You can use the domain rename process to change the names of your domains, and you can also use it to change the structure of the domain trees in your forest. This process involves updating the Domain Name System (DNS) and trust infrastructures as well as Group Policy and service principal names (SPNs).
The ability to rename domains provides you with the flexibility to make important name changes and forest structural changes as the needs of your organization change. Using domain rename, you cannot only change the name of a domain, but you can change the structure of the domain hierarchy and change the parent of a domain or move a domain residing in one domain tree to another domain tree. The domain rename process can accommodate scenarios involving acquisitions, mergers, or name changes in your organization, but it is not designed to accommodate forest mergers or the movement of domains between forests.
Note:
Domain rename is intended to be a supported method for renaming domains when domain renames are necessary; it is not intended to make domain rename a routine operation.The domain rename process is complex, and it requires a great deal of care in planning and execution. In addition, the time that is required for a complete domain rename operation is directly proportional to the size of an Active Directory forest in terms of its number of domains, domain controllers, and member computers. Therefore, although domain rename is possible, it should not be undertaken lightly.The domain rename operation is not supported in Microsoft Exchange Server 2007 or Exchange Server 2010. DNS domain rename is supported in Exchange Server 2003. However, renaming of the NetBIOS domain name is not supported in any version of Exchange Server. Other non-Microsoft applications might also not support domain rename.
For this time easy Guide, I will show you all how to rename domain name in Windows Server 2016, the process is straightforward. but as usual. backup any necessary information and Server before you proceed & I always advice, please do this exercises in LAB Environment (Hyper-V). Don’t simply take any risk by doing this is production environment unless you have to. 😦
The existing domain is Windows.ae and I will rename it to Sifad.local
So, let get started.
1 – Open your System Properties and check your existing domain name, if you see from my Windows Server 2016 system properties, my existing domain name is Windows.ae. This will be change to Sifad.local in the short while.
2 – Next, open your Server Dashboard, go to Tools & click DNS to open DNS Manager.
3 – on the DNS Manager, you must create the New DNS Zone (Sifad.local), this is to make -sure that after whole process successfully, your member server and Windows clients can join to new Domain name.
“to create new DNS Zone, Right Click Forward Lookup Zone, and click New Zone”
4 – On the Welcome to the New Zone Wizard, just click Next button.
5 – On the Zone Type, Click Primary Zone and click Next.
6 – On the Active Directory Zone Replication Scope, click button To all DNS servers running on domain controllers in this domain: Windows.ae and click Next.
7 – In the Zone Name, key in your New Domain Name, my new Domain Name is Sifad.local.
8 – On the Dynamic Update, Click Allow only secure dynamic updates (recommended for Active Directory), and click Next.
9 – On the completing the New Zone Wizard, click Finish to complete the process.
10 – On DNS Manager, you can see my new Domain Name is listed (sifad.local).
11 – Next, open Command Prompt, run as administrator.
12 – In CMD, type rendom /list and press enter – this command use to generate a state file named Domainlist.xml. This file contains the current forest configuration.
13 – Next, open computer and browse to C:\Users\Administrator folder to get your Domainlist.xml.
14 – Once you see the Domainlist.xml, right click the file name & choose Edit. I going to change the DNSname and NetBiosName in this Domainlist.xml file.
15 – Once the Domainlist.xml open, you can see there are few existing Domain name, change this existing domain name to new domain name. (Refer to picture)
16 – once you change to new Domain name, make sure you save the Domainlist.xml file.
17 – After you save the Domainlist.xml file, On the CMD, type rendom /showforest. This is to show the potential changes; this step does not make any changes.
18 – Next, type rendom /upload. This is to upload the rename instructions (Domainlist.xml) to the configuration directory partition on the domain controller holding the domain naming operations master role.
19 – Next, type rendom /prepare. This use to verify the readiness of each DC in the forest to carry out the rename instructions. This should contact all DC’s successfully and return no errors before proceed to next process.
20 – Next, type rendom /execute. This is to verifies readiness of all DC’s and then preforms the rename action on each one.
“Remember also there will be a service interruption during this process. Once the process successful, your DC Server will be restarted.”
21 – Once your DC Server restarted, log in using the new Domain name as Administrator.
22 – Next, after you successfully log in, open System Properties and check your old Domain Name is now gone. replace by new Domain name.
