Announcement

Collapse
No announcement yet.

domain Rename

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • domain Rename

    Hi all
    We are going to implement domain renaming, our environment contain more that 8 DC all are GC, exchange 2003 cluster, SQL Servers, Portal, Oracle Servers, SMS, Internal CA and ISA Server NLB.
    DNS are integrated AD Zones, no child Domains, so we will rename the root domain.
    Until now I have some Q,
    1- About DNS Zones:
    As I read it must create new zone for new domain before begin rename procedure, and another zone called _msdcs.newdoamin.
    For client to take effect it needs to restart twice, and we can decrease replication of computer object attribute changes by Appling GPO for the new DNS suffix and link it to OUs in stages.
    My Q came here, to apply GPO what exactly should I configure
    I did GPO and with computer config->admin templates -> DNS clients ->
    Primary DNS suffix and type newdomain suffix,
    DNS suffix search list and type newdomin suffix and olddomain suffix in that order.
    Please comment,

    2- CA
    Our CA located at DC, which must be remove to member server.
    MY Q is: if I backup CA Database and Registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CertSvc, uninstall CA from DC and install it to another Member server by importing the CA database While Member server with have different computer name than DC and Our CA has certificates for member computers and users configure via auto enrollment certificate at GPO, active sync publish certificate.
    Does Ca will function correctly or what, please comment

    3- Fail Back
    How can I fail back, backup all DCs or shall I promote DC as a back up and shutdown it, in this case I should remove it from current infra by ntdsutil at time of renaming. if a disaster happen I will power it on and seize all roles.
    But I canít guarantee that clients still see the old domain , so client may point to new one.


    Thanks a lot and waiting your recommendation.




    Last edited by abdalla; 24th August 2009, 23:52.

  • #2
    Re: domain Rename

    My recommendation would be to carefully consider the possible consequences of this going wrong. What would the downtime be? Can your company deal with that?

    Why do you want to rename the domain? Presumably following a company rename or merge?
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: domain Rename

      any comment about CA

      Comment


      • #4
        Re: domain Rename

        First Google result for "windows server move CA" is a KB hit titled "How to move a certification authority to another server" - that might be a good place to start?

        The new server must have the same computer name as the old server
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: domain Rename

          I wouldnt like to comment on Domain Rename option for you as you have lot of things, SQL, Exhange, CA, ISA and cant figure out the issues each of these services would have.

          If you had only AD in question, renaming isnt a big deal and there are downloadable domain renaming scripts / executables from microsoft for it.

          For Fail Safe have a Windows System state backup and promote a new DC in your domain, disconnect it after ensuring it has replicated well after a few days and then do a metadata cleanup for the new DC which you disconnected and proceed with the domain rename.

          You may even reproduce your whole domain environment including SQL, CA, etc.. in a virtual / test environment and then try the domain rename process to learn it in an efficient way. Remember to consider every service in your domain while you think of renaming your domain.

          Why do you want to rename your domain? Do you have a Single label domain name?
          AD Admin

          Comment

          Working...
          X