Domain Rename 2003 3

[jny04]

Our company has recently been bought over, and the new company has dedided they want everything renamed...including the domain!, ie Windows Domain and Server...

Im a bit cagy bout doing 2003 domain rename- has anyone got any advice on this...am i worrying too much??

Cheers

JNY

 

[TidyTrax]

Had a similar situation,

http://www.microsoft.com/windowsserver2003/downloads/domainrename.mspx

i read thru that and with much dragging of heals and moaning managed to get out of it. Seems like a load of work for no real reason. Although microsoft insist that with the Domain Renaming tool that its easy to do, i have my doubts - things go wrong and you'll prob be at it for a few days trying to fix the problems!!!

 

[SuperJon]

How about creating a Peer domain or a Empty domain.

Peer domain would have a top level domain named differently.

 

[jny04]

hi John, not sure if I know what you mean??

 

[NickFerrar]

From what I heard an MS guy say domain rename breaks Exchange to (if you have it running in your company), other than that you're going to have to do multiple client reboots as part of the process.

 

[jny04]

Yes im not convinced at all!...

I inhirited a rather wierd set up when i took on the job -
the login domain /Authentication is NT4. however the new 2003 domain holds the email servers etc. So basically they Login through NT and authentication through email from the 2003 Domain!

Im thinking of just backing up the old 2003 domain, and setting a new one up in its place.

I was thinking of stopping the whole Email/2003 Servers at the weekend - backing up the domain to exactly identical servers but off the network on a seperate switch.
Then trying the domain rename - and if it didnt work add the new servers into the domain...but I think this would cause the logs etc to be out of sync....

Im an MCP in Exchange - but this set up is totally set up more different than i have ever seen in 8 yrs of IT. alot of policy edits to say the least and tweaking the registry!

Has any experienced a clean rename !? if it is possible!

 

[technome]

I have not done a rename...
I will go along with the others. From other forums, renaming a domain is avoided like the plaque. Roughly an 80 page document must be followed for it to be accomplished. I agree with Tidytrax, if anything goes wrong along the way, you may get bogged down for a while. In the future should anything crop up, you will never be sure if it is caused by the rename.In a situation where you must rename, with a very large company, I could see it as long as you have a large team and Microsoft on the hotline.
Sounds like your company is large enough to afford another server. I would create the new domain on a new server, get the domain functioning, transfer your programs/data over. Get test wks connected, when everything works correctly, then get the workstations on line.
At the least, if a rename is your choice ,I would create a lab machine with a similar setup and do a domain rename before the real thing.

http://www.microsoft.com/windowsserver2003/downloads/domainrename.mspx

http://download.microsoft.com/downl...9e8c-3a9c90a2a2e2/Domain-Rename-Procedure.doc

 

[jny04]

Hi there I think i am going to skip this one!...or try to!

I have a plan - Im going to put an nt4 box on the old nt4 domain promote as a bdc. place it on another switch on a new isolated domain(switch) - then test the domain rename from there with two backed up snapshots of the 2003 dc/mail server restored on two spare dell servers we have.

what do you think - so I deploy it as a lab, before a live implementation!

If that doesnt work Ill just start with a new domain, the reason I am not is that there alot of policy/set ups to let the 2003 mail authenticate with the Nt4 domain. And Im not sure where the previous analyst has set this up.

another question - can you back up group policys/individual AD strucures etc???

 

[mikiemov]

I know you can backup up group policies using the group policy management tool...

 

[technome]

How I view this being a Consultant..I not a coward but I need to make a living and maintain clients..

If I had >500 users and other techs involved I might be tempted for the rename.

I would rather spend 4 solid days creating the initial new domain up, considering even more time, to get everything just right. I would just hate wondering if a problems come up in the future, was the "rename" responsible.

Just hate "over the weekend", must have the NET up on Monday routines. I have done quite a few in 20 years, one of the most stressful situations, as you are totally responsible, one of the few situations where you are totally on the line.
I would rather face a total disk crash..at least the hardware is at fault.
Monday morning never is perfect, the little details will get you. "Over the weekend" routines are a throughly thankless senario..99% of the setup is perfect, but the spears are thrown for the 1%.
What happens on Monday morning if some odd error crops up which was not foreseen or did not happen on the lab setup, and your network is down or partially down for a few days.
How secure is your employement.

Even with a lab setup, can you afford (time wise) to have an exact copy including the Exchange setup, and the wks connection, plus testing. How much time will this require.

Learning to rename a domain is rather a dead end experience, as you are very unlikely to rename a domain again. Likely, you will advocate suicide before a rename, after the experience.

Setting up a new domain gives you the ability to correct error in your present domain; your registry and AD will be much cleaner. As Mikiemov points out you could export the policy settings

 

[jny04]

thanks Technome!

I totally agree with what your saying the MD did warn me that the 2003 was rushed to provide email to the 500+ users.
as there was a cut from the parent company etc.. theredfore hence the NT4 login domain authenticatin mail with the 2003 logon..

Im concerned thatI may not be able to connect the damn domain together!..he did/or the consultants he hired did alot of tweaking under the policys (authetication), trusts etc.

Ive never backed up the GP before, but we have over 500 mail accounts on that server now. and the new company do not understand if your even down for a couple of minutes!...

ah the stress of IT! And to make matters worse they want have multiple companys - and want each company secured off from the other!! I am the lead project (in fact im the only one!) - so it will all be on my head!

 

[technome]

All the more reason to create a fresh Domain.

At that point you can leisurely get everything working. If something does not work, you have the time to reseach the problem or post to forums to get an answer. After everything works on the new domain, with a test wks(s) connected.. over a weekend you can get the "live" wks on line.

Your concern about being able to connect the domains together.. with a new domain, if it takes 2 days or two weeks, there is no deadline.

Sounds like the Exchange server will be a bit of work.
Cruise over to Mark Manasi's site, they have some very knowledgeable people over there, ask about the Exchange situation. Domain rename has been discussed there too.

http://206.246.253.6/forum/

 

[PScottC]

Just looking at this thread, I would say that you need to build everything from the ground up, JNY.

And to make matters worse they want have multiple companys - and want each company secured off from the other!!

That just screams New Forest / AD design to me.

In addition to your research, I would also recommend that you get help. An independent or MS consultant would probably be really helpful. Just having someone techical around to bounce ideas off of. You'll catch most of the small details that will cause your head to hurt.

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[jny04]

Thanks for that guys...

quick one I know that you can back up the gp's, but can you back up restore DNS,and AD??

 

[technome]

Yes you can backup both DNS and AD (system state), though the DNS is a manual process, not aided by a GUI or command line. If you attempt a rename, make sure your original server is totally backed up, including the system state

As such a AD backup will not restore to a different domain, neither will DNS as a restoration.

JNY, a very good book on Windows 2003 is Mark Minasi's Master Windows 2003 by Sybex, very good section on DNS, real life how too, not another MS press sleep aid. Does not cover a rename.

PscottC's idea of a consultant giving you a hand is a good idea. Take some of the pressure off and gives you more time think, as you will be dealing with tons of minutia.

 

[jny04]

thanks once again I have several ideas running through my head!...not sure how good they are tho!...

Firstly was to set up new domain, however my MD has now said that the spare servers must be used for MFrame.

SO I have a scenario! - I have rla network with email! DC and mail server. (hi spec systems).

I have 2 spare dell server - higher spec - (but the boss want them for MFrame servers!).

2 . I planned to setup new domain such as IST(as root domain) A new mail and and PDC.

3. I want to test the IST and make sure it works ok!...
Pain - My boss wants the servers to be used for what purpose they were purchased for!

4. Would it be possible to Stop all services running, take a snapshot/full backup of IST domain

5. Then restore over the old domain servers that had the original domain on them Mail and PDC.???

Would everything restore as it should do??? i dont see a problem if all services are stopped? SMTP/etc.
All dell server hardware - most same spec apart from disc/processor power on the newer/spare servers.

let me know your thoughts?