Thursday, February 9, 2017

[AD] Renaming AD domain


IMPORTANT: take enough time, or repadmin /SyncAll /AdeP, for replications to avoid from any possible errors


Pre-req


  1. Every DC in the forest MUST be contacted and updated
    1. In case one of the DCs were down or not automatically rebooted during steps below, the DC MUST be removed
  2. Identify a number of computer objects
    1. After the renaming work is completed, replication would cause excessive traffic in your network
  3. Check if computer objects' primary DNS suffix settings
    1. It might have been managed by GPO or individually.
  4. Check if CAs are running on DCs
  5. Functional level must be higher than Windows Server 2003
  6. See if your environment is free from Exchange, SCCM, or other applications. Certain versions are not supported.
  7. Please do read "How Domain Rename Works" - link below.

Things to know

Cited from https://technet.microsoft.com/pt-br/library/cc738208(v=ws.10).aspx

Domain Controller States

Rendom records four states of completion for each domain controller in the state file:
  • Initial: Each domain controller that is reachable during the domain rename procedure starts out from the Initial state.
  • Prepared: When the domain rename instructions that are written by Rendom have been verified by a domain controller independently, it advances to the Prepared state.
  • Final: From the Prepared state, a domain controller advances to one of two Final states. The domain rename process stops when every domain controller in the forest has reached either of the following states:
    • Done: This state signifies that the domain rename is complete at that domain controller.
    • Error: This state implies that some irrecoverable error has occurred, and further progress on the domain rename is deemed to be impossible at that domain controller.

DC01


  1. Create a new DNS zone
    2. Wait for/force the replication and check its completion

Control


  1. Install Remote Server Admin Tools
  2. Run random /list
    1. Generates a state file which contains a list of all the DCs in the forest
  3. Open Domainlist.xml file and change the DNSname and NetBiosName.
  4. Run rendom /upload
  5. Run rendom /prepare
  6. Run rendom /execute
  7. Automatic reboot on DCs

DC01


  1. Check the domain name changed
  2. DC renaming


DC02


  1. DC renaming

DC1 and DC2


  1. Reboot

DC1 or DC2


  1. GPMC fix

DC1, DC2, Control, all other DC-joined computers


  1. Reboot DC1 and DC2 twice
    1. Wait for replications
    2. Keep these DCs turned on and proceed to below
  2. Reboot more than twice

Control


  1. Unfreeze DC activities
    2. If any errors, make sure the replication is completed

DC1 and DC2


  1. Force replication

All other servers/computers


  1. Login test

DC

1. Once you are confident that the renaming work is all done with no errors, do "rendom /clean" to remove the old domain names.


Posted by at No comments:
Subscribe to: Comments (Atom)