Sunday, January 3, 2010

How to rename an existing Domain with child

Friends, this post of mine is for Network administrators, IT Manager and System Administrators, today i am going to discuss how to rename a running domain with multiple childs. You people can have such guides on microsoft's official website but here i am going to explain this procedure in a bit easier way.
First we have to know the requirements for Domain rename procedure:

Domain Rename Requirements

1.Forest functionality: You can rename domains only in a forest where all of the domain controllers are running Microsoft® Windows® .Server 2003 Standard Edition, Microsoft® Windows® Server 2003 Enterprise Edition, or Microsoft® Windows® Server 2003 Datacenter Edition operating systems, and the Active Directory forest functional level has been raised to Windows Server 2003.

2.Administrative privileges: The domain rename procedure requires Enterprise Admins privileges to perform the various steps in the procedure.

3.Control station: The computer to be used as the control station for the domain rename operation must be a member computer (not a domain controller) running Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, or Windows Server 2003 Datacenter Edition.

4.DFS root server: To rename a domain with domain based DFS roots, all DFS root server must be running Windows 2000 server with SP3 or higher.

Pre Domain Rename Steps:

1.Raise Forest Functional Level to Windows server 2003:

•Open Active Directory Domain and Trusts.
•In the scope pane, right click Domains and then raise all domain functional levels to windows server 2003.
•After that right click Active Directory Domain and Trust and then click Raise Forest Functional Level.
•n the Select an available forest functional level box, click Windows Server 2003, and then click raise.
•Click OK to raise the forest functionality, and then click OK again

2.Prepare DNS Zones for Domain Rename
Whenever an application or client request access to AD, a Active Directory server is located by DC locator mechanism, DC locator uses SRV resource record in DNS to locate Domain Controller, due to this reason before renaming an AD domain we need to create appropriate DNS Zones.

•Firstly compile a list of DNS Zones to be created
•Use the DNS mmc for this purpose
•Add a forward lookup zone
•Configure the dynamic DNS update by “Allow Dynamic Updates

3.Configure Member Computers for Host Name Changes.

By default, the Primary DNS suffix of a member computer of an AD domain is configured to change automatically when the domain membership of the computer changes. Same thing happens when the DNS name of a domain to which a computer is joined changes. To apply the Group policy to change Primary DNS suffix to group of member Computers:

•Before doing this move on a member computer, in control Panel click System.
•Click computer Name tab and then click change.
•Click more and verify whether change primary domain suffix when domain membership changes is selected.
•Now verify this by registry. Open registry by regedit.
•Navigate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Set\Tcpip\Parameters.
•Verify whether the value REG_RWORD SyncDmainWithMembership is 0x1. This value indicates that the primary DNS changes when the domain membership changes.
•Now to apply above settings on all member computers move on Active Directory Users and Computers, right-Click the domain or OU now click Group policy tab.
•Create a new Group Policy object and edit.
•Under Computer Configuration, expand Administrative Templates, Network and then click DNS client.
•In the results pane, double click Primary DNS suffix and Enabled and then enter a primary DNS suffix box, type the DNS suffix for the domain whose member computers are in the group.

4.Activities to Discontinue Prior to Domain Rename

•Creating or removing domains from forest
•Creating or removing application directory from forest
•Adding or removing domain controllers from forest
•Creating or deleting shortcut trust within forest
•Adding or removing attributes from global catalog.

Procedures of the Windows Server 2003 domain rename:


Step #01: Backup All Domain Controllers

Perform a full system state backup of all domain controllers in the forest.

Step #02: Setup the Control Station

Create a computer with Windows server 2003 standard edition, Windows Server 2003 Enterprise Edition or Windows Server 20003 Datacenter Edition operating system. Join this computer to the existing domain (Remember do not install active directory on this system or do not use a domain controller for domain renaming operation.). Now setup Control Station with the required tools for domain rename operation.

1.On the control station create a directory named X:\Domain Rename where X: is a local disk drive
2.Insert windows server 2003 Standard Edition, Windows Server 2003 Enterprise Edition or Windows Server 20003 Datacenter Edition operating system CD and copy the files from the valueadd directory as follows:
Copy M:\valueadd\msft\mgmt\DomainRename\*.* X:\Domain Rename
Where M: is the CDrom drive, varif that two tools random.exe and gpfixup.exe have been copied into the working directory of X:\Domain Rename on the control station.
3.Install the Support Tools from Support\Tools folder from windows server 2003 Standard Edition, Windows Server 2003 Enterprise Edition or Windows Server 20003 Datacenter Edition operating system CD. Verify that the tools repadmin.exe and dfsutil.exe are installed on control station.

Step #03: Generate the Current Forest Description
To generate forest structure in XML encoded file user must be a member of enterprise admin group in the current forest and local admin group of the control station.

