Here is yet another gem from my new gig. One of the things I walked into was a very strange Microsoft Active Directory topology. I am fairly certain that the admin that set it up didn't really know what they were doing, but they tried real hard. You see, they set up three domains on the network, under three different forests using the same FQDN! By that I mean, they are all named exactly the same! Who the hell does that?
Not only that, but the FQDN of the forests and the domains are technically in sub-domain format. For example, a top level domain would look like domain.com right? If they want to create child domains under the same forest then they would use the sub-domain format like hq.domain.com. Well they named the forest hq.domain.com. Again, who the hell does that?
Well, yesterday I decided that it was time to fix it, so I broke out a command line tool called Rendom.exe. If your network is a Windows 2003 functional level domain, you can download the tools here (Domain Rename Tools For 2003). If your network is a 2008 functional level or above, then your DC has Rendom built in under the System32 directory.
Anyway, it works the same in both. Here are the steps to rename your domain:
- Run rendom /list to create a Domainlist.xml file with your current forest and domain configuration.
- Open Domainlist.xml with Notepad and make your domain name changes
- Run rendom /showforest to check your future configuration
- If everything looks good, run rendom /upload to upload your changes
- Run rendom /prepare to prepare AD for the changes
- Run rendom /execute to make your changes. You will be required to reboot your DC.
- After the DC reboots, run the included gpfixup tool to fix your GPO's as follows:
gpfixup /olddns:hq.domain.com /newdns:domain.com
and if you changed the Netbios name as well...
gpfixup /oldnb:domain /newnb:dm
- FInally run rendom /clean to cleanup the changes
After you are done with all of that, you will need to reboot all the hosts on your network once or twice to get everything syncing again. You may also have to manually make changes in DNS.
One thing to note in my environment is that I do not have an Exchange server, so this change was rather easy. If you have Exchange in your environment, do some more research before changing your domain.
Have you ever had to do this yourself? Why did you need to change your domain's name? Let us know your story in the comments!