AD Domain Rename

[Jamsan]

I'm trying to understand what the best way to perform an AD rename is. I don't think I actually want to rename the domain itself, but either create a new domain/forest or likewise.

Little background - our company and another merged - they don't really use AD (they have it setup, but none of the PCs are joined to the domain, no GPOs, etc.). We use it in depth (DHCP, integrated DNS, GPOs, etc.). The new joint company name has changed from what ours is today, so before anyone states it, we want to remove the appearance of the old name from everything (stepped approach if necessary).

What is the best way to approach this? I was thinking of creating a new domain in the forest, but that will still ultimately take the top level forest name, which is the old company name. I was thinking of creating a new forest and domain entirely with the new co name, creating a cross forest trust so each domain can access both sides resources, and then slowly migrate people off the old to the new, and retire the old domain once complete.

Any input on this is appreciated.

 

[theevilsharpie]

If you just need to change the name to reflect the company's new identity, you can simply rename the domain.

 

[Genx87]

That is how I would do it. Create new forest, create trust, move people over time to new forest. I believe there is a way to rename the domain. But it is very tedious and can have awful side effects. Not worth the effort.

 

[seepy83]

OP - I would read Microsoft's documentation to see if a Rename makes sense to you.
What is Domain Rename?
How Domain Rename Works

That being said, I would probably go the same route that Genx87 said - New Forest, Create trust, Migrate users and computers. Unless you have a virtualized environment or spare servers lying around, you'll need to purchase some hardware to do this (at least 1 server to be the root DC in the new domain). Edited in: Actually...scratch that about a virtualized environemnt...I would recommend that your root DC in the new domain is a physical box.

 

[Jamsan]

Ya, I've read up on domain renames and they seem messy at best, with the smallest of issues causing massive nightmares. I'm thinking the new forest/domain route, migrate things slowly over, and decommision in the long run.

Anything special I need to know about cross-forest trusts or are they as straightforward as they seem? Do domain admins on both sides automatically become domain admins of the other forest? Thanks.

 

[GeekDrew]

Anything special I need to know about cross-forest trusts or are they as straightforward as they seem? Do domain admins on both sides automatically become domain admins of the other forest? Thanks.

Domain trusts / forest trusts are fairly basic... I can't think of anything noteworthy off of the top of my head that you'd need to keep in mind, from a technical perspective.

No, domain admins in one domain do not become domain admins in trusted domains.

 

[IndyColtsFan]

Anything special I need to know about cross-forest trusts or are they as straightforward as they seem? Do domain admins on both sides automatically become domain admins of the other forest? Thanks.

They're pretty straightforward, but make sure each domain has DNS visibility to one another. That's key.