****
*
*
*
*







*
*
                                      
*
*
Windows Server



    

Domain Rename FAQ's    

*
*

*
*

Domain Rename FAQ's


Categories:


Tags:


Apr
26

Ques1. What are the Domain Rename Requirement?

Ans;

·        Exchange 2003 SP1: If your Active Directory forest contains only Exchange 2003 SP1 servers, you can run the domain rename operation, but you must also use the Exchange Domain Rename Fix-up Tool to update Exchange attributes. The Exchange Domain Rename Fix-up Tool is available on the Exchange Server 2003 Tools and Updates Web page (http://www.microsoft.com/exchange/updates). The document that accompanies the tool describes when and how to perform Exchange-related steps. To perform a domain rename operation, Exchange must not be installed on any domain controllers. If a domain controller is running Exchange, move the Exchange data off of the domain controller and uninstall Exchange.

·        Exchange 2003 or Exchange 2000 or Exchange 5.5: The domain rename operation is not supported in an Active Directory forest that contains Exchange 2000 or Exchange 5.5 servers. If the domain rename tool detects Exchange 2000 servers, the tool will not proceed. The domain rename tool will not detect whether Exchange 5.5 servers exist; therefore, do not attempt the operation if the forest contains Exchange 5.5 servers.

·        Renaming e-mail domains: The domain rename operation does not change the e-mail domains that are specified in Exchange recipient policies and e-mail addresses. If you want to change your e-mail domains, do so after the domain rename operation.

·        Forest functionality: You can rename domains only in a forest where all of the domain controllers are running Microsoft® Windows® .Server 2003 Standard Edition, Microsoft® Windows® Server 2003 Enterprise Edition, or Microsoft® Windows® Server 2003 Datacenter Edition operating systems, and the Active Directory forest functional level has been raised to Windows Server 2003. For more information about forest functional levels, see "Active Directory Functional Levels" in the Directory Services Guide of the Windows Server 2003 Resource Kit. For more information about how to determine forest functional levels, see "To verify forest level" and "To raise forest level" in Windows Server 2003 Server Help and Support Center.

·        Administrative privileges: The domain rename procedure requires Enterprise Admins privileges to perform the various steps in the procedure. If you are running Exchange, the account you use must also have Full Exchange Administrator permissions. The required permissions for each step in the procedure, along with the details of each step, are described in "Steps to Perform the Domain Rename Procedure" later in this document.

·        Control station: The computer to be used as the control station for the domain rename operation must be a member computer (not a domain controller) running Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, or Windows Server 2003 Datacenter Edition.

·        DFS root servers: In order to be able to rename a domain with domain-based DFS roots, all DFS root servers must be running Windows 2000 with Service Pack 3 or a higher release of the Windows server.

 

Ques2: How do we Manage Presence of Exchange in a Windows 2003 forest ? , How do we manage exchange 2003 sp1 , exchange 2000 and Exchange 5.5 , while present in forest ?

Ans:

·        Exchange 2003 SP1: If your Active Directory forest contains only Exchange 2003 SP1 servers, you can run the domain rename operation, but you must also use the Exchange Domain Rename Fix-up Tool to update Exchange attributes. The Exchange Domain Rename Fix-up Tool is available on the Exchange Server 2003 Tools and Updates Web page (http://www.microsoft.com/exchange/updates). The document that accompanies the tool describes when and how to perform Exchange-related steps. To perform a domain rename operation, Exchange must not be installed on any domain controllers. If a domain controller is running Exchange, move the Exchange data off of the domain controller and uninstall Exchange.

·        Exchange 2003 or Exchange 2000 or Exchange 5.5: The domain rename operation is not supported in an Active Directory forest that contains Exchange 2000 or Exchange 5.5 servers. If the domain rename tool detects Exchange 2000 servers, the tool will not proceed. The domain rename tool will not detect whether Exchange 5.5 servers exist; therefore, do not attempt the operation if the forest contains Exchange 5.5 servers.

·        Renaming e-mail domains: The domain rename operation does not change the e-mail domains that are specified in Exchange recipient policies and e-mail addresses. If you want to change your e-mail domains, do so after the domain rename operation.

 

Ques3.What is the Role of Trust in Domain Rename ?

