Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2006-05-24) Domain Rename Impact

Posted by Jorge on 2006-05-24

In the following post you can find information about performing a domain rename:


In addition to that you will find here WHAT a domain rename impacts. As you can see it is NOT something you can underestimate!

A domain rename impacts the following "in some way" (!!!may not be an exclusive list!!!):

  • ALL DCs in the forest (and additionally the DNS names of the DCs in the renamed AD domain)
  • AD replication
  • DNS environment (zones, delegations, suffix search lists, etc.)
  • All places that use the NetBIOS name and/or DNS name of the AD domain that was renamed (think about paths, scheduled jobs, credentials for services, login scripts, batch files, GPOs, GPO configs using DNS pathnames, GPO configs for Primary DNS suffixes, Shortcuts, etc, etc.)
  • Certificate Authorities and certificates
  • Exchange servers in the renamed AD domain
  • Clients/servers in the renamed AD domain
  • Legacy clients/servers (e.g. NT4) in the renamed AD domain
  • Clients that connect through Dial-up/VPN
  • Outlook users with mailboxes on Exchange servers in the AD domain
  • Applications that use application partitions that are a child of the renamed AD domain
  • Trust relationships
  • Domain DFS namespace in the renamed AD domain
  • DFS link/folder targets used in the Domain DFS namespace in the renamed AD domain
  • GPOs and GPO links in the renamed AD domain and GPO links in other AD domains that use GPOs from the renamed AD domain
  • Folder redirection when used with DFS in the renamed domain
  • UPN suffixes for user accounts
  • ???

* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
############### Jorge’s Quest For Knowledge #############
######### ########


5 Responses to “(2006-05-24) Domain Rename Impact”

  1. Jorge said

    Oh and I forgot to add:
    * It takes a crap load of work to do! šŸ˜‰

  2. Hello Jorge,

    I heard that it is also possible to rename a Windows Server 2003 Domain Controller execpt it it hosts a Microsoft’s Certificate Authority services (CA).

    Does this operation have the same impact as renaming a domain ? Could u give us the necessary steps to ensure that the process will be a success.


  3. Jorge said

    Hi Yann,

    To rename W2K3 DCs see:

    I don’t have experience with renaming a DC that contains a CA. What I do know it is not possible to rename the server because of the CA and you cannot change domain if it was just a member server.

    In this case I guess you would have to move the CA from the server (DC) to another server, rename the DC, and move it back (if needed). Try this first in a test environment.

    To move a CA see:
    "How to move a certification authority to another server"


  4. We done it previously very with cake walk without impacting anything. (We don’t have CA in that environment).

    rendom /list
    rendom /prepare
    rendom /execute
    rendom /clean

    only precautions are run this tool from member server.
    before /execute fix the errors comming from /prepare.
    rename domain in .xml file which was generated


  5. […] […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: