Domain Rename – Rename a Windows 2003 Forest with Exchange 2003 installed

by [Published on 17 Aug. 2004 / Last Updated on 17 Aug. 2004]

In this article I will give you a Step by Step solution how to rename a Windows 2003 domain with Exchange 2003 installed. This article will not explain every step how to do a domain rename. This is documented in the “Step-by-Step Guide to Implementing Domain Rename“. You will find the link at the end of this article. The Windows Server 2003 Active Directory Domain Rename Tool provides a supported methodology to rename one or more domains in an Active Directory forest. The DNS name and the NetBIOS name of a domain can be changed using the domain rename procedure. Note that implementing domain rename is a complex undertaking that requires thorough planning and a good understanding of the domain rename procedure.

Let’s begin

Before we are discussing the necessary steps for domain rename, you must ensure that you have a functioning and current Backup of your Active Directory infrastructure and Exchange and that you have a tested recovery plan in mind if domain rename fails.

In our example we have a Windows 2003 domain named msexchange.org. Msexchange.org has the Windows Server 2003 forest functional level with Exchange 2003 SP1 installed. Due an merger we would like to rename the domain to Msexchange.com.

Why a Domain Rename?

There are several reasons why a domain rename is necessary. Some examples:

  • Fear of making irreversible decisions about domain names and forest structure
  • Delay any deployment while striving for “perfect” forest structure and domain names
  • Changes in geography
  • DNS structure change
  • Unforeseen business dynamics necessitating domain name changes
  • Company merger or acquisition
  • Business unit reorganization

Supported Operations

The following operations are supported by RENDOM

  • Rename the DNS name of a domain
  • Rename the NetBIOS name of a domain
  • Restructure a domain
  • Move any non-root domain under a new parent domain in the same forest
  • Move any non-root domain to a new tree in the same forest
  • Simple rename without repositioning any domains in the forest structure
  • Create a new domain-tree structure by repositioning domains within a tree
  • Create new trees


Figure 1: An example of the domain rename process

Limitations

No good product without limitations and drawbacks. It is not possible to do all renaming operations with RENDOM. The following limitations exist:

  • The forest root domain is the root of one of these trees
  • Forest must be well formed after the domain rename operation
  • The DNS names of the domains comprising the forest form one or more trees
  • Cannot have a domain whose domain name is subordinate to the domain name of an Application Directory Partition root
  • The forest root domain can be renamed, but must remain the forest root

Requirements for domain rename

  • Windows Server 2003 forest functional level
  • Account must be a member of the Enterprise Administrators group
  • A single computer running any edition of Windows Server 2003 that is to be used as the control station during a domain rename operation
  • Latest domain rename tools published at the domain rename Web site: http://go.microsoft.com/fwlink/?LinkId=5585
  • DFS root servers running a minimum of Windows 2000 SP3 or later

Error Message of RENDOM when the Forest functional level is not Windows 2003


Figure 2: RENDOM error message because of wrong functional level

The domain rename Tool

Rendom.exe is the command-line utility for renaming domains in Windows Server 2003 forests. Rendom is used to carry out the multiple steps in the domain rename procedure. You precede the domain rename process by using Rendom to prepare a list of domains in the forest. You begin the domain rename process by using Rendom to generate a script (Forest description file) that contains the instructions for renaming domains in the forest. You use Rendom again to verify that all DCs are adequately prepared (RENDOM /PREPARE) to make the necessary updates to rename the domains. Finally, you use Rendom to execute (RENDOM /EXECUTE) the actual domain rename instructions on every DC. Following the domain rename procedure, you use Rendom to remove all metadata written to the directory by the domain rename operation.

You can download the domain rename Tools here: http://www.microsoft.com/windowsserver2003/downloads/domainrename.mspx

Attention:
The RENDOM.EXE tool from the web doesn’t work with Exchange installed. Use the version from the Windows 2003 CD. An updated version of RENDOM.EXE is suspected in the future.

The installation of RENDOM is simple.

Doubleclick DOMAINRENAME.EXE. The process extracts two files:

  • RENDOM.EXE
  • GPFIXUP.EXE

Rendom has several command line switches:


Figure 3: RENDOM command line switches

The Domain Rename State File

As a result of the first command (RENDOM /LIST) you issue to begin the domain rename process, Rendom creates an XML file called the state file, which contains the list of all DCs in the forest. As DCs progress through the various steps in the procedure, Rendom updates the state file to track the state of each DC relative to the completion of the domain rename process.

As you perform each step in the domain rename operation, Rendom automatically updates the state file. By monitoring the states of completion of each DC in the state file, you receive the information you need to issue the next Rendom command in the sequence. You can edit the state file to temporary exclude some DC for domain renaming procedure.

Current Domain Names — Generating the Forest Description File

The RENDOM /LIST command generates the current forest description and writes it to an output file (DOMAINLIST.XML) using an XML-encoded structure. This file contains a list of all domains and application directory partitions in the forest, along with the corresponding DNS and NetBIOS names.

Each domain and application directory partition is also identified by a globally unique identifier (GUID), which does not change with domain rename. To simplify specifying the new forest structure, Rendom gathers and compiles the current forest structure automatically such that the new forest structure can be overlaid on top of it.


Figure 4: DOMAINLIST.XML – Forest description file

Simply replace the old ForestDNSZones and DomainDNSZones names with the new domain name. You can (but not must) change the NetBIOSName. For large organizations I recommend to use the search and replace function of your editor.

GPFIXUP

When the DNS name of a domain changes, any references to Group Policy Objects (GPOs) within the renamed domain through Group Policy links (the gpLink attribute) on sites, domains, and organizational units is rendered invalid because they are based on the old domain name. Furthermore, the optional attribute gpcFileSysPath on a GPO that holds a uniform naming convention (UNC) path to a Group Policy templates folder located in the sysvol volume of the renamed domain will also be rendered invalid because the path uses the old domain DNS name. To correct the severed Group Policy links and the invalid UNC paths in GPOs within the renamed domain, you can use the Group Policy fix-up tool gpfixup.exe to refresh the Group Policy links and the UNC paths in GPOs based on the new domain name.

The Group Policy fix-up tool should be run once for every renamed domain soon after the actual domain rename operation has been completed and before another domain rename operation is performed.

The fix-up tool gpfixup refreshes all intradomain GPO references/links (that is, where the link and the target GPO are within the same domain) in the renamed domain. However, cross-domain references to GPOs in the renamed domain, where the link is in a different domain from the domain containing the GPO, will not be automatically rebuilt by this tool. For them to work, these cross-domain links will need to be repaired manually by deleting the old Group Policy links and re-establishing new links.


Figure 5: GPFIXUP command line switches

Preparatory Steps

It is not possible to explain every preparatory Step. For a detailed description see the domain rename Whitepaper.

  • Verify application and service compatibility
  • Verify domain controller and replication health (Keyword: REPADMIN, DCDIAG, REPLMON)
  • Prepare trusts (Keyword: Create trusts as necassary)
  • Prepare DNS zones Publishing (Keyword: Two Sets of Locator SRV Resource Records in DNS)
  • Prepare domain-based DFS paths (Keyword: DFS RootTarget)
  • Prepare PKI (Keyword: CDP und AIA)
  • Prepare member computers for host name changes
  • Communicate with the user base (Keyword: inform every user before and after domain rename)

WARNING:
Rendom.exe tool versions before version 1.2 did not detect Exchange 2000 and incorrectly permitted domain rename operations. The actual version as I wrote this article was version 1.3.

The RENDOM.EXE tool from the web doesn’t work with Exchange installed. Use the version from the Windows 2003 CD. An updated version of RENDOM.EXE is suspected in the future.

Procedures of the Original Windows Server 2003 domain rename tool

Step

Description

Step 1

Back up all domain controllers

Step 2

Set up the control station

Step 3

Generate the current forest description (rendom /list)

Step 4

Specify the new forest description

Step 5

Generate domain rename instructions (rendom /upload)

Step 6

Push domain rename instructions to all domain controllers and verify DNS

Step 7

Verify readiness of domain controllers (rendom /prepare)

Step 8

Execute domain rename instructions (rendom /execute)

Step 9

Unfreeze the forest configuration

Step 10

Re-establish external trusts

Step 11

Fix Distributed file system (Dfs) topology

Step 12

Fix group policy objects and links (gpfixup.exe)

After the domain rename procedure

Verify certificate security after domain rename
Miscellaneous tasks
Back up domain controllers
Restart member computers
New: Verify the Exchange rename
New: If applicable, update Active Directory Connector (ADC)
Attribute clean up after domain rename
Rename domain controllers (optional)
New: Domain Controller Rename Follow-Up Steps

Source: Exchange Domain Rename Fix-up.doc with a few modifications

Important: To use this step by step Guide to rename Windows 2003 domains with Exchange 2003 installed, see the step by step guide later in this article.

RENDOM steps


Figure 6:
Required RENDOM switches

Post Rename operations

  • Enable old certificates and smart cards
  • Enable and verify certificate security
  • Back up domain controllers
  • Communicate with user base
  • Restart member computers (ALL)
  • Rename domain controllers (optional)
  • Clean up domain rename metadata (RENDOM /CLEAN)

Legacy Clients

If your environment consists of NT4 Clients, you have to unjoin and rejoin every client from the domain because it is not possible with NT4 to automatically reflect the renamed domain.

Language Support

The domain rename tools can be used on all language versions of Windows Server 2003. There are no language-specific versions of the tools.

XDR-fixup

Exchange Domain Rename Fix-Up (XDR-fixup.exe) fixes Exchange attributes after you rename a domain that contains Exchange 2003 servers. XDR-fixup is available as part of the Exchange 2003 Web Tools as a separate Download. Point your browser to http://www.microsoft.com/exchange/downloads/2003.asp.

XDR-fixup is not a replacement of the Windows 2003 domain rename tools. The Windows Server 2003 domain rename tools were originally designed for renaming domains in Microsoft Active Directory directory service forests that do NOT contain Exchange 2000 or Exchange 5.5 servers. This limitation was because of renaming a domain affects several Exchange attributes, and there was no method for fixing these attributes. Microsoft Exchange Server 2003, however, is compatible with the Exchange Domain Rename Fix-Up tool (XDR-fixup.exe), which fixes Exchange attributes after a domain rename.

Domain rename is not supported in forests that contain Exchange 2000 or Exchange 5.5.

The installation of XDR-fixup is simple. Only doubleclick the installation file and follow the instructions:


Figure 7: XDR-fixup setup

Running the XDR-fixup tool is an additional step required for doing a domain rename operation. XDR-fixup modifies Exchange Active Directory attributes to reflect the new domain name.

The XDR-fixup tool does not replace the Windows Server 2003 domain rename tools, nor does it extend the functionality of the domain rename tools. You must run XDR-fixup.exe every time you run RENDOM /EXECUTE.

What does XDR-fixup NOT do?

Domain rename does not rename e-mail domains

Domain rename doesn’t change any e-mail domain in Exchange doesn’t change any recipient policy. You must change your recipient policy after domain rename.

Domain rename does not rename the Exchange Organization

You cannot rename the Exchange Organization with the domain rename tool.

Domain rename does not merge Exchange Organizations   

It is not possible with domain rename to merge two Exchange organizations into a single Exchange organization.

Prerequisites

XDR-fixup has the following requirements:

Windows Server 2003 is required
All domain controllers must be running Windows Server 2003, and the Active Directory functional level must be at the Windows Server 2003

Administrative privileges
The domain rename procedure requires enterprise administrative privileges to perform the steps in the procedure. The account you use must also have Full Exchange Administrator permissions.

Exchange 2003 is required
The domain rename tools are supported in Exchange 2003; all Exchange servers in the organization must be running Exchange 2003.

Exchange 2000 and Exchange 5.5 are not supported
The rendom.exe and XDR-fixup.exe tools are not supported in Exchange 2000 or Exchange 5.5. If the rendom.exe tool detects Exchange 2000 servers, the tool will not proceed. However, the tool will not detect whether Exchange 5.5 servers exist; do not attempt the operation if a domain contains Exchange 5.5 servers. If any SRS instance is running in the forest, you must remove it before the domain rename process begins.

Exchange must not be installed on domain controllers
To use the domain rename operation, Exchange must not be installed on any domain controllers (if Exchange is loaded on a DC deinstal Exchange from it)

How to Use XDR-fixup

XDR-fixup has several command line switches:


Figure 8: XDR-fixup command line switches

XDR-fixup installs all executables into the following directory: \Program files\Exchsrvr\Exchange Domain Rename Tools.

XDR-fixup integrates into the normal Windows 2003 domain rename steps with three additional steps:

I will call the first Step Step 0

The two steps between Step 8 and Step 9 are important for Exchange 2003 rename.

Domain rename steps with the new Exchange-related steps inserted

Step

Description

Step 0

Preliminary Steps:
Move Exchange off of domain controllers
Discontinue Exchange Configuration Changes

Step 1

Back up all domain controllers

Step 2

Set up the control station

Step 3

Generate the current forest description (rendom /list)

Step 4

Specify the new forest description (save the original XML file as domainlist-save.xml)

Step 5

Generate domain rename instructions (rendom /upload)

Step 6

Push domain rename instructions to all domain controllers and verify DNS
Create new DNS zones and settings with secure dynamic DNS updates

Step 7

Verify readiness of domain controllers (rendom /prepare)

Step 8

Execute domain rename instructions (rendom /execute) DC REBOOTS

-- New --

Update the Exchange configuration (run XDR-fixup)

-- New --

Restart all Exchange servers and Exchange System Manager clients twice

Step 9

Unfreeze the forest configuration

Step 10

Re-establish external trusts

Step 11

Fix Distributed file system (Dfs) topology

Step 12

Fix group policy objects and links (gpfixup.exe)

After the domain rename procedure

Verify certificate security after domain rename
Miscellaneous tasks
Back up domain controllers
Restart member computers
New: Verify the Exchange rename
New: If applicable, update Active Directory Connector (ADC)
Attribute clean up after domain rename
Rename domain controllers (optional)
New: Domain Controller Rename Follow-Up Steps


Source: Exchange Domain Rename Fix-up.doc with a few modifications

It is not possible to explain every step in detail for this article. I will write a few lines to some step. For detailed information see the corresponding Whitepaper.

Step 0            
This should be clear to understand. Remove Exchange from every DC

Step 1            
Back up all domain controllers to ensure that a failback in case of emergency is possible

Step 2            
Set up the control station. The control station must be a Member of the domain and a Windows 2003 Server. You have to install the Windows Server 2003 support tools and the ADMINPAK.MSI. “Install the RENDOM tool and the XDR-fixup on the control station.

Step 3            
Generate the current forest description (rendom /list)

Step 4            
Specify the new forest description. To do so edit the file and change the names to reflect the new domain name

Step 5            
Generate domain rename instructions (rendom/upload)

Step 6
Push domain rename instructions to all domain controllers and verify DNS (rendom uses a special RPC which it sends to every DC)

Step 7
Verify readiness of domain controllers (rendom /prepare)

Step 8            
Execute domain rename instructions (rendom /execute)

-- New --        
Update the Exchange configuration (run XDR-fixup)

-- New --        
Restart all Exchange servers and Exchange System Manager clients twice

Step 9            
Unfreeze the forest configuration

Step 10          
Re-establish external trusts. You must re-astablish every external trusts because it doesn’t reflect the NETBIOS name changes. The interdomain trust will be automatically fixed.

Step 11          
Fix Distributed file system (Dfs) topology. You must use DFSUTIL to reference to the new domain name

Step 12          
Fix group policy objects and links (gpfixup.exe). GPFIXUP fixes GPO references to the renamed domain name.

To run the XDR-fixup tool (between Steps 8 and 9 of the domain rename procedure), perform the following steps:

Wait for ALL domain controllers to reboot and replication to complete.

Run the following command:

XDR-fixup /s:DOMAINLIST-SAVE.XML /e:DOMAINLIST.XML /trace:TRACEFILE /changes:CHANGESCRIPT.LDF /restore:RESTORESCRIPT.LDF

Note: This step must be run only once per forest


Figure 9: XDR-fixup

Attention: Be sure that you specify the right credentials in the XDR-FIXUP command because the NETBIOS domain name might be changed. You can also specify the credentials in UPN format (username@domain.tld).

After the XDR-fixup command has run, log off the control station computer and immediately

Logon again.

Run the following command:  LDIFDE –i –f CHANGESCRIPT.LDF

Restart ALL Exchange Servers

Verify successful Exchange Rename

Update Active Directory Connectors when you use the ADC for Interorganizsational restructuring (Please keep in mind that XDR-Fixup is not supported for Exchange 2000 / 5.5 – so when you use ADC for Exchange 5.5 migrations).

You have successfully renamed Windows 2003 and patched Exchange 2003. This article ends here. In a real life environment you have to fix a lot more components like …

  • Back up domain controllers
  • Restart ALL member computers
  • After the domain rename procedure verify certificate security after domain rename. You must prepare the URLs for CDP and AIA Extensions after Domain Rename
  • Verify sucessful Exchange rename (update recipient policy and more)
  • Update Active Directory Connector (ADC)  you use it for interdomain synchronization
  • Attribute clean up after domain rename
  • Rename domain controllers (optional)
  • Prepare legacy clients (domain rejoin of all NT4 clients)

Conclusion

As you can see in this article it is not so easy to do a domain rename with Windows 2003 and Exchange 2003.

Note that implementing domain rename is a complex process that requires thorough planning and a good understanding of the domain rename procedure.

I have tested domain rename only in a Lab environment and I cannot recommend doing a domain rename in a production environment.

Related Links

Windows 2003 Domain Rename information

http://www.microsoft.com/windows2000/downloads/tools/domainrename/default.asp

http://support.microsoft.com/default.aspx?scid=kb;EN-US;819145

Windows 2003 Domain Rename Tools

http://www.microsoft.com/windowsserver2003/downloads/domainrename.mspx

Exchange Server Domain Rename Fixup

http://www.microsoft.com/downloads/details.aspx?FamilyId=24B47D4A-C4B9-4031-B491-29839148A28C&displaylang=en

http://support.microsoft.com/?id=838623

The Author — Marc Grote

Marc Grote avatar

Marc Grote is an MCSA/MCSE Messaging & Security, MCSE Private Cloud and Server Virtualization, an MCTS/MCITP and a Microsoft Certified Trainer and MCLC. He is a freelance Consultant and IT Trainer in the north of Germany near Hanover. He specializes in System Center, TMG/UAG Server, Exchange, Security for Windows Server 2012 R2 and Windows Server 2012 R2 designs, migrations and implementations. His efforts have earned him recognition as a Microsoft MVP for ISA Server since 2004 until 2014. Starting in 2014 he has been awarded as an MVP for Hyper-V.

Latest Contributions

Featured Links