Ans:

If you plan to use the domain rename process to reposition one or more domains in the domain tree hierarchy, then for each domain you plan to reposition, the necessary shortcut trust relationships must be created between the domain you want to reposition and its new parent domain (or the forest root domain if the repositioned domain becomes a tree root). These pre-created trust relationships substitute for the required tree-root or parent-child trust relationships that will be missing in the restructured forest.

Pre-Creating a Parent-Child Trust Relationship

For example, suppose you want to restructure the cohowinery.com forest, shown in Figure 1, so that the products.sales.cohowinery.com domain becomes a child of the cohowinery.com domain. Before performing the domain rename operation to carry out this restructure, you must first create a two-way, transitive shortcut trust relationship between products.sales.cohowinery.com and cohowinery.com. This trust relationship pre-creates the two-way parent-child trust relationship that will be required for the targeted parent and child domains.

Figure shows the before and after domain structures and the shortcut trust relationships you need to create that will serve as parent-child trust relationships in the target forest.

Pre-Creating Multiple Parent-Child Trust Relationships

For scenarios where you need to restructure a domain that is both a child domain and a parent domain, you might need to create shortcut trust relationships in two places. For example, suppose you want to restructure the cohowinery.com forest, shown in Figure 2, to move the hr.sales.cohowinery.com domain so that it becomes a child of the eu.cohowinery.com domain. At the same time, you want to make its child domain, payroll.hr.sales.cohowinery.com, become a direct child of its current parent domain, sales.cohowinery.com. To perform this restructure operation, you will first need to create two shortcut trust relationships that will become the parent-child trust relationships for the new forest following the restructuring, as follows:

        A two-way, transitive shortcut trust relationship between the eu.cohowinery.com and hr.sales.cohowinery.com domains, which will affect a two-way, transitive parent-child trust relationship between eu.cohowinery.com and hr.eu.cohowinery.com after restructuring.

        A two-way, transitive shortcut trust relationship between the sales.cohowinery.com and payroll.hr.sales.cohowinery.com domains, which will affect a two-way, transitive parent-child trust relationship between sales.cohowinery.com and payroll.sales.cohowinery.com after restructuring.

These shortcut trusts are responsible for maintaining the two-way, transitive trust relationships that are required between the newly renamed domains once the domain rename process has been completed.

Pre-Creating a Tree-Root Trust Relationship with the Forest Root Domain

When a domain is renamed to become a new tree root, the new tree-root domain must have a two-way, transitive trust relationship with the forest root domain. For this scenario, you create a two-way shortcut trust relationship between the domain you want to rename to become a new tree-root domain, and the forest root domain.

For example, suppose you have a deep tree and you want to create a new tree by moving the lowest-level domain to become a tree-root domain. Figure 3 shows the two-way shortcut trust relationship you create, and the tree-root trust relationship it provides after restructure, when renaming the eu.sales.cohowinery.com domain to create the tree-root domain cohoeurope.com.

 

Ques4.How do we Plan Dns for New Forest in Domain rename Procedure?

Ans:

Preparing DNS Zones

When an application or client requests access to Active Directory, an Active Directory server (domain controller) is located by the DC Locator mechanism, as described in "Establishing a DNS Alias for a New Domain Name" in the document titled "How Domain Rename Works."

In response to client requests for Active Directory services, DC Locator uses SRV resource records in DNS to locate domain controllers. In the absence of these DNS SRV resource records, directory clients experience failures when trying to access Active Directory. For this reason, before renaming an Active Directory domain, you need to be sure the appropriate DNS zones exist for the forest and for each domain. If the appropriate zones do not exist in DNS, you need to create the DNS zone(s) that will contain the SRV resource records for the renamed domains. It is also highly recommended that you configure the zone(s) to allow secure dynamic updates. This DNS zone requirement applies to each domain being renamed as part of the domain rename operation.

The DNS requirements to rename an Active Directory domain are identical to the DNS requirements to support an existing Active Directory domain. Your current DNS infrastructure already provides necessary support for your Active Directory domain using its current name, and usually you simply need to mirror the existing DNS infrastructure to add support for the planned new name of your domain.

