0

I need to rename/recreate a domain from example to lan.example.com.

  1. Current PDC for "example" Windows 2003 SBS domain with 0 computers added to domain
  2. It has user accounts created that users use to log into SharePoint, this is the only part i want to preserve - accounts

This should be simple as i don't have any computers connected to the domain.

Thought #1 - remove and add a domain

I thought i will just:

  1. remove domain and add with a new name (with dcpromo)

But i feared when it warned that "All user accounts in this domain will be deleted". No, don't do that...

Thought #2 - have a secondary computer to help

So i thought i`ll do:

  1. Make a computer B as PDC for lan.example.com
  2. Export users from A (that hosts "example" domain) and import on computer B with ldifde utility
  3. Remove domain from the computer A
  4. Install on computer A domain lan.example.com
  5. Set A as PDC and B as BDC. (swap)

I`m not aware if those steps can be done, so that's why the question is here - can it be done that way? Can someone suggest a more simple way to do it that would not involve computer B? It would be excellent if passwords could be preserved.

Edit after more than a year: a word about single label domains

Looks like upcoming Microsoft SharePoint 2013 don't even support single label domain (SLD):

SharePoint 2013 Preview does not support single label domain (SLD) names or single label forests, in either the domain of the SharePoint service accounts or the SharePoint end user's domain. (technet)

As i read, as of Windows Server 2008 R2 its not possible to create single label domains (KB: Information about configuring Active Directory domains by using single-label DNS names)

Looks like domain rename will be a task if we ever decide to upgrade SharePoint and the mentioned KB article provides two options:

Transitioning from a single-label DNS domain name to a fully qualified DNS name is non-trivial and consists of two options. Either migrate users, computers, groups, and other states to a new forest. Or, perform a domain rename of the existing domain. Some server-based applications are incompatible with the domain rename feature that is supported in Windows Server 2003 and newer domain controllers. These incompatibilities either block the domain rename feature or make the use of the domain rename feature more difficult when you try to rename a single-label DNS name to a fully qualified domain name.

Janis Veinbergs
  • 1,585
  • 4
  • 23
  • 34

2 Answers2

1

If you're running a recent version of AD, you can just rename the domain. If you're actually running NT 4.0, as suggested by your repeated use of the term PDC, there will be a lot more to do.

I think you need to specify some server OS and AD details, like the version, particularly. Also helpful - why do you want to rename the domain? Is the Sharepoint server in the same domain as the current DC?

mfinni
  • 36,144
  • 4
  • 53
  • 86
  • Windows Server 2003, AD functional level: Windows Server 2003. SharePoint is on he same PC as AD. Why do i want to rename the domain? Because now its easy when almost nothing is built upon the domain infrastructure (no computers connected to domain) rather than later. I want a domain with a valid TLD if we ever need to establish trust relationships with someone say after 5 years. – Janis Veinbergs May 25 '11 at 05:39
  • 1
    OK, I question your need for this. You don't need a domain with a valid TLD to establish a trust with another AD : things like that are typically done over VPN tunnels anyway, not over the public internet. And they're not typically done anyway, IME. Unless you're bought out by someone else, or buy someone else, and need a trust until you can complete a migration to a single domain. – mfinni May 25 '11 at 12:07
  • Umm, sorry, not about trusts, but about being MS recommendation "[It is best to use DNS names that are registered with an Internet authority in the Active Directory namespace... Using single label names or unregistered suffixes, such as .local, is not recommended.](http://technet.microsoft.com/en-us/library/cc738121%28WS.10%29.aspx)". Currently its a single label and i thought before i build something upon the infrastructure, i should do this step first. – Janis Veinbergs May 25 '11 at 13:41
  • 1
    There's more than one school of thought about this. If you own example.com, you can make ad.domain.com and of course no one else can use it. You definitely shouldn't make your AD domain be amazon.com, but if its a subdomain of a domain that you own, you're good. External resolution of DNS into your AD may or may not be desired, and as I said, isn't required for making trusts. You only need the other party to be able to resolve your domain. The .local thing actually was recommended, or at least not deprecated, with Win2k, and it doesn't really break things. – mfinni May 25 '11 at 14:26
  • I chose not to rename the domain at all. Thanks for suggestions. – Janis Veinbergs Jul 04 '11 at 10:48
  • Looks like that soon there will be a strong need to rename single label domains. SharePoint 2013 doesn't support them. See my edited question. – Janis Veinbergs Sep 20 '12 at 10:28
1

Microsoft offers a tool specifically for renames, rendom. That would be a good stand-in for the in-place upgrade in your thought #1. For #2, if you'd like to do a side-by-side migration, look at the migration tool to bring over the users.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • ADMT won't work at the moment, because we are running W2003 Small Business and you can't establish trust relationships. I [suspect](http://serverfault.com/questions/179864/interforest-migration) ADMT requires trust relation setup to sucessfully do the migration. But i`ll try rendom tool. Thanks – Janis Veinbergs May 25 '11 at 05:42
  • 1
    Aww, it looks like i [can't do it on W2003 SBS](http://technet.microsoft.com/en-us/library/cc816848(v=ws.10).aspx): "You can rename domains only in a forest where all of the domain controllers are running Windows Server 2008/2003 Standard Edition, Enterprise or Datacenter Edition operating systems". So i guess only way out is i must export/import users and then they must change passwords? – Janis Veinbergs May 25 '11 at 10:26