23 – Next, open CMD again, and type gpfixup /olddns:windows.ae /newdns:sifad.local This is to refresh all intra Domain references and links to group policy objects.
24 – Next, type gpfixup /oldnb:DC-CLOUD /newnb:sifad.
25 – Next, type rendom /clean. This is to remove references of the old domain name from AD.
26 – Next, type rendom /end. This is to unfreeze the forest configuration and allow further changes. This was frozen during the rendom /upload step.
27 – Next, Open DNS Manager, click your new created domain (Sifad.local), here you can see your own IP listed but we still have long way to go to make sure this DNS Zone is working.
28 – Next, turn on your client PC, for this exercise I’m using Windows 10 as a client. Open System Properties and join to new Domain (sifad.local). Windows Security box will show up and now key in administrator and domain password and click OK (Welcome to the sifad.local domain). (Refer pictures)
29 – After your Windows 10 restart, log in as a domain administrator.
30 – Once you log in, double check Windows 10 System Properties. Now your Windows 10 successfully join in to new Domain (Sifad.local).
31 – Now, go to the Server 2016 and open DNS Manager, you can see now your Windows 10 Client is listed in DNS.
32 – You can also check in Active Directory Users & Computers that your Windows 10 Client now also listed.
This ends the rename process and we have a dc now with a new domain name.
that’s all for now.., any Doubts type a commend.. 🙂
Just a Random Microsoft Azure and Computing Tech info 
thnx
LikeLiked by 1 person
Do all the clients need to manually join the new domain as you show in adding the WIn 10 client pc?
LikeLiked by 3 people
If they were part of the original domain, no you do not need to manually join them. You just need to restart them twice and that should reset the DNS suffix on the client computers
LikeLike
That’s correct! Restarting the client computers twice after renaming the domain should update the DNS suffix automatically, ensuring they remain joined to the domain without the need for manual intervention.
LikeLike
Same Question
LikeLike
No, not necessarily. If you’re renaming the domain in Windows Server 2016, typically, existing client computers will automatically update their domain memberships after the domain rename operation is completed. However, it’s essential to ensure that your client computers are configured to obtain network settings, including DNS information, automatically. This ensures they can find and join the renamed domain without manual intervention on each client machine.
LikeLike
Thanks for this nice guide,
In step 24 instead of “gpfixup /oldnb:DC-CLOUD /newnb:sifad” it should be “gpfixup /oldnb:Windows /newnb:sifad” (NetBiosName shown in step 15)
at step 11 you need to manually define A records for your DCs, then run ipconfig /flushdns
Ping your dcs with the new domain name , as in this guide : ping dc-cloud.sifad.local to see name resolution is working ok.
then right click->properties on the newly created Zone, go to Name Servers and add your DCs with the new FQDN as in this guide : dc-cloud.sifad.local.
Then continue from step 23.
Failing to do the above preparations will get you error: “Windows cannot delete object LDAP://….” in step 25.
After step 24 and before 25 you need to rename your DCs :
netdom computername dc-cloud.Windows.ae /add:dc-cloud.sifad.local
netdom computername dc-cloud.Windows.ae /makeprimary:dc-cloud.sifad.local
Restart your DCs , then continue to step 25.
Remember there are some roles that need extra consideration when renaming your domain like exchange , CAS ,
Hyper-v Clusters, etc.
Tested on Server 2016.
LikeLiked by 2 people
That good question… what about other DC’s in the domain? whey will change their name automatically or should i do another action?
LikeLike
Other Domain Controllers (DCs) in the domain should automatically update their names after the domain rename process is completed. However, it’s essential to ensure that:
1. Replication between DCs is functioning correctly.
2. DNS records are updated to reflect the new domain name.
3. No errors are reported in the event logs related to replication or domain rename.
If any issues arise, you may need to manually trigger replication or troubleshoot DNS configuration to ensure all DCs are properly updated with the new domain name.
LikeLike
A note needs to be added regarding updating the Full Computer Name of the primary DC itself. It can’t just leave, unlike clients. You will need to pop into Group Policy and edit your new domain’s Default Domain Policy. Under Computer Configuration>Policies>Administrative Templates>Network>DNS Client> and edit the “Primary DNS suffx” setting. Ours was disabled. We enabled it and entered our “newdomain.com”, then from an administrative command prompt run “gpupdate /force” and “gpupdate /flushdns”, then reboot.
LikeLike
After renaming the domain in Windows Server 2016:
1. Restart the Domain Controller.
2. Check System Properties for the new FQDN.
3. Update DNS records.
4. Flush DNS cache with “ipconfig /flushdns”.
5. Verify replication across Domain Controllers.
6. Update the Full Computer Name of the primary DC in Group Policy.
7. Run “gpupdate /force” and “ipconfig /flushdns”.
8. Reboot the server.
LikeLike
Also on Step 24, it would be helpful to clarify that in your example, the oldnb “CLOUD-DC” is the name of your machine, and the newnb is just the new domain, without .local or .com. Other than that great guide!
LikeLiked by 1 person
A typo I made up there, the second command is “ipconfig /flushdns”, not gpupdate /flushdns.
LikeLike
Understood! Here’s the corrected version:
After renaming the domain in Windows Server 2016:
1. Restart the Domain Controller.
2. Check System Properties for the new FQDN.
3. Update DNS records.
4. Flush DNS cache with “ipconfig /flushdns”.
5. Verify replication across Domain Controllers.
LikeLike
How do you get the DC to show the new FQDN in system? Mine is still showing the old FQDN
LikeLike
To ensure that your Domain Controller (DC) reflects the new Fully Qualified Domain Name (FQDN) after renaming the domain in Windows Server 2016, you need to follow these steps:
1. Restart the Domain Controller.
2. Check System Properties for the new FQDN.
3. Update DNS records.
4. Flush DNS cache.
5. Verify replication across Domain Controllers.
LikeLike
These small things help a user, thanks for sharing this…
LikeLiked by 1 person
thanks 🙂
LikeLike
you’re most welcome 🙂
LikeLike
Many thanks 🙂
LikeLike
you’re most welcome 🙂
LikeLike
you are awesome, many thanks
LikeLike
Great tutorial, thank you!
LikeLike
Dear Sifad, good afternoon
We followed your instructions and it works very good.
Could you also inform what should we do to remove the old forward lookup zones? Is it just right click and delete or need any other special setup?
Thank you once again.
LikeLike
did it in pack of members of domain contrail…?
LikeLike
Do we need to Re-Join all the Client Computers in the Domain after the Domain Controller name is changed ??
Will the Domain Controller name Change effect the Roaming Profiles ?
LikeLike
Yes
LikeLike
Will the Domain Controller name Change effect the Roaming Profiles ?
if yes , what precautions needs to be taken.
LikeLike
Changing the Domain Controller name may affect roaming profiles. Precautions include backing up profiles, testing changes, updating profile paths, adjusting Group Policies, and monitoring profile migration.
LikeLike
is after your roboot all the computer 2 times in the company after the first reboot of the server you don’t need to change it manually if I remember
LikeLike
After the server reboots, you typically don’t need to manually change anything on individual computers within the company. The domain name change should propagate automatically throughout the network after the server reboots.
LikeLike
i completed all the above steps
I am able to logon to the server with administrator account using the new domain name
however in the dns manager – the forward lookup zone data for the new domain name still refers data with the old domain name.
even when i ping with server name – it replies with old domain name.
LikeLike
Update DNS records, flush DNS cache, check Active Directory configuration, update server settings, review Group Policies, and test connectivity.
LikeLike
I need to change the domain name for my DC1 server without losing the contents. Will this steps are gonna help me?
LikeLike
Yes, the steps outlined for renaming the domain name in Windows Server 2016 should help you change the domain name on your DC1 server without losing any data. However, it’s crucial to follow the instructions carefully and ensure that you have a full backup of your Active Directory database before proceeding. Moreover, be prepared for potential downtime during the domain rename process, and make sure to test the changes thoroughly in a lab environment before applying them in production.
LikeLike
Thanks for this guide. We have Windows Server 2012 R2 and since our company name changed we are planning to change the domain name accordingly.
We are worried about the local profiles of the users (on Client Computers, but domain users): after rejoin the PC to the new domain, is anything lost in the profile?
LikeLike
You’re welcome! When rejoining client computers to the new domain, local profiles for domain users should remain intact. However, it’s a good practice to back up important data just in case. After joining the new domain, users may experience a slight delay as their profiles are reconfigured to match the new domain settings, but their data should remain accessible. If you encounter any issues, you can use the User State Migration Tool (USMT) to transfer user profiles.
LikeLike
Hi Sifad
Thank you for your very informative tutorial. However – I have an issue. I got as far as step 21 and when my server restarted and I tried to logon, I was locked out. I tried logging on as an Other user (using the old domain credentials) and same again – no access. Can you possibly shed some light on this issue as I am anxious to get my server up and running. My server O/S is Server 2016 Essentials.
Many thanks is advance
Dave
(should you require any further info, don’t hesitate to contact me by mail)
LikeLike
Hello Dave,
It seems like you might be encountering authentication issues after renaming the domain in Windows Server 2016 Essentials. Here are some steps you can try to resolve this:
1. Check Domain Controller Status: Ensure that the domain controller is running and accessible.
2. Verify Domain Credentials: Double-check that you’re using the correct domain credentials to log in after the domain rename.
3. Check DNS Settings: Ensure that DNS settings on the server and client machines are correctly configured to point to the new domain name.
4. Restart Server: Try restarting the server and see if you can log in afterward.
5. Check Event Viewer: Review the Event Viewer logs on the server for any error messages or warnings related to authentication or domain services.
6. Revert Changes: If possible, revert the domain rename changes to restore the previous domain configuration and regain access to the server.
By following these steps, you should be able to diagnose and address the issue with logging in after renaming the domain in Windows Server 2016 Essentials.
LikeLike
Hi Sifad Hussain – I am trying to do the domain renaming. I am not able to finalize the domain renaming. When i executed the rendom /clean and rendom /end i got this error message
Failed to delete rename script on the DN: CN=Partitions,CN=Configuration,DC=headdigital
T,DC=com on host pdc01.headdigital.com..
00002077: SvcErr: DSID-030F1146, problem 5003 (WILL_NOT_PERFORM), data 0
: Cannot complete this function. :1003
Please suggest, how to fix this error.
Regards,
Ashok Yadav
LikeLike
if you need, i can give you remote support.
LikeLike
Thanks for the guide, I would like to know if the client when connecting to the renamed domain has its new profile, as if you were logged into a new domain.
LikeLike
Alfonso, I went through this procedure and when I logged into an existing client using the new domain name, it used the same profile. It did not create a new one. Same desktop, etc. One of my clients was even powered off during the process so I had to join it to the new domain – even on that one, same profile when logging in using the new domain name.
LikeLike
Thank you for sharing your experience,. Yes, typically, when clients connect to a renamed domain, they continue to use their existing profiles. The user profiles are not automatically recreated with a new domain name. This means users will retain their desktop settings, files, and other profile-related configurations.
LikeLike
After running “rendom /prepare” I receive “The server is unwilling to process the request. :8245”. What needs to be done to get past this?
LikeLike
Ensure that you’re running the command with administrative privileges and that your domain controllers are properly configured. Moreover, check for any firewall or network issues that might be causing the error.
LikeLike
Hi!
What to do if my old domain and DC name isn’t gone?
I was able to log in to the \Administrator.
LikeLike
If the old domain and DC name are still visible after completing the domain rename process, you should investigate the following:
Ensure DNS records, replication, client DNS settings, DC cleanup, Group Policy, and DNS cache are updated after domain rename.
LikeLike
I’m now not sure the place you are getting your info, but good topic.
I needs to spend a while studying much more or figuring out more.
Thank you for fantastic information I used to be in search of this info for my mission.
LikeLike
Hello!
Thank you for manual, but there are some errors. Before step 25 you should be sure all of your workstations are able to receive information about domain name change. Then you need to reboot them all twice. Not power off and on – reboot with logging in and off. This step will allow you not to rejoin your workstations to domain once again.
LikeLike
Thank you for your feedback and additional clarification. Rebooting the workstations twice after the domain name change to ensure they receive the new domain information is indeed an important step. This helps prevent the need to rejoin the workstations to the domain. I appreciate you highlighting this for other users. If you have any further questions or need assistance, feel free to ask!
