A member recently asked why he couldn't rename a forest in Windows 2000. I've always taught that two of the most...
important choices you will make when designing your Active Directory (AD) forest are choosing your root domain and the DNS and NetBIOS names of your forest. That's because, in Windows 2000, you cannot change either of them once you install Active Directory (and tearing down the forest and rebuilding doesn't count as a change; it's a new AD install). If you try to change the names, you will find that the option for doing so is grayed out, with a message that this computer is a domain controller, and you cannot change its name.
After searching through Microsoft's Web sites, I found, in some voluminous documentation about Windows Server 2003, that while you still cannot change DNS and NetBIOS names in Windows 2000, you can do so in Windows Server 2003. Whether you want to, though, is an open question.
The two documents that explain the process are called "Understanding How Domain Rename Works" and "Step-by-Step Guide to Implementing Domain Rename," and they can be found at http://www.microsoft.com/windowsserver2003/downloads/domainrename.mspx. These documents note that, while it isn't impossible to change a forest's name in Windows 2000, the constraints are "prohibitive." There are 117 pages of explanations and warnings about renaming forests and domains (Domain Rename) in a Windows Server 2003 environment, which is designed to accommodate forest and domain renaming. It's easy to see why it could be considered prohibitive to do so in an environment that was not designed to do so, such as Windows 2000.
Don't try this at home
Note that "feasible" in Windows Server 2003 does not mean easy, quick or even guaranteed to succeed. With a procedure this complex, you can't underestimate the chances that something will go wrong when you analyze the risk involved and review the procedures you will need to follow when and if you decide to make the change. Let's take a look at a couple of warnings and items to consider before you determine whether renaming your Windows Server 2003 forest is worth the trouble.
Domain renaming is not intended to be a routine operation. It requires a great deal of planning and must succeed on all domain controllers in your forest. If the operation fails on a domain controller and you wish to finalize the name change, you must remove the failed domain controller from the forest or domain. The time and effort required both increase dramatically as your organization grows in size and the number of domain controllers involved increases. It is much better to plan ahead and avoid the necessity of renaming a forest or domain, if at all possible.
You cannot change the root domain of your forest once Active Directory is installed. You can change the root domain's NetBIOS and DNS names, but you cannot choose another domain to be the root domain.
You cannot use Domain Rename if you are using Exchange 2000.
You cannot use this operation to drop domains from or add domains to your forest. Your forest structure can be changed (that is, you can move domains), but you must have the same number of domains when you finish as when you started. This is not to say you cannot add or delete domains in your forest, you just can't use Domain Rename to do it.
You cannot rename one domain and give another domain the first domain's old name in one operation. If you rename the domain "sales.lou.local," you cannot give another domain the name "sales.lou.local" in the same operation. You must perform two separate procedures using Domain Rename to avoid possible errors in the partitions container.
Domain Rename is not designed for forest mergers or for moving domains between forests. Remember that you can now join two forests with two-way, transitive trust relationships in Windows 2003 to help accommodate corporate mergers or company reorganizations. If you want to move domains between forests, you can use Active Directory Migration Tool (ADMT) or a third-party tool of your choice.
What you can do with domain rename
You can simply rename a domain without moving it. If your company undergoes reorganization -- and your domain structure is fine, but the current domain names no longer fit your corporate structure -- you can rename a domain in place. An example might be renaming "sales.lou.local" to "usasales.lou.local."
You can move domains within a tree, allowing the restructuring of a tree to reflect a corporate reorganization that makes your current domain structure unacceptable. You can move a domain so that it is now a child domain with a new parent, or you can move a child so it is on the same level as its former parent.
You can rename a domain and make it the root of a new tree. This is especially useful in a growing organization where a former child domain has reached the point where it needs its own identity because of its growing popularity on the Web, for example.
>>Continue on to part two, "Using Windows Server 2003's Domain Rename command"
About the author: Douglas Paddock is an IT instructor at Louisville Technical Institute, in Louisville, Ky. He holds CIW Security Analyst, CIW Certified Instructor, MCSE, MCT, MCSA, A+ and N+ certifications.
FOR MORE INFORMATION: