you can initiate the actual domain rename by running the rendom /execute command from the console server. Before the execute command is run, there are actually no changes made to the production environment. However, as the command is run, all domain controllers execute the changes and automatically reboot. You then must establish a method of rebooting all member servers, workstations, and other client machines and then reboot them all a second time to ensure that all services receive the domain-naming change.

Step 6: Post-Rename Tasks

The final step in the Rendom task is to run the rendom /clean operation, which will remove temporary files created on the domain controller and return the domain to a normal operating state.

In addition to the cleanup tasks, you need to effectively rename each domain controller, to change its primary DNS suffix. Each domain controller needs to go through this operation, which you run via the netdom command-line utility. The following steps outline the renaming of a domain controller:

Open a Command Prompt window (choose Start, Run, and then type cmd.exe).

Type netdom computername OldServerName /add:NewServerName.

Type netdom computername OldServerName /makeprimary:NewServerName.

Restart the server.

Type netdom computername NewServerName /remove:OldServerName.

You run all the preceding commands from the command line. Replace the generic designators OldServerName and NewServerName with the entire DNS name of the old server and the new server, such as and

  •  Designing a Windows Server 2008 R2 Active Directory : Understanding the Placeholder Domain Model
  •  Designing a Windows Server 2008 R2 Active Directory : Understanding the Empty-Root Domain Model
  •  Windows 7: Managing Software Once It’s Installed (part 3) - Viewing and Managing Startup Programs
  •  Windows 7: Managing Software Once It’s Installed (part 2) - Viewing and Managing Currently Running Programs
  •  Windows 7: Managing Software Once It’s Installed (part 1) - Assigning Default Programs
  •  Designing a Windows Server 2008 R2 Active Directory : Understanding the Federated Forests Design Model
  •  Designing a Windows Server 2008 R2 Active Directory : Understanding the Multiple Trees in a Single Forest Model
  •  Windows 7 : Installing and Running Your Software (part 2) - Using Older Programs with Windows 7
  •  Windows 7 : Installing and Running Your Software (part 1)
  •  Windows 7 : Software Installation - What You Need to Know
    PS4 game trailer XBox One game trailer
    WiiU game trailer 3ds game trailer
    Top 10 Video Game
    -   Renoir [PS4/XOne/PC] Kickstarter Trailer
    -   Poly Bridge [PC] Early Access Trailer
    -   Renoir [PS4/XOne/PC] Gameplay Explanation Trailer
    -   Renoir [PS4/XOne/PC] More About Trailer
    -   King's Quest: A Knight to Remember [PS3/PS4/X360/XOne/PC] Complete Collection Trailer
    -   Samurai Warriors Chronicles 3 | Announcement Trailer
    -   FIFA 16 | No Touch Dribbling with Lionel Messi
    -   Why We're Cautiously Optimistic For The Final Fantasy VII Remake
    -   Civilization: Beyond Earth – Rising Tide [PC] E3 Gameplay Walkthrough
    -   Why We're Excited For the FFVII Remake
    -   Mortal Kombat X | Predator Brutality
    -   Mortal Kombat X | Predator Fatality
    -   Poly Bridge [PC] Early Access Trailer
    -   Silence: The Whispered World 2 [PS4/XOne/PC] Cinematic Trailer
    -   Devilian [PC] Debut Trailer
    Game of War | Kate Upton Commercial