General discussion

Locked

move domain to newly named domain

By jbinner ·
We have a Windows 2000 Server, also running Exchange 2000, operating as our BDC for our network. Our domain name in the real world, our .com, does not belong to us in the "real world." Our active directory is also on the same box.

As a result of this, we are planning a renaming of the entire domain. Is there a "correct" way to do this, or can soeone point me in the right direction?

Thanks.

This conversation is currently closed to new comments.

16 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to move domain to newly name ...

Since you have Exchange installed in your Active Directory forest, you will be forced to rebuild your forest. You cannot simply rename the forest and domain and have Exchange function properly.

You should use the .local appendage in the DNS namespace to prevent this issue from occurring in the future.

And with Active Directroy 1.0 aka Windows 2000, there is no domain rename fuction. Additionally, is this is Windows Small Business Server 2000 or 2003, there is no domain rename capability.

Collapse -

by jbinner In reply to

It's a full-blown 2000 Advanced....not SBE.

Collapse -

by CG IT In reply to move domain to newly name ...

As Bfilm says, you cant "rename" your domain in windows 2000. Thats just the way it is. Domains are security boundries and as such, all the ACLs, SIDs, AD - GP, shares domain user accounts are unique to the domain. You can ADD a domain to the forest or add a child domain to the root [exception is SBS version but you cant rename the root domain in W2K AD environment.

Collapse -

by jbinner In reply to

what about as I stated, we are bringing a NEW PDC into the mix, setting it to the NEW Domain name we want. Can I then tell the Existing exchange server to JOIN the new domain....move the settings across somehow, and then demote it?

I'm fine at setting up a new domain from scratch, but moving one is new to me.

Thanks.

Collapse -

by sgt_shultz In reply to move domain to newly name ...

something isn't right. you have BDC and A/D? you should be able to just rename the domain if you have A/D. otherwise, you don't really have a BDC you have a computer sharing the A/D. see technet.microsoft.com for more information and tools

Collapse -

by jbinner In reply to
Collapse -

by razz2 In reply to move domain to newly name ...

The key here is that they are Windows Server 2000 and
Exchange Server 2000. Because of the 2000 version the
following holds true:

The AD domain CAN NOT be renamed.

The Exchange Server CANNOT be moved.

Ah, but there is a solution... YEAH!

http://support.microsoft.com/kb/812453

Good Luck,

razz

Collapse -

by jbinner In reply to

Getting closer, but, I am being told by my boss that this same machine holds the AD as well. Will I then lose ALL permissions as well?

I KNOW I must sound like an idiot, but, we didn't setup this domain, we're just trying to fix it and make it RIGHT this time.

Collapse -

by razz2 In reply to move domain to newly name ...

With 2003 you could rename the domain, but with 2000 you will
need to:

Install a new server OS on a new box.
Run DCpromo and configure the domain's AD.

This could be by recreating all the structure including groups
and users and OU's, or by copying objects from the old domain/
forest to the new. Some permissions will be lost and some won't.

http://support.microsoft.com/kb/238394


Copy this URL as the Mac browser is wrapping it:

http://support.microsoft.com/servicedesks/webcasts/seminar/
shared/asp/view.asp?url=/servicedesks/webcasts/en/
wc082301/manifest.xml

SID's are the issue:

"When you move an object to a new domain, the object keeps its
globally unique identifier number (GUID) but takes on a different
SID. The new SID associates the security attributes that are
applied after the move with the relocated object. However, in
most cases, the object will need to retain some of its previous
security attributes that were associated with the previous
domain.

To do so, the object makes use of a Windows 2000 attribute
called SID History. This attribute compiles a list of every SID
number that's ever been associated with the object. Therefore,
Windows 2000 still uses the GUID to identify the object, but
when creating the object's access token, it looks at all the
object's SIDs and applies the security information that's
associated with them. The drawback to this technique is that it
works only in Native Mode."

Source:
(again sorry about the wrapped URL but this site does not like a
Mac's LF. Just copy it all):

http://insight.zdnet.co.uk/hardware/servers/
0,39020445,2117889,00.htm


Good Luck,

razz

Collapse -

by jbinner In reply to

thank you for the help. I'd like to keep this open for any more ideas if that is ok with you?? If not, let me know, I will award points now. :)

Back to Networks Forum
16 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums