1

I'm trying to fix an existing AD infrastructure that was implemented using the external domain name as root domain name in the Active Directory. So it's running on "contoso.com".

I want to put the DCs inside the local network in the private DNS zone named lan.contoso.com but there are two Exchange Servers in the external zone and I'm not sure how to move the DC's and rename the root domain without affecting the Exchange Servers. All AD's are running on Windows 2012 (non R2) Server with 2012 functional server.

I know that RENDOM isn't an option anymore and it's a production environment, I just want to fix mistakes done in the past.

Thanks in advance,

Vinícius Ferrão
  • 5,520
  • 11
  • 55
  • 95

1 Answers1

6

If you can't use rendom.exe because you have an Exchange organization in your environment, you have to create a new Active Directory domain and use a tool like ADMT to migrate users, groups, and computers into the new domain. Some applications do not support migration in this manner - Exchange is one of them. You will have to configure an Exchange organization in the new environment and do a cross-forest mailbox move.

This is not for the feint of heart or the inexperienced.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
  • I used the wrong term, sorry. I've fixed the question. I want to put all the DC's on the internal network. – Vinícius Ferrão Apr 21 '14 at 01:52
  • That detail doesn't change my answer. – MDMarra Apr 21 '14 at 01:53
  • Thanks @MDMarra. Can I setup another Exchange Organization without stopping the Exchange service? Both organizations will be authoritative for contoso.com while I move the mailboxes? I've done this is the past but was an legacy sendmail+dovecot server to Exchange. – Vinícius Ferrão Apr 21 '14 at 02:00
  • You set up the new Exchange org on new servers, so you don't have to stop the Exchange services on the old servers. And yes, you can configure mailflow for a single email domain across both Exchange orgs during the migration. – MDMarra Apr 21 '14 at 02:07
  • One more thing: perhaps I should wait for the next version of ADMT. Since version 3.2 does not appear to support 2012 Server. – Vinícius Ferrão Apr 21 '14 at 02:26
  • Or you can lower the functional level to 2008 R2 and stand up a temporary 2008 R2 DC to facilitate the migration. Or you can use a third party tool from a vendor like BinaryTree or Quest. – MDMarra Apr 21 '14 at 13:03
  • sorry to bother you again, but should the new AD in the new zone join the existing domain as a subzone of the existing domain, or it should live completely splitted? – Vinícius Ferrão Apr 26 '14 at 05:49
  • Not sure what you are asking. – MDMarra Apr 26 '14 at 11:11
  • When installing the new DC it should be a new child domain in the existing forest? Or it should be created as a new forest? – Vinícius Ferrão Apr 26 '14 at 15:08
  • That depends entirely on what you want to do and should really be it's own question. If you want to get rid of the current domain it doesn't make sense to make a new domain a child to it... – MDMarra Apr 26 '14 at 15:10
  • Yep! Thank you. I just want to be sure and listen to your opinion :) – Vinícius Ferrão Apr 26 '14 at 15:39