For example, suppose you want to rename an existing Active Directory domain sales.cohovineyard.com to marketing.cohovineyard.com. If the SRV resource records registered by the domain controllers of the sales.cohovineyard.com Active Directory domain are registered in the DNS zone named sales.cohovineyard.com, then you will need to create a new DNS zone called marketing.cohovineyard.com corresponding to the new name of the domain. For more information about how to configure DNS to provide support for the Active Directory, see "Windows Server 2003 DNS" in the Networking Guide of the Windows Server 2003 Resource Kit.

 

Ques5:What is the effect on Folder redirection Policy or Roaming Profile after Domain Rename procedure , if we are redirecting the folders to a domain based DFS , What can we do to fix it ?

Ans:

Preparing Folder Redirection to Domain-Based DFS

Windows 2000 Server family and Windows Server 2003 Server family provide the ability to redirect a set of special folders for users, such as the My Documents folder, from the local computer to a network location. Folder Redirection is an extension to Group Policy that allows you to identify network locations for these folders on specific servers or Distributed File System (DFS) roots. If you are redirecting folders to network locations that use domain-based DFS paths (\\domainName\DFSRoot), renaming the Active Directory domain invalidates the domain-based DFS path. If the redirected path is no longer valid, Folder Redirection stops working.

Note

If the NetBIOS name of a domain is used in domain-based DFS paths and the NetBIOS name of the domain is not changed during a domain rename operation, then the domain-based DFS path will continue to be valid.

To allow Folder Redirection to continue to work following a domain rename operation, folders that are redirected to a domain-based DFS path for a domain that is going to be renamed must instead be redirected to a server-based share or standalone DFS path prior to renaming the domain. Server-based paths are unaffected by the domain rename operation. Folder Redirection to a server-based path instead of a domain-based DFS path can be configured using the Folder Redirection Group Policy extension. For information about how to use Group Policy to redirect special folders to a network location, see Windows Server 2003 Server Help and Support Center.

Preparing Roaming User Profiles on Domain-Based DFS

Windows 2000 Server family and Windows Server 2003 Server family provide support for roaming user profiles where the user profile (as well as home directory) can be located on a network location. Just as for Folder Redirection, discussed earlier, if roaming user profiles (and home directory) are placed on network locations using domain-based DFS paths, renaming the domain invalidates the path and roaming profiles that use the path stop working.

Note

If the NetBIOS name of a domain is used in domain-based DFS paths and the NetBIOS name of the domain is not changed during a domain rename operation, then the domain-based DFS path will continue to be valid.

To ensure that network share-based user profiles continue to work following a domain rename operation, user profiles located on a domain-based DFS path for a domain that is going to be renamed must instead be relocated to a server-based share or standalone DFS path. Server-based paths are unaffected by the domain rename operation. For information about how to create roaming user profiles, see Windows Server 2003 Server Help and Support Center.

 

Ques6:What is the effect of Domain Rename on client machine and member server . Also how does Domain Controllers react to Domain rename?

Ans:

Conditions for Automatic Computer Name Change

The primary DNS suffix, and therefore the full DNS name of a member computer in an Active Directory domain, changes when the domain is renamed if both of the following conditions are true:

        Primary DNS suffix of the computer is configured to be updated when domain membership changes.

        No Group Policy specifying a primary DNS suffix is applied to the member computer.

These conditions represent the default configuration for computers running Windows 2000, Windows XP, and Windows Server 2003 Server family. If you do not know how the primary DNS suffix of the computers in your enterprise are configured, see "How to Determine the Primary DNS Suffix Configuration" later in this document.

Keep in mind that the DNS suffix setting also applies to servers running Exchange. When determining the primary DNS suffix configuration for your servers, also check your Exchange servers.

Note

The DNS host names of domain controllers in a renamed domain are not changed automatically to use the new domain DNS name as the primary DNS suffix, regardless of the primary DNS suffix configuration. In other words, the DNS names of domain controllers in a renamed domain will remain unchanged. The domain controllers can be renamed in a separate step after the domain rename operation has been completed using a special DC rename procedure. For more information on how to rename a DC, see "Rename a domain controller" in Windows Server 2003 Server Help and Support Center.

 

Ques 7: How do we manage DNS changes applied to Computers , after we apply GPO for changing Dns suffix .

Ans:

Configuration Required Before Applying Group Policy

When you apply the Group Policy setting Primary DNS Suffix, the DNS suffix of member computers will no longer match the DNS name of the domain of which they are members. To allow the member computers of a domain to have a primary DNS suffix that does not match the DNS domain name, you must first configure the domain to accept the names that the DNS suffix can have. This configuration must be in place before you can set Group Policy to apply to a set of computers.

To configure the set of DNS suffixes that can be applied to computers in the domain, add a new value (or values) to the msDS-AllowedDNSSuffixes multi-valued attribute of the domain object (the domain Dns object for the domain) such that the attribute contains a list of DNS suffixes that member computers of the Active Directory domain can have. This procedure is described in "How to Configure the Domain to Allow a Primary DNS Suffix that Does Not Match the Domain Name" later in this document. When you apply the Group Policy setting Primary DNS Suffix, you will specify one of the DNS suffixes that you have added to the msDS-AllowedDNSSuffixes attribute.

If you apply the Primary DNS suffix Group Policy setting to the computers in the domain to be renamed, we highly recommend that you set the DNS Suffix Search List Group Policy and apply it to the computers within the domain being renamed. The DNS Suffix Search List should contain the old primary DNS suffix, new primary DNS suffix, and potentially parent suffixes of the old and new primary DNS suffixes (the latter depends on whether parent name spaces are being used in the organization). For example, suppose the old name of a domain was payroll.hr.sales.cohowinery.com (and correspondingly the old primary DNS suffix as well). Also, suppose the new name of the domain is payroll.sales.cohowinery.com (and correspondingly the new primary DNS suffix as well). So the DNS Suffix Search List should contain the following suffixes:

        payroll.hr.sales.cohowinery.com

        payroll.sales.cohowinery.com

        and may contain

        hr.sales.cohowinery.com

        sales.cohowinery.com

        cohowinery.com

Such configuration preserves the ability of users to resolve the DNS names of computers in the domain being renamed by specifying first label only of the full DNS names of computers even during the transition period when a user’s computer and resource server may have different primary DNS suffixes.

For the same reason, if computers in another domain were configured with the DNS Suffix Search List containing the old name of a domain being renamed then during the domain rename procedure those computers should be reconfigured such that the DNS Suffix Search List is updated to contain both the old and new domain names. Note that the Group Policy setting for the DNS Suffix Search List is not supported on versions of Windows before Windows XP.

 

Ques 8:What all Condition can Cause Failure of Working CA in a Forest after Domain Rename?

Ans:

Conditions that Preclude Successful Certificate Management

If one or more of the following conditions exist at the time of domain rename, CA management is not supported:

1.      The CA is configured to have only LDAP URLs for its CDP or AIA. Because the old LDAP extensions would be invalid following the domain rename operation, all the certificates issued by the CA are no longer valid. As a workaround, it would be necessary to renew the existing CA hierarchy and all issued End Entity certificates.

2.      Inter domain trust relationship based on cross-certification with name constraints. Following the domain rename operation, the name constraints might not be valid. As a workaround, you will need to reissue cross-certificates with appropriate name constraints.

3.      RFC 822-style e mail name is used in the user account. If the CA (or the certificate template) is configured to include RFC 822-type e-mail names and this name style is used in the Certificates that are issued, these certificates will contain an incorrect e mail name after domain rename operation. Any such Active Directory accounts should be changed prior to issuing any certificate.

Management of enterprise certificates can be sustained through a domain rename procedure when the following requirements are in effect prior to domain rename:

        The CAs are not installed on domain controllers.

        As a best practice all of the CAs should include both Lightweight Directory Access Protocol (LDAP) and Hypertext Transfer Protocol (HTTP) Uniform Resource Locators (URLs) in their Authority Information Access (AIA) and Certificate Distribution Point (CDP) extensions.

 

Ques 9:What Activities shall be Discontinued Prior to or during the domain rename process?

Ans:

Activities to Discontinue Prior to Domain Rename

When your domain rename plan is in place and preliminary procedures have been completed as described in "Preliminary Steps to Prepare for Domain Rename," you must ensure that your forest is quiescent. Prior to beginning any steps in this section, several activities must be discontinued in your forest.

Until you have completed all domain rename procedures through Step 10 in this section, discontinue the following activities:

        Creating new domains in or removing existing domains from your forest.

        Creating new application directory partitions in, or removing existing application directory partitions from, your forest.

        Adding domain controllers to or removing domain controllers from your forest.

