(2010-10-09) Should You Do A Domain Rename Or Not – That’s The Question?
Posted by Jorge on 2010-10-09
A friend of mine asked me if a domain rename is something that should/could be used or not within an organization. What I answered him is more or less explained in this blogpost. Information about performing a domain rename can be found through the following links:
Instead of performing a domain rename , you could also create a new domain in an existing AD forest or new AD forest and migrate  everything into that new AD domain. To determine which to use ( or ), you must know the AD forest environment very very well! With "AD forest environment" I mean: the size of the environment, number of DCs per AD domain/site (location), number of AD sites (locations) with DCs, the AD forest/domain structure, the version of AD, version of AD aware/enabled apps (e.g. exchange, ocs, etc.), versions of member server and member client operating systems, which client/servers apps (e.g. SQL, Citrix, etc.) exist and their versions, what the remote possibilities are to connect to the DCs (including when the DCs are booting) and the dependency of such a solution with AD, where support personnel is available and where not, etc, etc. As you can see, doing your homework is the very first step to take before anything else! Doing this homework should help you in determining how much technical and logistical pain you may experience during such as exercise. The impact of doing a domain rename is HUGE! In a test environment I do not have any issues with doing a domain rename, but in a production environment I would never do this that easily and probably I would never do it. Domain rename impacts ALL DCs in the AD forest at the same time and therefore not just the DCs in the AD domain for which you want to rename the NetBIOS Name and/or the FQDN. If you still think domain rename is still a viable option to check out, then make sure you have a very representative test environment with all applications to see where things might go wrong. Also check with the vendor of the app/system if it supports domain rename at all. Create a plan of your own and test, test, test, test, test, test, test, test, test, test, test, test! Also make sure to have an up-to-date and tested disaster recovery plan as a fallback plan when the shit hits the fan!
An example: assume your AD forest has 3 AD domains and each AD domain has 100 DCs. So in total you have 300 DCs in the AD forest. At a certain point in time (check the domain rename manual from Microsoft) ALL those DCs in the AD forest will reboot AT THE SAME TIME. It would scare the crap out of me rebooting 300 DCs at the same time! A simple test before performing a domain rename is to reboot each and every DC kust to make sure it return in normal mode without any issue.
After the domain rename, you most likely have to fix all kinds of applications in some way. Some apps/systems might not work until certain repairs have been done. It is still possible that domain rename is not possible or even not supported by Microsoft. For example, if you have Exchange in your AD environment, then this will play a very important role in determining if it is even possible to perform a domain rename.
The biggest disadvantage of a domain rename is the huge impact on the environment and the impossibility of doing it in a phased manner.
The other option that can be used, instead of a domain rename, which does not impact the environment that heavily and does allow a phased manner and with much lower risks, is a domain migration.
Remember though that if you have multiple AD domains in a specific AD forest, that this is far from a best practice. You might also want to think about consolidation your AD domains within that AD forest as much as possible. Much organizations do not do this (consolidation) because the benefits do not outweight the costs involved
The following was taken from MS-KBQ300864:
Examples of applications that are incompatible with domain rename include, but are not limited to, the following products:
- Microsoft Exchange 2000 Server
- Microsoft Exchange Server 2007
- Microsoft Internet Security and Acceleration (ISA) Server 2004
- Microsoft Live Communications Server 2005
- Microsoft Operations Manager 2005
- Microsoft SharePoint Portal Server 2003
- Microsoft Systems Management Server (SMS) 2003
- Microsoft Office Communications Server 2007
With regards to a domain rename I found the following questions to which I or others responded
OK, I have raised domain functional level to windows server 2003 and also set functional level to windows server 2003. Now how do I rename my domain name? Next steps, please advice.
I hope you are kidding! You want to do a domain rename and are asking for the steps here? That means you did not do any homework, correct? IMHO that’s the most NOT RECOMMENDED action to take. Microsoft provides documents about the domain rename. You should read it, understand it, TEST it and decide if you really want to do it. Domain Rename has a HUGE impact on the environment and is NOT something to think easy of.
My suggestion as next step. start reading domain rename docs:
Does anyone know the Domain Rename Supported combinations of Windows and Exchange
W2K3 AD with E2K3SP1 = supported
W2K8 AD with E2K3SP1 = supported
W2K3 AD with E2K7 RTM/SP1 = NOT supported
W2K8 AD with E2K7 RTM/SP1 = NOT supported
W2K3 AD with E2K3SP2 = ???
W2K8 AD with E2K3SP2 = ???
With regards to W2K8 please read http://technet.microsoft.com/en-us/library/cc816848.aspx. it says:
"The Windows Server 2008 domain rename operation is not supported in an Active Directory forest that contains Exchange Server 2003, Exchange Server 2003 SP2, Exchange Server 2007, or Exchange Server 2007 SP1.". So I guess 2nd scenario is not supported. The http://msexchangeteam.com/archive/2004/08/30/222719.aspx link has info on W2K3. It says "All Exchange servers in the org must be Exchange 2003 SP1 + " . So I guess first scenario is OK. Might be worth posting a comment on the exchange product group’s blog in case there have more recent info.
I know about that article and what is stated there. That was the reason WHY I asked my question. I was wondering if Exchange 2003 WITH SP2 supports Domain Rename in both w2k3 and w2k8 AD. It looks like:
Domain Rename W2K3 AD with E2K3SP2 = OK
Domain Rename W2K8 AD with E2K3SP2 = NOT OK
Windows Server 2008 Answer? –> http://technet.microsoft.com/en-us/library/cc794909.aspx
The Windows Server 2008 domain rename operation is not supported in an Active Directory forest that contains Exchange Server 2003, Exchange Server 2003 Service Pack 2 (SP2), Exchange Server 2007, or Exchange Server 2007 Service Pack 1 (SP1).
Same info, different article. Two sources mention this… does anyone know *WHY*:
W2K3 AD + E2K3 SP2 = OK
W2K8 AD + E2K3 SP2 = NOT OK
I found this snippet.
As part of PrepareAD, the Exchange Server 2007 setup tool stamps the Active Directory with a number of server names in GUID and fully-qualified domain name (FQDN) formats. This is to enable Exchange Server 2007 to fulfill a much-requested feature: don’t require WINS. Unfortunately, from a Domain Rename perspective, this means that once PrepareAD has occurred, it’s too late to go back. At that time, the ONLY option for a domain rename is to remove ALL Exchange servers. That includes any Exchange 2000 Servers or Exchange Server 2003 servers which may be in the environment. The goal is to be able to remove the Organization container in Active Directory (which removing the last Exchange server in a forest will do). Having an updated schema is not an issue. Once the Organization container is gone, a domain can be renamed and Exchange re-installed. But that’s a very very dangerous option. Doing a full active directory migration to a new forest may be safer. Consider yourself informed! Until next time…
As always, if there are items you would like me to talk about, please drop me a line and let me know!
Got word. They never tested it (W2K8AD+E2K3SP2). Reason for that people almost choose migration over rename. Third-party apps most of the time do not support rename.
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########