Changing the name of an Active Directory domain is a rather rare procedure that few AD administrators have actually performed. The process of renaming a domain must be properly planned so as not to break the entire corporate infrastructure.
Basic requirements for renaming an AD domain:
- AD schema version at least Windows Server 2003;
- If your domain uses a Certificate Authority (CA), you need to do some preparation. Read more here;
- Some applications are incompatible with domain renaming. The domain rename operation is not supported for domains with on-premises Exchange Server deployed. If you need to rename a domain with Exchange Server, you must first create a new AD forest, deploy Exchange in it, and then migrate all objects. There are some other non-Microsoft applications that do not support domain renames (check your application’s documentation).
In this example, we have a domain contoso.com with AD controllers based on Windows Server 2019. Our task is to change the domain name to theitbros.com.
Note. Be sure to back up your AD before you start renaming your domain.
Create a domain zone for the new domain on the primary DNS in your domain. If you are using Microsoft DNS:
- Open DNS Manager console and select your server;
- Expand the Forward Lookup Zones node;
- Select New zone;
- Create a new Primary zone theitbros.com and replicate it to all DNS servers in your forest.
In order to change the AD domain name, you must use the rendom console tool, which is available on any domain controller. The rendom (C:\Windows\System32\rendom.exe) allows you to perform various actions necessary for a domain rename operation.
All actions to rename a domain controller must be performed on a domain controller.
Run the command prompt as an administrator and create an XML file with a description of your domain:
This command will generate a Domainlist.xml file in the current directory. Open it with notepad:
Use the Edit > Replace menu to find and replace the old domain name in the file with the new one. Manually change the value in the NetBiosName field.
Save the changes to the Domainlist.xml file.
Upload a new file:
This creates a DCclist.xml file that is used to track the progress and status of each domain controller in the forest for the domain rename operation. At this point, the Rendom freezes your Active Directory forest from making any changes to its configuration.
Check if the domain is ready to accept changes (checks the availability of all DCs):
If this command returns no errors, you can run the rename operation:
After that, all domain controllers will be automatically rebooted.
In order for all domain-joined workstations and servers to automatically change their name to the new domain, they must be rebooted twice.
After that, you need to manually rename all domain controllers (they won’t change the name to the new domain automatically).
Use the following command to rename each DC:
netdom computername DC01.contoso.com /add:DC01.theitbros.com netdom computername DC01.contoso.com /makeprimary:DC01.theitbros.com
Reboot the domain controller to apply the changes.
Now you need to rebind the Group Policy Objects to the new domain name:
gpfixup /olddns:contoso.com /newdns:theitbros.com
Remove links to the old domain:
Now you can unlock the AD domain with the command:
Make sure that the rename was successful. Check if all AD domain controllers can be contacted, users can sign in to the new domain, check if applications work correctly, and replication in AD and errors on DCs.