LikeLike
Thank you so much for your valuable post. I have a question. I am working on old office with DC 2003 example:somedomain.com. We are planning to move new office and new DC 2019 with new domain name example: appletech.com. But we gonna leave the old DC 2003 in old office, but all the client computers which are joined to 2003 DC, are planning to move to new office and join to new DC 2019 with new domain name. And also we gonna use the same AD in DC 2019 which had been migrated from the DC 2003. In new office, we are planning to just connect the all client computers to new DC 2019 without recreate the user account to login.
Can we do that? and the other issue is even if we can change the new domain name in new DC 2019, Do we have to change the new domain name in all client computers? Is that right? So it gonna be lost their entire account in client computers? Kindly advice me the best solution please.
Thank you.
Best regards.
LikeLike
Thank you for your question and I’m glad you found the post helpful! Here’s some guidance for your scenario:
1. Migration from old DC (2003) to new DC (2019) with a new domain name (appletech.com):
> You can certainly migrate the Active Directory (AD) from the old DC 2003 to the new DC 2019 with the new domain name (appletech.com). This involves setting up the new DC, promoting it to a domain controller, and migrating AD data using tools like Active Directory Migration Tool (ADMT) or other methods.
> Once the migration is complete, you will have the new domain (appletech.com) with the AD data from the old domain (somedomain.com) on the new DC 2019.
2. Joining client computers to the new domain without recreating user accounts:
> After setting up the new DC 2019 with the new domain name, you can join the client computers from the old office to the new domain without recreating user accounts.
> Users should be able to log in using their existing credentials from the old domain without any issues, as long as the user accounts and passwords are migrated successfully to the new domain.
3. Changing the domain name on client computers:
> While it’s technically possible to change the domain name on client computers, it’s generally not necessary in your scenario.
> Since users will be logging in with their existing domain accounts (albeit on the new domain), there’s no need to change the domain name on client computers.
> Users should be able to log in to their computers using their existing domain credentials after joining them to the new domain without any loss of account data.
In summary, you can migrate from the old DC (2003) to the new DC (2019) with the new domain name and join client computers to the new domain without recreating user accounts. Users should be able to log in to their computers using their existing domain credentials without needing to change the domain name on client computers. If you have any further questions or need clarification, feel free to ask!
LikeLike
thx. It worked fine with Windows 2019 Essentials. I skipped step 24 (renameing the server)
LikeLike
No need. Cool
LikeLike
Worked for me Windows Server 2016 no issues.
I also skipped step 24: changing the netbios name as mine was already the name I wanted.
LikeLike
Glad to hear it worked smoothly for you on Windows Server 2016! Skipping step 24 is fine if your netbios name is already as desired.
LikeLike
Hi. this is a realy good guide. i will do the rename of our domain this week, i have planned it good and read a lot of guides, also from microsoft. there they say, the control station, where you execute the rendom-tool has to be not a domain controller and i see, you did it on your DC ?
LikeLike
Yes, it’s DC Server. Depends on the AD organization. Can you please share more details. I will guide you
LikeLike
Hi. I already did the rename succesfully. i did it on a member server..and it works also. But your Guide is GREAT…thxs a lot !
LikeLike
Awesome. Welcome
LikeLike
Hi can you please help. my domain name change went well however i now cant add new pc to domain it gives the error “the specified domain either does not exist or could not be contacted” any help please
Regards Richie
LikeLike
To troubleshoot, ensure correct DNS settings, verify network connectivity, check time synchronization, flush DNS cache, and consider rejoining the domain. Review logs for additional insights.
LikeLike
Does one just leave the old original domain name in DNS?
LikeLike
After renaming a domain in Windows Server 2016, it’s generally recommended to clean up any references to the old domain name, including in DNS records. However, whether you leave the old original domain name in DNS depends on your specific requirements and considerations:
1. Impact on Existing Systems: If there are legacy systems, applications, or configurations that still rely on the old domain name, you may choose to leave it in DNS temporarily to avoid disrupting their functionality.
2. DNS Forwarding and Resolution: Leaving the old domain name in DNS may result in DNS queries for the old domain name being forwarded or resolved. However, it’s essential to ensure that DNS queries for the old domain name do not cause conflicts or misrouting, especially if there are new configurations or systems in place.
3. Clean-Up and Security: From a security and administrative perspective, it’s generally considered best practice to clean up obsolete references, including DNS records, after completing the domain rename process. This helps maintain a tidy and secure DNS environment and reduces the risk of confusion or misconfiguration.
4. Documentation and Planning: Before making any changes to DNS records, thoroughly document the existing DNS configuration and assess the potential impact of removing the old domain name. Ensure that all relevant stakeholders are aware of the changes and that any necessary adjustments are made to network configurations and DNS forwarding rules.
In summary, while leaving the old original domain name in DNS temporarily may be appropriate in certain scenarios, it’s essential to evaluate the implications and consider long-term clean-up and security measures as part of your domain renaming process.
LikeLike
What are the impacts to the internal Windows Certificate Authority? Will a new CA and all associated GPOs related to it need to change? Will steps 23 and 24 update any domain name reference in the GPOs for say appended DNS names for primary search and or the CA? I am guessing the CA should be addressed prior to rejoining any system to the new domain?
Thank you for the guide and any reply related to the CA.
LikeLike
When renaming a domain in Windows Server 2016, there are indeed implications for the internal Windows Certificate Authority (CA) and associated Group Policy Objects (GPOs). Here’s how it typically affects the CA and related configurations:
1. Certificate Authority (CA) Configuration: Renaming the domain does not automatically update references to the CA or its configurations. Therefore, you’ll need to ensure that the CA’s settings, including server names and URLs, are updated to reflect the new domain name. Failure to do so may result in issues with certificate issuance and validation.
2. Group Policy Objects (GPOs): GPOs often contain references to domain-specific settings, including those related to certificate auto-enrollment, certificate trust lists, and certificate templates. After renaming the domain, you’ll need to review these GPOs and update any references to the old domain name, including references to the CA server and certificate templates.
3. Steps 23 and 24: While steps 23 and 24 in the domain renaming process focus on updating DNS records and domain controllers, they do not directly address updates to GPOs or the CA. You’ll need to manually review and update GPOs as needed after completing the domain rename.
4. Sequence of Tasks: It’s advisable to address the CA configurations before or concurrently with the domain rename process. This ensures that certificates and related configurations remain valid and functional post-renaming. Updating the CA settings and GPOs beforehand helps minimize disruptions and ensures smooth operation after the domain rename.
In summary, while steps 23 and 24 in the domain renaming process primarily deal with DNS and domain controller configurations, additional steps are required to update CA settings and related GPOs.
LikeLike
Please not that Step 20. Should state that all DC’s will reboot !!!!!!!!!!!!!!
LikeLike
Thank you for your input. It’s crucial to emphasize that all domain controllers will undergo a reboot during the renaming process. Additionally, service interruption is expected, and upon successful completion, each DC server will be restarted.
LikeLike
How about old dns record? Can we delete it?
LikeLike
Yes, you can delete old DNS records associated with the old domain name after completing the domain rename process in Windows Server 2016. It’s important to clean up any stale or outdated DNS records to ensure the integrity and efficiency of your DNS infrastructure.
Here are the general steps to delete old DNS records:
1. Open the DNS Manager on your Windows Server.
2. Navigate to the forward lookup zone corresponding to the old domain name.
3. Locate the old DNS records associated with the old domain name.
4. Right-click on each old DNS record and select “Delete” from the context menu.
5. Confirm the deletion when prompted.
By deleting old DNS records, you help prevent potential issues such as DNS resolution conflicts or unnecessary network traffic. However, before deleting any records, it’s essential to verify that they are indeed no longer needed and won’t impact any existing services or applications. Additionally, consider documenting any changes made to ensure proper recordkeeping and future reference.
LikeLike
You are a Live saver, thanks so much for the breakdown which has helped me
LikeLike
You’re very welcome! I’m glad to hear that the breakdown was helpful for you. If you have any more questions or need further assistance in the future, don’t hesitate to reach out. Good luck with your domain rename process!
LikeLike
Great article. I have done the rename and have connected one user to the new domain. Only thing I see that I was not sure if it is a problem, is in the DNS manager, your Start of Authority (SOA) is still the old .local as well as the Name Server(NS), can I change this on my properties page without affecting anything?
LikeLike
Yes, you can update the Start of Authority (SOA) and Name Server (NS) records in the DNS manager without causing any issues. It’s recommended to reflect the new domain name in these records for consistency. Simply edit the properties of the DNS zone, update the SOA and NS records with the new domain name, and ensure that all DNS records are updated accordingly. This change should not impact the functionality of your domain as long as it is done accurately.
LikeLike
How would I change the Full computer name, it is still registering my old domain.
LikeLike
To change the full computer name in Windows Server 2016:
1. Press `Windows + Pause/Break`.
2. Click “Change settings” next to “Computer name”.
3. In System Properties, click “Change”.
4. Enter the new computer name.
5. Click “OK” and restart if prompted.
LikeLike
Hello, We use LAPS in our enviroment so after changing the domain …how would that impact LAPS?
LikeLike
Considering LAPS integration is crucial when planning a domain rename in Windows Server 2016. Ensure seamless functionality post-rename by evaluating attribute changes, updating Group Policy, configuring client-side settings, and thorough testing. Documentation and communication are key to informing stakeholders about any changes to LAPS configuration or functionality.
LikeLike
Thank you Sifad for the detailed information. Its very much helpful. I tried in test environment and it worked without any issues.
LikeLike
You’re most welcome. I’m very happy to hear that
LikeLike
Hi Sifad, based on the positive results in Test environment, I have tried the same activity in production environment and it get fail at the command “rendom /upload”. I get the error as ” Failed to upload Dns Root alias on the DN:CN=**—–“, Sec Err: DSID-03150F93, problem 4003 ( INSUFF_ACCESS_RIGHTS), data 0: Access is denied.:5”.
I am perform this activity on the domain controller in Azure VM. I am performing this task using local admin credentials. I am part of all the admin groups but still no luck, do you see if i am missing any ?
LikeLike
It sounds like you’re facing a challenge with the ‘rendom /upload’ command during your domain rename process in Azure. This error can often stem from insufficient access rights or permissions. Ensure your account has the necessary privileges, and review network and security settings. If the issue persists. Best of luck resolving the issue!”
LikeLike
Getting ready to do this on a DC, are there additional things I need to know?
LikeLike
Before renaming your domain in Windows Server 2016, ensure thorough planning and backups to mitigate potential risks and disruptions. Good luck!
LikeLike
Hi Sifad, can you clarify step 24? Its to change the server name?
LikeLike
Step 24 involves using the “gpfixup” command to fix Group Policy objects after renaming the domain controller. Let me clarify the command:
– `gpfixup`: This command is used to fix references to a domain controller’s old name in Group Policy objects.
– `/oldnb:DC-CLOUD`: Here, you specify the old NetBIOS name of the domain controller. In this example, “DC-CLOUD” is the old NetBIOS name.
– `/newnb:sifad`: This specifies the new NetBIOS name that you want to assign to the domain controller. Replace “sifad” with the new NetBIOS name you’ve chosen for the domain controller.
By running this command, you ensure that any references to the old domain controller name in Group Policy objects are updated to reflect the new name. This helps maintain consistency and ensures that Group Policy functions correctly after the domain controller rename.
LikeLike
thanks good post 🙂
LikeLike
After the rendom /execute command, The server restarted, but the domain name in system properties stayed the same. Any Thoughts?
LikeLike
It appears there might have been an issue with the domain rename process. Double-check the execution of the “rendom /execute” command and ensure all preceding steps were completed correctly. If the problem persists, consider reviewing event logs for errors and restarting the server. Replication delays between domain controllers could also be a factor.
LikeLike
I was looking for this kind of post, actually I’m planning to change DC name.
thanks in advance.
I have one question I’m using DC&exchange outlook in same server it after changing the DC name it will effect to exchange outlook?
LikeLike
Thank you for sharing your plan to change the domain controller (DC) name. It’s a significant step, and careful planning is key to ensuring a smooth transition. Regarding your question about the potential impact on Exchange Outlook, while changing the DC name should not directly affect Exchange Outlook, it’s essential to consider any dependencies or configurations that may be affected. It’s always a good idea to test changes in a controlled environment and have a backup plan in place. If you have any further questions or concerns, feel free to ask. Good luck with your DC name change!
LikeLike
There is no need to rejoin stations to the renamed domain. Just power them up and wait a minute os so to see that the domain has been magically changed below login boxes (or enter newdomain\loginname). If not, then reboot station. User must login asi “Diffrent user” and fill up its login name at first logon to the new domain. Subsequent logins works as usual.
LikeLike
Your comment provides valuable insight into the domain renaming process in Windows Server 2016. It highlights that, after renaming the domain, client stations do not require rejoining; instead, they automatically recognize the new domain name upon startup. If not immediately visible, users can manually input the new domain name before logging in. Additionally, you advise users to log in as “Different user” during the first login to the new domain, with subsequent logins proceeding as usual. This information is helpful for administrators managing domain renaming tasks, streamlining the transition process for users.
LikeLike
Will change in domain name affect the kerberos setup?
LikeLike
Yes, changing the domain name in Windows Serves will affect the Kerberos setup. Kerberos relies heavily on domain names and requires accurate DNS configuration to function properly. When you rename a domain, it will impact Kerberos authentication because:
1. Service Principal Names: SPNs are used by Kerberos for mutual authentication between clients and servers. They include the domain name in their construction. Changing the domain name will require updating SPNs associated with domain resources.
2. Kerberos Realms: Kerberos realms are typically mapped to domain names. Changing the domain name effectively changes the Kerberos realm. This may require reconfiguration of Kerberos settings on servers and clients.
3. Trust Relationships: If the domain participates in a trust relationship with other domains or forests, the trust relationship may need to be reconfigured or recreated to reflect the new domain name.
4. Service Accounts: Service accounts used by applications or services may need to be updated with the new domain name.
5. DNS Configuration: DNS records associated with the old domain name will need to be updated or removed, and new DNS records for the new domain name will need to be created.
Overall, changing the domain name can have significant implications for Kerberos authentication, and it’s essential to carefully plan and execute the change to minimize disruptions to authentication services and ensure continued security and functionality.
LikeLike
getting error when adding forward lookup zone, can I get some remote support
LikeLike
Ensure you have the necessary permissions and check for existing zones with the same name. Verify the DNS Server service is running and check network configuration. If the issue persists, provide more details about the error message for further assistance.
LikeLike
Hello Sifad. Actually I searched info about domain rename and your very nice article was the first one at MS community. In my case the reason for rename domain is domain name somedomeain.local. I’ve read that “.local” is bad for domain, correct one should be “internal.domain.com”. But I see, that your guide just describe the migration domain.com (bad one, I agree – it could be a mess with internet domain and need some DNS tuning to get it work) to domain.local. It is a bit frustrating for me. What do you think about domain name like domain.local, is it ok? Many thanks for your article and time.
WBR
Alex
LikeLike
Hi Alex,
Thank you for reaching out, and I’m glad you found my article helpful. Regarding your question about domain naming, using “.local” as a domain suffix was a common practice in the past. However, it’s generally recommended to avoid using “.local” for Active Directory domains due to potential conflicts with Multicast DNS (mDNS) used by Apple Bonjour and other protocols.
Instead, a domain name like “internal.domain.com” is preferred because it aligns with Internet DNS standards and avoids potential naming conflicts. Additionally, it provides a clearer distinction between internal and external domains.
That said, if your current domain is “domain.local,” it can still function without major issues. However, if you’re considering a domain rename, transitioning to a more standard naming convention like “internal.domain.com” could be beneficial in the long run, especially if you anticipate integrating with external services or partners.
Ultimately, the decision depends on your organization’s specific needs and considerations. If you do decide to proceed with a domain rename, be sure to follow best practices and thoroughly plan and test the process to minimize disruptions.
I hope this helps clarify your concerns. Feel free to reach out if you have any further questions or need assistance.
LikeLike
Shoud I unjoin client computer domain first then I change the domain name / netbios name? When I change the doamin name,will all client existing domain account local computer profile affected? Thank you.
LikeLike
Yes, it’s generally advisable to unjoin client computers from the domain before changing the domain name or NetBIOS name. This helps prevent potential issues with domain authentication and connectivity.
1. Unjoin Domain: It’s recommended to unjoin client computers from the domain before changing the domain name.
2. Change Domain Name: Changing the domain name shouldn’t affect existing client domain accounts or local computer profiles.
3. Considerations:
– Users will need to log in using the new domain name.
– Update group policies and permissions as needed.
– Rejoin client computers to the domain with the new name.
Always ensure you have appropriate backups and a rollback plan in case any unexpected issues arise during the domain name change process.
LikeLike