My experience with Exchange Server after domain rename

My new e-book: Internet Information Services 8.5

https://itunes.apple.com/us/book/internet-information-services/id1096485476?mt=11

 

 

Domain and server name changes have always been problematic for Exchange Server. But, in the age of mergers and acqusitions, renaming a domain or server may sometimes be unavoidable.

Microsoft had a handy tool called domain rename fixup tool in the past (for Exchange 2003). But Microsoft didn’t release a similar tool for Exchange 2007 and Exchange 2010. Microsoft says that it does not support such a domain rename operation for Exchange Server 2007 and 2010; So, you are on your own if the domain name is to changed.

First, let’s remember Exchange Server’s dependencies.

Exchange Server installation is dependent on multi properties: First one is the SID of the domain. It cannot be changed. It means that, if you remove a domain, and reinstall a domain with the former name again, the existing Exchange Server cannot accept the new SID of the domain and services do not start. But if you preserve the SID of the domain then it is OK. Renaming a domain (or any other object) does not alter the SID of the domain (or any other object). Microsoft’s domain rename fixup tool handles some minor problems regarding to the new name.

Second, Exchange Server is dependent on the server’s name. And, you cannot overcome it. If you change the name of the Exchange Server machine, Exchange services will stop.

But, Exchange Server is not dependent on the server’s SID. It means that, you can install a new machine with former name of the server, and restore the databases on that computer, and everything will be fine.

In may case, a domain, lets’s call a.com, wil be renamed to be b.com. And we are required not to interrupt the mail services.

I setup a lab environment and tried to see what happens when you change the domain name. To my surprise, Exchange Server 2010 continued its normal operation after domain rename! To eliminate chance factors, i prepared two other environments and they all resulted in the same situation: Exchange Server works after the domain rename. It was just a bonus for me!

After seeing that, I prepared the environment to the domain rename. I did the following:

1) Reduced the number of Active Directory sites and decreased the replication interval to minimum 15 minutes value, so, the DCs in different sites would get the change as soon as possible.

2) I backed up system state data on DCs and Exchange Server. And I also backup up Exchange Server databases.

3) I isolated a DC so it will retain the domain’s former name. Be carefull to have DNS server role and Global Catalog role on this server.

4) I deleted the info about this DC in “Active Directory Users and Computers” and “Active Directory Sites and Services” consoles, to prevent its replication with the other DCs.

5) I created a new zone reflecting the domain name on the DNS server.

6) I unchecked the “Change primary DNS suffix when domain membership changes” box on the existing Exchange Server so that, after the domain rename, it will retain its former computer name while it becomes a member of the new domain name. This step is mandatory; Exchange Server services would stop if the server’s name changes.

After the above preparation, I changed the name of the domain, using rendom tool. This tool has six steps (list, upload, prepare, execute, end,clean) and before the sixth step you must issue gpofixup command to assign the existing GPOs to the new name. If you have more than one DC, you must wait for the replication of each of operations.

After restarting the DCs, I checked if they all have gotten the the new name.

You must re-authorize the DHCP servers; it is a bad by-product but it is necessary. It is because when the DHCP services started they switched to the unauthorized state and rejected to distribute IP addresses to the clients.

On the DNS server, I setup a conditional forwarding for the former domain name. I pointed to the isolated DC. If and Exchange Server (or any other machine) would query the former name, they could be resolved by the isolated DC.

Existing Exchange Server is now a member of the new domain (exactly, only the name changed) and it is fully functional. But we must get rid off this server as soon as possible because its name does not reflect the new name.

So, I installed a new machine and joined it to the domain. The name of the server reflects the new domain.

I installed Exchange Server 2010 on the new machine. After the installation, I started moving mailboxes from the former server to the new server. This procedure will take time depending on the numbers and sizes of the mailboxes.

I also replicated the public folders to the new machine.

As the last step, I moved some roles to the new server (OAB generation role and Send Connector source server role).

After the new server is ready, I uninstalled Exchange Server on the former machine. After uninstallation, I changed its name to reflect the new domain name. Now, I can install Exchange Server on it again and prepare a Database Availability Group if I’m asked.

Hope you get useful information from my experience.

Murat Yildirimoglu

MCSE, MCT

Istanbul, Turkey

My e-book on classic command prompt:
https://books.google.co.uk/books/about/Windows_Command_Prompt.html?id=VpiSDQAAQBAJ&redir_esc=y

You can read following articles also:

https://muratyildirimoglu.wordpress.com/2017/12/12/resetting-local-administrator-passwords/

https://muratyildirimoglu.wordpress.com/2018/10/11/how-many-users-can-be-created-in-windows/

https://muratyildirimoglu.wordpress.com/2014/03/05/how-to-determine-which-user-added-a-computer-to-the-domain/

Reklamlar

7 Yanıt to “My experience with Exchange Server after domain rename”

  1. Alf Sedeniussen Says:

    Hi. Did you get any downtime on Exchange or other domain services ? I am looking for ways to do this myself. Today our domain is using a .local suffix, which is a pain when requesting certificates from CAs. We don’t have a very complex domain structure, no sub-domains and just one site. We have 3 Exchange servers though and are hosting Exchange for a few hundred customers.

    • muratyildirimoglu Says:

      Alf, we didn’t have downtime, you can do it. But you have another option for the certificates issue: Assign another IP address to the Exchange Server. Then, create (or use) self-signed certificate and assign this certificate to the new IP. Assign the other certificate to the first IP. By doing so, your internal clients will connect to the second IP and see self-signed certificates witk “.local” name. The Internet clients will connect to the first one and see the real certificate with real name.

  2. Alf Sedeniussen Says:

    Hi, thanks for the fast response. I have done a workaround for Exchange, so that’s not really an issue. But we also have Lync in our environment, and it’s not as easy to fix. Some clients (mobile phones, Win 8 app) does not accept internal CAs for the certificate.

  3. How many users can be created in Windows? | Muratyildirimoglu's Blog Says:

    […] https://muratyildirimoglu.wordpress.com/2013/03/15/my-experience-with-exchange-server-after-domain-r… […]

  4. Resetting Local Administrator Passwords | Muratyildirimoglu's Blog Says:

    […] https://muratyildirimoglu.wordpress.com/2013/03/15/my-experience-with-exchange-server-after-domain-r… […]

  5. A new Powershell command structure is necessary | Muratyildirimoglu's Blog Says:

    […] https://muratyildirimoglu.wordpress.com/2013/03/15/my-experience-with-exchange-server-after-domain-r… […]

Bir Cevap Yazın

Aşağıya bilgilerinizi girin veya oturum açmak için bir simgeye tıklayın:

WordPress.com Logosu

WordPress.com hesabınızı kullanarak yorum yapıyorsunuz. Çıkış  Yap /  Değiştir )

Google fotoğrafı

Google hesabınızı kullanarak yorum yapıyorsunuz. Çıkış  Yap /  Değiştir )

Twitter resmi

Twitter hesabınızı kullanarak yorum yapıyorsunuz. Çıkış  Yap /  Değiştir )

Facebook fotoğrafı

Facebook hesabınızı kullanarak yorum yapıyorsunuz. Çıkış  Yap /  Değiştir )

Connecting to %s


%d blogcu bunu beğendi: