A domain is identified by its' NetBIOS name and by a Security Identifier (SID). Since most security features and Access Control Lists (ACLs) use the SID, you can change the domain name if you follow proper procedure. This applies to a single domain, an accounts domain or a resource domain in a network using the master domain model.
Some BackOffice products are adversely affected by renaming a domain so please read this tip before making any changes.
Note: During the course of this procedure, do NOT install any domain controller and do not promote any domain controller. Do NOT manage any users. All clients should be logged off.
It would be wise to backup and to generate a new ERD before and after the change.
Have a copy of the 3 setup disks, the NT Server CD, and your latest Service Pack and Hotfixes available.
If you have NETDOM from the
, you can change the domain name remotely without a visit to each computer involved.Document and then break all trust relationships between the domain whose name you will be changing and all other domains. Be sure to remove the trust entry on both sides of the trust (in User Manager for Domains for both domains in the trust).
Stop all BackOffice services such as Microsoft Exchange Server, SQL Server, and Internet Information Server. Set startup to manual on all these services. Change the domain name on the PDC (Control Panel / Network / Identification).
Restart the PDC. This will cause the <1Bh> entry for the new domain to appear in the WINS server.
If you are using WINS for NetBIOS over TCP/IP name resolution, force replication from the PDC's primary WINS server to all other WINS servers to propagate the <1Bh> entry for the new domain. Name resolution to the PDC is necessary for each BDC to successfully change to the new domain name. If you are using TCP/IP without using WINS, create an LMHOSTS file with a <1Bh> entry for the new domain and put it on each BDC (IP_ADDRESS_OF_DC "DOMAINNAME \0x1b" #PRE where the entire entry in quotes is exacly 20 characters - see tip 463).
On each BDC, change the domain name and restart. The restart is necessary for the BDC to correctly register its <1Ch> entry with WINS.
Force replication from all WINS servers to propagate the <1Ch> entry.
Reestablish the trust relationships. Using Server Manager, synchronize both domains involved in each trust.
Using Control Panel / Services, browse to renter the account for each BackOffice service that was stopped and reconfigure its' Startup. Start the services in the correct order.
Service accounts are stored textually in the Service Control Manager database, not as SIDs. Therefore, any services, on any computer, that use domain user accounts as their service account will have to be manually adjusted. The Sc.exe utility from the Windows NT Server Resource Kit may be useful for making this change on remote computers.
If you are using integrated security in SQL Server, you will need to reset the "Default Domain" field in SQL Security Manager. If the users are not part of the "Default Domain" you may need to remove and re-add users and groups from the renamed domain or local groups containing groups from the renamed domain.
Microsoft Exchange Server service accounts will need to be reassociated with the new domain name. You will need to change the default Windows NT domain name to the new domain name in the Exchange Administrator program, select Tools, select Options, and then click the Permissions tab. Security settings on all Exchange Server public folders will be lost. Before renaming the domain, use the command line utility Pfadmin.exe to export the public folder security settings to a text file to make reconstruction of the permissions easier.
If Systems Management Server primary or secondary sites exist in the domain that is being renamed, Systems Management Server will have to be uninstalled and then reinstalled with the new domain name. You will not be able to restore the existing Systems Management Server database after reinstallation; you will have to start with a clean database. If the domain being renamed is part of an Systems Management Server site but has no primary or secondary sites located in it (only logon servers and clients), the domain should be removed from the site prior to the name change and added back into the site after the change. Please refer to the Systems Management Server Installation and Configuration Manual, Chapter 3, "Adding Domains, Servers, and Clients."
If you are running Internet Information Server, you may need to change the account specified in virtual paths.
Change the domain name on each member server or workstation. For clients such as Windows 95 or Windows for Workgroups, change the workgroup name to the new domain name.
Check all batch files for domain names.
Synchronize the entire domain.
Any problems you encounter on a BDC are likely to be name resolution or synchronization problems. Use Server Manager to sync it with the PDC and/or fix the LMHOSTS file.
