How to Rename an Active Directory Domain
In this guide, I will show you how I changed my Active Directory domain name from hwtech.com to hwtechnet.com. Renaming an Active Directory domain is not always the best idea, especially in large and complex AD infrastructures. It is usually better to migrate users, computers, and servers to a new domain. However, for simple and small AD environments (test, pre-prod, or DMZ), you can easily rename your AD domain according to this guide.
Prerequisites
Before you start, ensure that:
- You have an up-to-date backup of your domain controllers.
- Replication works correctly in your domain, and there are no critical errors of domain controllers or DNS (How to check Active Directory health).
- There is no Exchange in your domain. You cannot rename an AD domain if Exchange is deployed in it (except for Exchange Server 2003).
- To rename a domain, you need Windows Server 2003 or newer (in this example, the functional level of the AD domain and forest is Windows Server 2016).
Steps to Rename the Domain
1. Create a DNS Zone for the New Domain
First, create a DNS zone for your new domain on your current domain controllers. To do this, open the dnsmgmt.msc snap-in, create a new primary Forward Lookup Zone with the name hwtechnet.com, and replicate it on all DNS servers in your old hwtech.com domain.
You can create a new DNS zone using PowerShell:
Add-DnsServerPrimaryZone -Name hwtechnet.com -ReplicationScope "Domain" –PassThruWait until the new DNS zone is replicated on all DCs.
2. Generate Domainlist.xml
Run the rendom /list command to generate a Domainlist.xml file with the current AD forest configuration.
rendom /listCheck the contents of the Domainlist.xml file:
Get-Content .\Domainlist.xml3. Modify Domainlist.xml
Open the Domainlist.xml and replace all old domain names (hwtech.com) with the new ones (hwtechnet.com):
notepad .\Domainlist.xmlSave the file.
4. Show Forest Changes
Run the following command to show the changes to be made in the configuration:
rendom /showforest5. Upload New Configuration
Upload the Domainlist.xml with the new configuration of AD partitions to the domain controller with the Domain Naming Master FSMO role:
rendom /uploadThe FSMO role owners can be displayed as follows:
netdom query fsmo6. Prepare for Renaming
The rendom /prepare command will check the availability of all DCs in the forest and if they are ready to be renamed. Ensure that the command does not return any errors:
rendom /prepare7. Execute Domain Renaming
The command below will rename the domain. Note that domain controllers will be unavailable for some time and restarted automatically to apply new settings:
rendom /execute8. Verify New Domain Name
Ensure that the new domain name is displayed in the domain properties. Note that the full computer name did not change. You must provide an account name in the format newdomain\username to log in to the DC.
9. Update GPO Bindings
Run the following command to update GPO bindings:
gpfixup /olddns:hwtech.com /newdns:hwtechnet.comUpdate the NetBIOS domain name:
gpfixup /oldnb:HWTECH /newnb:HWTECHNET10. Rename Domain Controllers
Add new names on each domain controller manually and make them primary ones:
netdom computername %COMPUTERNAME%.hwtech.com /add:%COMPUTERNAME%.hwtechnet.com
netdom computername %COMPUTERNAME%.hwtech.com /makeprimary:%COMPUTERNAME%.hwtechnet.comRestart the DCs:
Shutdown –f –r –t 0Only domain controllers need to be manually renamed. The rest of the computers and servers can be rebooted twice, and they will automatically switch to the new domain. This must be done after /execute and BEFORE executing the rendom /clean command.
11. Clean Up
Remove links to your old domain from AD:
rendom /cleanUnlock the domain configuration:
rendom /end12. Verify Configuration
Open the ADUC (dsa.msc) console and make sure that it has connected to the new domain name and all OU structure, users, and computers remain in place.
Additional Steps
Note that you will have to do some extra steps to reconfigure some services (e.g., CA, Failover Clusters) to the new domain.
Credit: https://woshub.com/rename-active-directory-domain/ (opens in a new tab)