Home > Infrastructure > Domain-Rename-Procedures


This post describes the procedures and steps in the process of domain renaming from (Domain1.com) to (Domain2.com).

This domain contains main office’s DC and sites’ DCs.

The main site contains clustered Exchange 2003 server and front-end exchange server and there is exchange server in the site.

Domain1 Exchange server supports five different companies with different recipient policies.

Domain Rename Requirements

The following conditions are required to be in effect before you can begin a domain rename procedure:

· Exchange 2003 SP1

· Forest functionality: Windows® .Server 2003

· Administrative privileges: The domain rename procedure requires Enterprise Admins privileges

· Control station: The computer to be used as the control station for the domain rename operation must be a member computer (not a domain controller) running Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, or Windows Server 2003 Datacenter Edition.

Preliminary Steps to Prepare for Domain Rename

The goal of the preparation phase for the domain rename process is to ensure that the prerequisites for the domain rename operation are in place.

01. Raise domain functional level to Windows Server 2003

02. Raise forest functional level to Windows Server 2003

03. Make sure all Exchange servers are SP1 or higher

04. Backup all domin controllers

05. In the DNS Server create _msdcs.domain2.com and domain2.com zones, do not store them on Active Directory for now and configure the zones to allow secure updates (you may choice secure and non-secure updates).

06. Create a folder in the control station (c:\rendom)

07. Download the “Domain Rename Tools” and the “Exchange Domain Rename Fixup Tools” from Microsoft Website, and extract them to the control station….make sure that you have rendom.exe and gpfixup.exe…put them in rendom folder

08. Install the Windows Support Tools on the control station….check repadmin.exe and dfsutil.exe

09. In Case of large infrastructure, plan a multistage DNS suffix change. It changes by default automatic but to avoid overloaded traffic you can configure GPO to do that.

Computer ConfigurationàAdministrative templateàNetworksàDNS Clientà primary DNS suffix.

Configure the domain to apply primary DNS suffix that does not match domain name by creating DNS suffix list

Use ADSIEdit.mscàexpand domain1.com domainàright click domain container objectàpropertiesàon attribute editor find msDS-AllowedDNSSuffixàclick addà type domain2.com

Hint: If the infrastructure is not large… escape the above step

10. Prepare CA if exist

11. On the control station open the command window Cmd

12. Point to the rendom.exe place cd c:\rendom

13. Generate the current forest description rendom /list

It will create XML file includes the current domain description

<?xml version =”1.0″?>



<!– PartitionType:Application –>







<!– PartitionType:Application –>







<!– ForestRoot –>








14. Create another copy of the domain list copy domainlist.xml domainlistsave.xml you will need this copy in exchange configuration and in case you want to restore your sysem.

15. Specify the new forest description (open domainlist.xml in text editor and replace current DNS name ( <DNS Name></DNS Name> ) and/or NetBios name ( <NetBiosName> </NetBios Name> ). In case of active directory integrated DNS zones you have to edit DomainDNSzones.


<?xml version =”1.0″?>



<!– PartitionType:Application –>







<!– PartitionType:Application –>







<!– ForestRoot –>







You may need to specify the source domain controller <DcName>dc1.domain1.com</DcName> to avoid connection errors when rendom tool generate RPC to naming mater and to pull specific domain information

16. Review the new forest description for verification rendom /showforest

17. Generate domain rename instruction; you will use Rendom to generate the domain rename instructions required to make your new target forest structure effective.

Rendom /upload. Verify that DcList.xml is created and that the state file contains an entry for every domain controller in your forest. The rendom /upload command generates the domain rename instructions and uploads them to Active Directory. It also generates a state file called dclist.xml (the default name) and writes it to the current directory X:\DomainRename. Rendom uses the state file to track the progress and state of each domain controller in the forest through the remaining steps of the domain renames procedure.

<?xml version =”1.0″?>















<State> Initial</State>








18. Push domain rename instructions to all DCs. First get the DNS host name of the domain naming master Dsquery server – hasfsmo name then force synchronization of changes made to naming master repadmin /syncall /d /e /P /q DC1 -Case sensitive-

19. Verify the readiness of domain controllers ( rendom /prepare ) forest to verify that the directory database at each DC in the forest is in good state and ready to perform the directory modifications dictated by the domain rename instructions. You perform the verification by using the Rendom tool to issue a Remote Procedure Call (RPC) individually to each DC in the forest. . For each DC that is successfully verified for readiness, Rendom updates the state field in the corresponding domain controller entry in the state file dclist.xml to Prepared (<State>Prepared</State>).

20. Execute the domain rename instructions rendom /execute

21. Start Exchange Phase by using the XDR-Fixup tool Run the XDR-Fixup.exe /s:domainlist-save.xml /e:domainlist.xml /changes:changescript.ldCHANGESCRIPT.LDF /restore:RESTORESCRIPT.LDF

22. Restart the control station twice

23. From the Control Station run ldifde -i -f changescript.ldf

24. On every exchange clster node run cluster /priv MSExchange_Domain= domain2.com in case of error go and reset the cluster service log on account.

25. Restart Exchange Servers twice

26. On the Control Station run rendom.exe /end

27. Run gpfix /olddns:domain1.com /newdns:domain2.com /oldnb:DOMAIN1 /newnb:O-TELECOM /dc:dc1.domain1.com

28. Make sure all computers in the domain are restarted twice

29. Run Rendom /clean

30. Install the Support Tools on the domain controllers

31. Run netdom computername dc1.domain1.com /add:dc1.domain2.com

32. Run netdom computername dc1.domain1.com /makeprimary:dc1.domain2.com

33. Repeat that on DC2

34. Restart the domain controllers

35. Run netdom computername dc1.domain2.com /remove: dc1.orasivest.com

36. From the Control Station run XDR-Fixup /verify:RESTORESCRIPT.LDF /changes:verifycorrections.ldf, If there were errors or warnings, then run ldifde -i -f verifycorrections.ldf

37. Open Exchange System Manager

38. Open the default recipient policy and change the default SMTP address from @domain1.com to @domain2.com

39. In the Recipient Update Service, change the Windows Domain Controller to the new name of the domain controller


Categories: Infrastructure Tags:
  1. July 22, 2008 at 8:45 am

    Hi there,

    I have been working on a project where i have to rename the domain name of the forest that has a single root domain and has two child domains.

    I came across to your post while goggling for domain renaming procedure, I found your post very useful and have followed the same on my test bed. The domain renaming procedure was completed successfully.

    Just out of curiosity, I have planned to restore the domain controllers of the domain to their previous state (state where the domain rename instruction were not applied). I have been doing this one obvious reason I wanted to see how I can restore the domain controller/s to original state if something went wrong during the domain rename process in production environment.

    certainly then I would need a tested + documented AD restoration procedure that would save my skin when something went horribly wrong in production environment.

    for instance..

    The domain before it was renamed


    The domain after it was renamed


    now my question is what happen when I restore the backup on DC of the domain that was renamed? would clients machine be able to find the before.org? or would they be looking for after.org?

    In my case, after successful restoration, my clients machines were unable to identify the before.org. I have rebooted the client machine thrice just to see if the old domain name get listed. but have got no success.

    Any advise or help will be greatly appreciated.


  2. Mohamed Fawzi
    July 22, 2008 at 1:25 pm

    I do not think So… Actually domain renaming used to change logical structure for the whole domain. If you restore the old Active directory database you may be able to log on to DC with before.org structure but clients still have the after.org logical structure and they will keep searching for.

    when you are renaming the domain before.org Create another copy of the domain list copy domainlist.xml domainlistsave.xml you will need this copy in exchange configuration and in case you want to restore your sysem.

    if you want to go back to before.org use that copy of domain list.

  3. July 22, 2008 at 2:37 pm

    Thanks for the reply.

    So if I understand it correctly it is not possible to recover the forest to its previous and functional state in case something went wrong during domain rename process.

    let suppose if the DCs of the root domain are renamed successfully but due to any reason the renaming of sub domains got failed.

    certainly that would result a longer downtime, worst complete forest recovery would be eminent, because root domain would not be able to recognize the sub domains whereas sub domains would be looking for the parent domain with its older name.

    Any idea what could be done in that scenario? and is it possible that the logical structure of both (before.org / after.org) pushed to clients machines manually for limited period of time while the domain is being renamed?

    What would be the use of the domainlist.xml when clients were only able to identify the new logical structure (after.org)?

  4. July 23, 2008 at 9:40 am

    well lately I had a discussion with my senior on this topic, and he gave me a superb idea (non technical one but effective).

    The solution is to shut-off all client machines (member servers too!) before the renaming procedure begins and let them off during the whole renaming process.

    When the renaming process is completed successfully, then start few client / member server machines (but not all!) and let them adjust with the new logical structure of the domain.

    Verify clients / applications / member servers if they are adopting well with the changes. Should there be any problem restore the domain controller/s back to its previous state, and rejoins the machines that have the new logical structure of the domain (i.e. after.org).

    Certainly this (additional but precautionary step) gives one more time to troubleshoot and see what went wrong in domain rename operation.

    personally, I found it safe and recommends other to follow the same in production environment.


  5. Mohamed Fawzi
    July 23, 2008 at 12:47 pm

    thanks for that important info

  6. Suriya
    August 21, 2008 at 6:53 am


    your instruction is perfect. i have few problem. After successfully rename domain from contoso.com to fabrikam.com, in DNS server, there are no records below for fabrikam domain

    – _msdcs, _sites, _tcp, _udp, DomianDNSzone,ForestDNSzone

    Question: it is means that the domain rename is 100% success?

  7. Mohamed Fawzi
    August 21, 2008 at 10:02 am

    I am not sure ..maybe it needs time to update all _msdcs records

  8. Daniel
    October 31, 2008 at 7:55 pm

    We have 14 sites that all have 1 server that host Exchange 2003 SP2 and DC, as well as file and print services. My question is do we need to exmerge the mailboxes to another exchange server, then uninstall exchange 2003 SP2 to complete the domain rename? Thanks.

  9. Mohamed Fawzi
    October 31, 2008 at 10:49 pm

    You can proceed with Ex SP2

  1. May 5, 2010 at 4:19 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: