Win2k3 domain rename

[daveshel]

I have a Windows Server 2003 Active Directory domain in need of renaming. Several years ago, when I first heard this was possible, it seemed to come with a caveat: 'You can do it, but don't.' Now that I'm revisiting the idea, I've been reading M$ documentation and looking at others' experiences, and it doesn't seem so bad.

So I'm looking for folks who have actually been through this - what were your experiences, good or bad?

It's a single domain with no Exchange servers, but with a lot of homespun applications, most of which pull data from a number of SQL servers. No structural changes will be made - we just need to change the DNS name and NetBIOS name.

Thanks...

 

[Smilin]

Originally posted by: daveshel
I have a Windows Server 2003 Active Directory domain in need of renaming. Several years ago, when I first heard this was possible, it seemed to come with a caveat: 'You can do it, but don't.' Now that I'm revisiting the idea, I've been reading M$ documentation and looking at others' experiences, and it doesn't seem so bad.

So I'm looking for folks who have actually been through this - what were your experiences, good or bad?

It's a single domain with no Exchange servers, but with a lot of homespun applications, most of which pull data from a number of SQL servers. No structural changes will be made - we just need to change the DNS name and NetBIOS name.

Thanks...

Doing things like this will cause you so many problems that you'll curse MS and start calling them M$ as if you were 12y/o L337 h4x0r.

Seriously though: bad idea. Probably the worst thing that could happen is that it "appears" to work and you go about your business not knowing what time bombs you've started ticking.

This is the sort of thing you might try in your own VM environment but if you're a decent admin you should never consider this in your company's production environment.

 

[daveshel]

Originally posted by: Smilin
Doing things like this will cause you so many problems that you'll curse MS and start calling them M$ as if you were 12y/o L337 h4x0r.

Seriously though: bad idea. Probably the worst thing that could happen is that it "appears" to work and you go about your business not knowing what time bombs you've started ticking.

This is the sort of thing you might try in your own VM environment but if you're a decent admin you should never consider this in your company's production environment.

Well, thanks for the derision, but I don't see the part about your experience with a domain rename.

Sometimes admins have to do things that we should never consider. In my last position, we had to do a series of domain migrations, mostly for political reasons. The more reasons I came up with why we shouldn't, the more the bosses insisted. My team did it with a gun to our heads, and they're still dealing with the fallout. I left that job.

I have saner bosses now, and we're examining the feasibility of a domain rename. As part of my research, I'm looking for comments from people who have actually been through it, so I can assess real risks and not have to apply sweeping generalizations.

 

[stash]

I haven't done any domain renames myself, but during my time with Microsoft, I heard many stories from people who did. The answer to your question is that experiences vary from one extreme to the other. It is all dependent on what services you already have in the environment.

 

[Smilin]

Originally posted by: daveshel

Originally posted by: Smilin
Doing things like this will cause you so many problems that you'll curse MS and start calling them M$ as if you were 12y/o L337 h4x0r.

Seriously though: bad idea. Probably the worst thing that could happen is that it "appears" to work and you go about your business not knowing what time bombs you've started ticking.

This is the sort of thing you might try in your own VM environment but if you're a decent admin you should never consider this in your company's production environment.

Well, thanks for the derision, but I don't see the part about your experience with a domain rename.

Sometimes admins have to do things that we should never consider. In my last position, we had to do a series of domain migrations, mostly for political reasons. The more reasons I came up with why we shouldn't, the more the bosses insisted. My team did it with a gun to our heads, and they're still dealing with the fallout. I left that job.

I have saner bosses now, and we're examining the feasibility of a domain rename. As part of my research, I'm looking for comments from people who have actually been through it, so I can assess real risks and not have to apply sweeping generalizations.

I'll admit I've not done it myself either. I'm on the same floor as the Enterprise Platforms Directory Services team. I pinged some buddies before I answered. For the price of an enterprise support contract you can ask em too 🙂

What might be a better approach with the bosses is to put together the feasability of alternate options. A parallel domain with the desired name along with server and user migration. Something of that nature. Don't let a non-technical boss push you into something you know better than to do. "I told you so" doesn't typically save your job.

Just curious: are you running Mixed mode or some form of (2000,2003) Native mode? If Native mode you're pretty much done I think.

If mixed mode you can go search on rendom and you should come across an article on renaming a 2000 domain. Basically you stick a NT 4.0 BDC in the domain then DCPromo all the 2000/2003 DCs down. You'll then upgrade the NT 4 box to 2000/2003 and during dcpromo specify the new name. Note there are any problems your whole AD is pretty much done so you better have backups...and I don't believe MS Support will help you (other than for the authoritative restore).

 

[seepy83]

daveshel,

Just out of curiousity...why are you planning on a rename? Off of the top of my head, I can't think of any reason I would ever want to do this...unless I inherited a network that was foolishly given a .com or .org or some other extension other than .local. And if I was renaming it for that reason, I think I would be very concerned with what other mistakes were made along the way and I'd probably be looking at a migration to a new domain instead of just a rename.

 

[daveshel]

This is a small local government department domain - only 2 domain controllers, 20+ member servers, 160 users. It was upgraded from an NT4 domain. The current domain functionality level is Windows Server 2003. The DNS name is a clunky old legacy SMTP domain name that an earlier admin used probably because he didn't know better. The NetBIOS name doesn't match. Neither name conforms to the standards of local government agencies. The network was built by a seat-of-the-pants guy who learned it as he went along, and later taken over by people who know what they're doing. The issue that raised the possibility of a rename is our inability to complete a SCE installation after repeated attempts with all the patches, including the one for disjointed namespace. But in the larger picture we're thinking we should do it sooner rather than later, as we hope to add an Exchange server at some point.

 

[Genx87]

Honestly, build a parallel domain, setup a trust, and migrate the users and servers piecemeal. I have tried renaming a domain a few years ago in a lab. It is a nightmare and even following the doucmentation it never worked.

/shrug

 

[RebateMonger]

I've had clients with single-label domain names and with mis-spelled domain names. It's unfortunate that folks with no experience create Domains, and naming and licensing are the first two decisions they have to make.

That mispelled domain was named after the business owner, a doctor. It must have driven her crazy that her Domain name was mis-spelled. Or maybe she didn't even know. I wasn't about to tell her, 'cuz I didn't want to rename her domain. If I ever made a naming mistake like that, I would have rebuilt the Domain for free. By the time I encountered that network, there were five servers and a couple of business-critical applications.