My experience with Exchange Server after
domain rename
My new e-book:
Internet Information Services 8.5
https://itunes.apple.com/us/book/internet-information-services/id1096485476?mt=11
Domain and server name changes have always been problematic for
Exchange Server. But, in the age of mergers and acqusitions, renaming a domain
or server may sometimes be unavoidable.
Microsoft had a handy
tool called domain rename fixup tool in the past (for Exchange 2003). But
Microsoft didn’t release a similar tool for Exchange 2007 and Exchange 2010.
Microsoft says that it does not support such a domain rename operation for
Exchange Server 2007 and 2010; So, you are on your own if the domain name is to
changed.
First, let’s remember
Exchange Server’s dependencies.
Exchange Server
installation is dependent on multi properties: First one is the SID of the
domain. It cannot be changed. It means that, if you remove a domain, and
reinstall a domain with the former name again, the existing Exchange Server
cannot accept the new SID of the domain and services do not start.
But if you preserve the SID of the domain then it is OK. Renaming a domain (or
any other object) does not alter the SID of the domain (or any other object).
Microsoft’s domain rename fixup tool handles some minor problems regarding to
the new name.
Second, Exchange
Server is dependent on the server’s name. And, you cannot overcome it. If you
change the name of the Exchange Server machine, Exchange services will stop.
But, Exchange Server
is not dependent on the server’s SID. It means that, you can install a new
machine with former name of the server, and restore the
databases on that computer, and everything will be fine.
In may case, a domain,
lets’s call a.com, wil be renamed to be b.com. And we are required not to
interrupt the mail services.
I setup a lab
environment and tried to see what happens when you change the domain name. To
my surprise, Exchange Server 2010 continued its normal operation after domain
rename! To eliminate chance factors, i prepared two other environments and they
all resulted in the same situation: Exchange Server works after the domain rename.
It was just a bonus for me!
After seeing that, I
prepared the environment to the domain rename. I did the following:
1) Reduced the number
of Active Directory sites and decreased the replication interval to minimum 15
minutes value, so, the DCs in different sites would get the change as soon as
possible.
2) I backed up system
state data on DCs and Exchange Server. And I also
backup up Exchange Server databases.
3) I isolated a DC so
it will retain the domain’s former name. Be carefull to have DNS server role and Global Catalog role on this server.
4) I deleted the info
about this DC in “Active Directory Users and Computers” and “Active Directory
Sites and Services” consoles, to prevent its replication with the other DCs.
5) I created a new
zone reflecting the domain name on the DNS server.
6) I unchecked the
“Change primary DNS suffix when domain membership changes” box on the existing
Exchange Server so that, after the domain rename, it will retain its former
computer name while it becomes a member of the new domain name. This step is
mandatory; Exchange Server services would stop if the server’s name changes.
After the above
preparation, I changed the name of the domain, using rendom tool. This tool has
six steps (list, upload, prepare, execute, end,clean)
and before the sixth step you must issue gpofixup command to assign the
existing GPOs to the new name. If you have more than one DC, you must wait for
the replication of each of operations.
After restarting the
DCs, I checked if they all have gotten the the new name.
You must re-authorize
the DHCP servers; it is a bad by-product but it is necessary. It is because
when the DHCP services started they switched to the unauthorized state and
rejected to distribute IP addresses to the clients.
On the DNS server, I setup a conditional forwarding for the former
domain name. I pointed to the isolated DC. If and Exchange Server (or any other
machine) would query the former name, they could be resolved by the isolated
DC.
Existing Exchange
Server is now a member of the new domain (exactly, only the name changed) and
it is fully functional. But we must get rid off this server
as soon as possible because its name does not reflect the new name.
So, I installed a new
machine and joined it to the domain. The name of the server
reflects the new domain.
I installed Exchange
Server 2010 on the new machine. After the installation, I started moving
mailboxes from the former server to the new server.
This procedure will take time depending on the numbers and sizes of the mailboxes.
I also replicated the
public folders to the new machine.
As the last step, I
moved some roles to the new server (OAB generation
role and Send Connector source server role).
After the new server is ready, I uninstalled Exchange Server on the former
machine. After uninstallation, I changed its name to reflect the new domain
name. Now, I can install Exchange Server on it again and prepare a Database
Availability Group if I’m asked.
Hope you get useful
information from my experience.
Murat Yildirimoglu
MCSE, MCT
Istanbul, Turkey