        Creating or deleting shortcut trusts within your forest.

        Adding attributes to or removing attributes from the set of attributes that replicate to the global catalog (called the partial attribute set).

These activities can be resumed after you have successfully completed STEP 9 in "How to Perform Domain Rename" later in this document.

 

Ques 10:How can we create a Control Station for Domain rename , where do we create it and who can become a Control Station ?

Ans:

To set up the control station with the required tools for the domain rename operation

1.      On the control station computer, create a directory named X:\DomainRename where X: is a local disk drive on the selected control station.

Note

All subsequent invocations of the tools used in this procedure should be executed from within this directory. The directory name is not required to be "Domain Rename," but this name is used as the example in describing this procedure.

2.      Insert the Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, or Windows Server 2003 Datacenter Edition operating system CD into the CDROM drive and copy the files from the value add directory as follows.

a. copy M:\valueadd\msft\mgmt\domren\*.* X:\domren

where M: is the CDROM drive. In particular, verify that the two tools rendom.exe and gpfixup.exe have been copied into the working directory X:\DomainRename on the control station.

3.      Install the Support Tools from the Support\Tools folder on the Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, or Windows Server 2003 Datacenter Edition operating system CD. (To install Support Tools, run suptools.msi in the Support\Tools directory.) In particular, verify that the tools repadmin.exe and dfsutil.exe are installed on the control station.

If the control station computer is a member server running Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, or Windows Server 2003 Datacenter Edition, then the control station setup is complete at this point.

In this step, you will set up a single computer as the administrative control station for the entire domain rename operation. All the steps in the procedures described in this section are performed and controlled from this computer. You will copy all the required tools to perform the domain rename operation to a directory on the local disk of the control station and execute them from there. Although the domain rename operation involves contacting each domain controller in the forest, the domain controllers are contacted remotely by the domain rename tools from the control station.

Prerequisites

        Computer: Use a computer that is a member of a domain in the forest in which domain rename is to be performed to serve as the control station.

        Operating system: The computer must be a member computer (not a domain controller) running Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, or Windows Server 2003 Datacenter Edition.

        Operating system CD: You will need the Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, or Windows Server 2003 Datacenter Edition operating system CD.

Important

Do not use a domain controller to act as the control station for this domain rename operation.

 

Ques 11:How to Generate the Current Forest Description and please explain the entries we will see in the Domainlist.xml file ?

Ans:

To generate the current forest description file

1.      On the control station, open a command prompt and change to the X:\DomainRename directory.

2.      At the command prompt, type the following command and press ENTER:

rendom /list

3.      Save a copy of the current forest description file (domainlist.xml) generated in step 2 as domainlist-save.xml for future reference by using the following copy command:

copy domainlist.xml domainlist-save.xml

The /list option of the domain rename tool creates an XML-encoded file named domainlist.xml in the current directory (in this example, X:\DomainRename). This file contains a textual description of your current forest structure as a list of all the domain directory partitions and application directory partitions contained in your forest. This file includes an entry for every domain and application directory partition, where each entry is bounded by the <Domain></Domain> XML tags, as shown in the example in Figure 4. Each entry for a domain (or an application directory partition) contains naming data for it that includes the object GUID of the partition root object, the DNS name of the domain (or application directory partition), and the NetBIOS name of the domain (an application directory partition does not have a NetBIOS name).

The example in Figure 4 below shows the contents of the domainlist.xml file after the rendom /list command was executed in a forest with two domains named cohovineyard.com (with a NetBIOS name of COHOVINEYARD) and sales.cohovineyard.com (with a NetBIOS name of SALES).

In addition to the two entries corresponding to the two domains in the forest, the following three entries appear, corresponding to the application directory partitions that are used by the Active Directory-integrated DNS service:

        DomainDnsZones.sales.cohovineyard.com

        DomainDnsZones.cohovineyard.com

        ForestDnsZones.cohovineyard.com

These application directory partitions must also be renamed.

 

Ques12:How does Specifying a domain controller name in domainlist.xml file help?

Ans:

In "STEP 5: Generate Domain Rename Instructions" later in this document, the rendom tool will contact one arbitrarily chosen domain controller in each domain of the forest to gather information required for translating your new forest specification in the domainlist.xml file into a sequence of required directory changes encoded as a script to be executed at each DC. You can optionally specify a particular domain controller in each domain from which to pull the domain-specific information.

 

To specify domain controllers for each renamed domain in domainlist.xml

        In the field bounded by the <DcName></DcName> tags within each domain entry, type the DNS host name of the domain controller you want to use. For example, to retrieve information for the domain sales.cohovineyard.com from the DC dc1.sales.cohovineyard.com, specify <DcName>dc1.sales.cohovineyard.com</DcName> within the domain entry for the renamed domain sales.cohowinery.com. (Recall that domain controller names do not change when the domain is renamed.)

 

Ques 13:What does rendom /showForest command does?

Ans:

This command simply displays the contents of the domainlist.xml file in a format that is easier to read and in which you can better see the forest structure. Use this command each time after making any changes to the domainlist.xml file to verify that the forest structure looks as intended. It is essential at this step to specify an accurate forest description that reflects the desired changes to the forest structure because any error at this stage will result in an unintended forest structure when the domain rename operation is complete. If your target structure is not what you intended, you must perform the entire domain rename procedure again.

 

Ques 14: What is dclist.xml file, when does it get generated?

Ans:

1.      On the control station, open a command prompt.

2.      From within the X:\DomainRename directory, execute the following command:

rendom /upload

3.      Verify that the domain rename tool created the state file dclist.xml in the directory X:\DomainRename and that the state file contains an entry for every domain controller in your forest.

The rendom /upload command generates the domain rename instructions and uploads them to Active Directory. It also generates a state file called dclist.xml (the default name) and writes it to the current directory X:\DomainRename. Rendom uses the state file to track the progress and state of each domain controller in the forest through the remaining steps of the domain rename procedure.

Figure 6 shows the format of the dclist.xml file that is generated for the two-domain forest illustrated in STEP 4. In the example, there are two domain controllers named DC1 and DC2 in the cohovineyard.com domain, and two domain controllers named DC3 and DC4 in the sales.cohovineyard.com domain.

 

Ques 15:What does rendom /prepare command do ? how can we verify if the command has completed successfully ?

Ans:

The rendom /prepare command causes the control station computer to issue an RPC to every DC in the forest tracked by the state file dclist.xml. The RPC causes each DC to verify that its directory replica is in a good state to perform the changes dictated by the domain rename instructions. For each DC that is successfully verified for readiness, Rendom updates the state field in the corresponding domain controller entry in the state file dclist.xml to Prepared (<State>Prepared</State>).

 

Ques 16: What does rendom /Execute command do? How can we verify if the command has completed successfully?

Ans:

The rendom /execute command causes the control station computer to issue an RPC to every DC in the forest that is tracked by the state file dclist.xml and request execution of the changes dictated by the domain rename instructions. Each DC that successfully executes the domain rename instructions will reboot automatically. For each such DC, the corresponding state field for the domain controller entry in the state file will be updated to read <State>Done</State>. If, on the other hand, a fatal or irrecoverable error is encountered on a DC while attempting to execute the domain rename instructions, the corresponding state for the domain controller entry in the state file will be updated to read <State>Error</State>. For the Error state, the error code is written to the last error field <LastError></LastError> and a corresponding error message is written to the <FatalErrorMsg></FatalErrorMsg> field.

 

Ques 17:How to reissue an execute command on Machine which is in error state?

Ans:

If you determine that an error that has caused a DC to reach the Error state in the dclist.xml file is actually a recoverable error and you feel that forward progress can be made on that DC by retrying the execution of the domain rename instructions, you can force the rendom /execute command to retry issuing the RPC to that DC (instead of skipping it) as described below.

To force Rendom /execute to re-issue the RPC to a DC in the Error state

1.      In the dclist.xml file, locate the <Retry></Retry> field in the domain controller entry for the DC that you believe should be retried.

2.      Edit the dclist.xml file such that the field reads <Retry>yes</Retry> for that entry.

The next execution of the rendom /execute command will re-issue the execute-specific RPC to that DC.

 

 

Ques 18: Briefly Explain the rendom procedure, with commands?

Ans:

STEP 1: Back Up All Domain Controllers

STEP 2: Set Up the Control Station

STEP 3: Generate the Current Forest Description

rendom /list

STEP 4: Specify the New Forest Description

rendom /showforest

STEP 5: Generate Domain Rename Instructions

rendom /upload

STEP 6: Push Domain Rename Instructions to All DCs and Verify DNS Readiness

STEP 7: Verify Readiness of Domain Controllers

rendom /prepare

STEP 8: Execute Domain Rename Instructions

rendom /execute

STEP 9: Unfreeze the Forest Configuration

rendom /end

Rendom /clean

STEP 10: Re-establish External Trusts

 

Ques 19: How do we handle Group policy objects and links after domain rename?

Ans:

It is necessary to repair the GPOs and the Group Policy links after a domain rename operation to update the old domain name embedded in these GPOs and their links. This procedure is necessary so that Group Policy continues to function normally in the new forest after the domain rename operation has completed. The tool also repairs any Group Policy-based Software Installation and Maintenance data (such as Software Distribution Point network paths), if present in Active Directory, so that managed software deployment continues to work in your environment. The GPO and link fix-up tool needs to be run once in each renamed domain. There is no GPO and link fix-up required corresponding to renamed application directory partitions because you cannot apply Group Policy to an application directory partition.

 

Important

The GPO/link fix-up procedure executed in this step does not fix any inter domain GPO links that might exist in your forest. Any existing inter domain GPO links will have to be manually broken and reconfigured for them to work properly. This fix-up procedure also does not repair network paths for Software Distribution Points (present in Active Directory) that are external to the domain.

2.      At the command prompt, type the following command (the entire command must be typed on a single line, although it is shown on multiple lines for clarity) and press ENTER:

gpfixup /olddns:OldDomainDnsName

/newdns:NewDomainDNSName

/oldnb:OldDomainNetBIOSName

/newnb:NewDomainNetBIOSName

/dc:DcDnsName 2>&1 >gpfixup.log

-Where-

OldDomainDnsName is the old DNS name of the renamed domain.

NewDomainDnsName is the new DNS name of the renamed domain.

OldDomainNetBIOSName is the old NetBIOS name of the renamed domain.

NewDomainNetBIOSName is the new NetBIOS name of the renamed domain.

DcDnsName is the DNS host name of a domain controller in the renamed domain, preferably the PDC emulator, that successfully completed the rename operation with a final Done state in the dclist.xml state file in "STEP 8: Execute Domain Rename Instructions" earlier in this document.

 

Ques 20:What Happen to Domain Controller after Domain rename?

Ans;

Rename Domain Controllers (Optional)

The DNS host names of the domain controllers in the renamed domains do not change automatically as a result of the domain rename operation. In other words, the DNS suffix in the fully qualified DNS host name of a DC in the renamed domain will continue to reflect the old domain name. The DNS hostname of DCs in a renamed domain can optionally be changed at a later time using a special procedure.

Modification of the computer name causes updates to the DNS and Active Directory databases. The computer performs these updates automatically, and once the updated data propagates to the DNS servers and Active Directory domain controllers used by a client, the client is capable of locating and authenticating to the renamed computer. However, DNS and Active Directory replication latency (the time it takes for the name change to replicate throughout the databases) might cause a temporary inability of clients to locate or authenticate the renamed computer. Therefore, renaming a mission-critical server like the domain controller requires that you follow a computer rename preparation procedure prior to renaming the computer. This preparation procedure ensures that there will be no interruption in the ability of clients to locate or authenticate the renamed computer. For more information about how to rename a DC, see "Rename a domain controller" in Windows Server 2003 Server Help and Support Center.



No TrackBacks

TrackBack URL: http://www.skar.us/site/mt-tb.cgi/3313

Leave a comment








*
*

ebhakt
Author Bio          ★★★★★

Author Name:         ebhakt
Author Location:    India
Author Rank:          Writer
Author Status:        
The Green leave stands!!


*
*
*
*
****



*****



    Desktop
  • eBooks
  • Games
  • Softwares
  • Tools
  • Tweaks
  • Wallpapers
  • Warez
    PDA
  • Games
  • Tools
  • Wallpapers
    System Administration
  • dll Center
  • Scripts
  • Tools
  • .extensions database
  • Write-up
    more...
  • Download Database
  • Jobs
  • Lists
  • Polls
  • Glossary

01000011 01110010 01100001 01100011 01101011 01111010 01101000 01100001 01100011 01101011