1.On the control station, open a command prompt and change to the X:\Domain Rename directory.
2.At the command prompt, type the following command and press ENTER:
rendom /list
3.Save a copy of the current forest description file (domainlist.xml) as domainlist-save.xml for future reference by using the following copy command:
copy domainlist.xml domainlist-save.xml

Step #04: Specify the New Forest Description
To perform this, change the current forest description with new forest description in domainlist.xml.

1.Open domanlist.xml file in a simple text editor such as Notepad.
2.Replace current DNS, NetBIOS and application directory partitions to the planned new DNS and NetBIOS names.
3.Now save it with the same name.
4.To review the new forest description in domainlist.xml use following command and then press ENTER
rendom /showforest

Step #05: Generate Domain Rename Instruction

To generate the domain rename instructions and upload them to the domain naming master.

1.On the control station, open a command prompt
2.From within the X:\Domain Rename directory, execute the following command:
rendom /upload
3.Verify that the domain rename tool created the state file dclist.xml in the directory X:\Domain Rename and that the state file contains an entry for every domain controller in the forest.
The rendom /upload command generates the domain rename instructions and upload them to Active Directory.


Step #06: Push Domain Rename Instruction to all DCs and Verify DNS Readiness
To discover the DNS host name of the domain naming master.

1.On the control station, open a command prompt
2.At the command prompt, type the following and then press ENTER:
Dsquery server –hasfsmo name
3.To force synchronization of changes made to the domain naming master. Type following command and press ENTER.
Repadmin /syncall /d /e /P /q DomainNamingMaster
Where DomainNamingMaster is the DNS host name of the domain controller that is the current domain naming master for the forest.

Step #07: Verify Readiness of Domain Controllers

To verify the readiness of domain controllers in the forest

1.On the control station, open a command prompt and change to the X:\Domain Rename directory
2.At the command prompt, tupe the following command and then press ENTER
rendom /prepare
3.Once the command has finished execution, examine the state file dclist.xml to determine whether all domain controllers have achieved the prepared state.

Step #08: Execute Domain Rename Instructions

To execute the domain rename instructions on all domain controllers

1.On the control station, open a command prompt.
2.At the command prompt, type the following and then press ENTER
rendom /execute
3.When the command has finished execution, examine the state file dclist.xml determine whether all domain controllers have reached either the Done state or the Error state.
4.If the dclist.xml file shows any DCs remaining in the prepared state.


Step #09: Unfreeze the Forest Configuration

To ensure that all services on the control station learn the new domain name

1.Reboot the control station twice to ensure all services running on it learn of the new domain name of which the control station is a member. {Do not restart the control station by turning its power off and then back on.
2.To unfreeze the forest configuration, execute the following command from X:\DomainRename.
rendom /end

Step #10: Re-establish External Trust

All external trusts should be deleted and recreated from/to domain rename operation occurred. When a domain in the forest is renamed, the following trust relationships become invalid.

1.Any inter-forest trust relationship established at the forest root level (cross-forest trust)
2.Any external trust relationship with a domain in another forest.

Step #11: Fix Distributed File System (DFS) Topology

To fixup DFs topology in every renamed domain following steps should be followed:

1.For a renamed domain examine the DFS topology using the DFS MMC or dfsutil.exe.
2.The Dfs root path would need to be changed in the topology. For example, if the name of domain abc.com changed to xyz.com then a domain based Dfs root named \\abc.com\public to \\xyz.com\public.
3.On control station, open a command prompt for each Dfs root and type the command
Dfsutil /RenameRoot /Root: DfsRootPath /OldDomain: OldName /NewDomain: NewName /Verbose
Where
DfsRootPath is old Dfsrootpath
OldName is exact old name to be replaced in the topology for the Dfs root
NewName is the exact new name to replace the old name in the topology.

Step #12: Re-establish External Trust

To fixup Group Policy in every renamed domain following steps should be followed:

1.On the control station open a command prompt and change to the path X:\Domain Rename
2.Now type the following command
Gpfixup /olddns: OldDomainDnsName /newdns: NewDomainDnsName /oldnb: OldNetBIOSName /newnb: NewDomainNetBIOSName /dc:DcDnsName 2>&1 >gpfixup.log
Where
OldDomainDnsName is the old DNS name of the renamed domain
NewDomainDnsName is the new DNS name of the renamed domain
OldNetBIOSName is the old NETBIOS name of the renamed domain
NewDomainNetBIOSName is the new NETBIOS name of the renamed domain
DcDnsName is the DNS host name
3.The output of the command execution both status or error is saved to the file gpfixup.log
4.To force replication of the Group policy fixup changes made at the DC named in DCDNSName of this procedure to the rest of the DCs in the renamed domain, type the following and then press ENTER
repadmin /syncall /d /e /P /q DcDNSName NewDomainDN
Where
DCDnsName is the DNS host name of the DC that was targeted by the gpfixup command
NewDomainDN is the distinguished name (DN) corresponding to the new DNs name of the renamed domain.

Post Domain Rename Steps:

1.Rename the Host machine of domain controller
2.Restart the domain Controller
3.Restart the Control Station
4. Restart all Member Stations