My experience with Exchange Server after domain rename

My new e-book: Internet Information Services 8.5

https://itunes.apple.com/us/book/internet-information-services/id1096485476?mt=11

 

 

Domain and server name changes have always been problematic for Exchange Server. But, in the age of mergers and acqusitions, renaming a domain or server may sometimes be unavoidable.

Microsoft had a handy tool called domain rename fixup tool in the past (for Exchange 2003). But Microsoft didn’t release a similar tool for Exchange 2007 and Exchange 2010. Microsoft says that it does not support such a domain rename operation for Exchange Server 2007 and 2010; So, you are on your own if the domain name is to changed.

First, let’s remember Exchange Server’s dependencies.

Exchange Server installation is dependent on multi properties: First one is the SID of the domain. It cannot be changed. It means that, if you remove a domain, and reinstall a domain with the former name again, the existing Exchange Server cannot accept the new SID of the domain and services do not start. But if you preserve the SID of the domain then it is OK. Renaming a domain (or any other object) does not alter the SID of the domain (or any other object). Microsoft’s domain rename fixup tool handles some minor problems regarding to the new name.

Second, Exchange Server is dependent on the server’s name. And, you cannot overcome it. If you change the name of the Exchange Server machine, Exchange services will stop.

But, Exchange Server is not dependent on the server’s SID. It means that, you can install a new machine with former name of the server, and restore the databases on that computer, and everything will be fine.

In may case, a domain, lets’s call a.com, wil be renamed to be b.com. And we are required not to interrupt the mail services.

I setup a lab environment and tried to see what happens when you change the domain name. To my surprise, Exchange Server 2010 continued its normal operation after domain rename! To eliminate chance factors, i prepared two other environments and they all resulted in the same situation: Exchange Server works after the domain rename. It was just a bonus for me!

After seeing that, I prepared the environment to the domain rename. I did the following:

1) Reduced the number of Active Directory sites and decreased the replication interval to minimum 15 minutes value, so, the DCs in different sites would get the change as soon as possible.

2) I backed up system state data on DCs and Exchange Server. And I also backup up Exchange Server databases.

3) I isolated a DC so it will retain the domain’s former name. Be carefull to have DNS server role and Global Catalog role on this server.

4) I deleted the info about this DC in “Active Directory Users and Computers” and “Active Directory Sites and Services” consoles, to prevent its replication with the other DCs.

5) I created a new zone reflecting the domain name on the DNS server.

6) I unchecked the “Change primary DNS suffix when domain membership changes” box on the existing Exchange Server so that, after the domain rename, it will retain its former computer name while it becomes a member of the new domain name. This step is mandatory; Exchange Server services would stop if the server’s name changes.

After the above preparation, I changed the name of the domain, using rendom tool. This tool has six steps (list, upload, prepare, execute, end,clean) and before the sixth step you must issue gpofixup command to assign the existing GPOs to the new name. If you have more than one DC, you must wait for the replication of each of operations.

After restarting the DCs, I checked if they all have gotten the the new name.

You must re-authorize the DHCP servers; it is a bad by-product but it is necessary. It is because when the DHCP services started they switched to the unauthorized state and rejected to distribute IP addresses to the clients.

On the DNS server, I setup a conditional forwarding for the former domain name. I pointed to the isolated DC. If and Exchange Server (or any other machine) would query the former name, they could be resolved by the isolated DC.

Existing Exchange Server is now a member of the new domain (exactly, only the name changed) and it is fully functional. But we must get rid off this server as soon as possible because its name does not reflect the new name.

So, I installed a new machine and joined it to the domain. The name of the server reflects the new domain.

I installed Exchange Server 2010 on the new machine. After the installation, I started moving mailboxes from the former server to the new server. This procedure will take time depending on the numbers and sizes of the mailboxes.

I also replicated the public folders to the new machine.

As the last step, I moved some roles to the new server (OAB generation role and Send Connector source server role).

After the new server is ready, I uninstalled Exchange Server on the former machine. After uninstallation, I changed its name to reflect the new domain name. Now, I can install Exchange Server on it again and prepare a Database Availability Group if I’m asked.

Hope you get useful information from my experience.

Murat Yildirimoglu

MCSE, MCT

Istanbul, Turkey