RE: AD DNS Zone name change...
- From: v-kzhao@xxxxxxxxxxxxxxxxxxxx ("Ken Zhao [MSFT]")
- Date: Tue, 09 Oct 2007 09:30:59 GMT
ok.
Thanks & Regards,
Ken Zhao
Microsoft Online Support
Microsoft Global Technical Support Center
Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: AD DNS Zone name change...
| thread-index: AcgKE1miO8/oVqB3R56GN8HxSFyRGA==
| X-WBNR-Posting-Host: 207.46.192.207
| From: =?Utf-8?B?SkFC?= <JAB@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <E944A2BD-A9C4-4949-8175-23E5BCD47700@xxxxxxxxxxxxx>
<6S80tBMBIHA.240@xxxxxxxxxxxxxxxxxxxxxx>
<r1dPNrlBIHA.360@xxxxxxxxxxxxxxxxxxxxxx>
<5227A3C7-EFDB-40BF-B5EE-159C329528B1@xxxxxxxxxxxxx>
<wpyWzqvBIHA.6080@xxxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: AD DNS Zone name change...
| Date: Mon, 8 Oct 2007 18:26:00 -0700
| Lines: 308
| Message-ID: <FFD526D4-2661-47D8-BD06-CC289E25962D@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2929
| Newsgroups: microsoft.public.windows.server.migration
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.migration:2285
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.migration
|
| Ken:
|
| That was thoughts about it as well. Thanks for the input.
|
| Jeff
|
| ""Ken Zhao [MSFT]"" wrote:
|
| > Hi Jeff,
| >
| > Based on my knowledge, if you change AD DNS zone name, all certificates
| > will have to be recreated and distributed. Actually, changing DNS zone
is a
| > large work for Active Directory. It is hard to foresee what happens
after
| > this change. Therefore, for stable migration process consideration, we
do
| > not recommend change AD DNS zone name.
| >
| > Thanks & Regards,
| >
| > Ken Zhao
| >
| > Microsoft Online Support
| > Microsoft Global Technical Support Center
| >
| > Get Secure! - www.microsoft.com/security
<http://www.microsoft.com/security>
| > ====================================================
| > When responding to posts, please "Reply to Group" via your newsreader
so
| > that others may learn and benefit from your issue.
| > ====================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| >
| >
| >
| >
| > --------------------
| > | Thread-Topic: AD DNS Zone name change...
| > | thread-index: AcgGuKGufXkfTGlNS3O/4a/J5QTcbQ==
| > | X-WBNR-Posting-Host: 207.46.19.197
| > | From: =?Utf-8?B?SkFC?= <JAB@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | References: <E944A2BD-A9C4-4949-8175-23E5BCD47700@xxxxxxxxxxxxx>
| > <6S80tBMBIHA.240@xxxxxxxxxxxxxxxxxxxxxx>
| > <r1dPNrlBIHA.360@xxxxxxxxxxxxxxxxxxxxxx>
| > | Subject: RE: AD DNS Zone name change...
| > | Date: Thu, 4 Oct 2007 11:59:03 -0700
| > | Lines: 281
| > | Message-ID: <5227A3C7-EFDB-40BF-B5EE-159C329528B1@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2929
| > | Newsgroups: microsoft.public.windows.server.migration
| > | Path: TK2MSFTNGHUB02.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl
| > microsoft.public.windows.server.migration:2267
| > | NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| > | X-Tomcat-NG: microsoft.public.windows.server.migration
| > |
| > | Hi Ken:
| > |
| > | Thank you very much for the detailed steps, looks like a lot work
that
| > might
| > | get me into real trouble. The thing I am most worried about is the
| > Exchange
| > | configuration after the change as well as the Certificate services I
| > already
| > | have in place for Exchange RPC over HTTPS. (Exchange is on a non-DC
| > server
| > | by the way).
| > |
| > | I am now contemplating if I really want to do this or not because the
| > only
| > | thing driving it is the look (and any issues that might result from
not
| > | having anything after the . in our zone).
| > |
| > | Do you see any issues the DNS remaining companyA. (instead of
| > companyA.loc)?
| > |
| > | If not, then I don't think I will risk changing anything just so it
looks
| > | nicer. Your comments please...
| > |
| > | Thanks!
| > | Jeff
| > |
| > | ""Ken Zhao [MSFT]"" wrote:
| > |
| > | > Hi Jeff,
| > | >
| > | > I am just writing to see how everything is going. If you have any
| > updates
| > | > or need any further assistance on this issue, please feel free to
let
| > me
| > | > know.
| > | >
| > | > Thanks & Regards,
| > | >
| > | > Ken Zhao
| > | >
| > | > Microsoft Online Support
| > | > Microsoft Global Technical Support Center
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > <http://www.microsoft.com/security>
| > | > ====================================================
| > | > When responding to posts, please "Reply to Group" via your
newsreader
| > so
| > | > that others may learn and benefit from your issue.
| > | > ====================================================
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > | >
| > | >
| > | >
| > | >
| > | >
| > | > --------------------
| > | > | X-Tomcat-ID: 80533843
| > | > | References: <E944A2BD-A9C4-4949-8175-23E5BCD47700@xxxxxxxxxxxxx>
| > | > | MIME-Version: 1.0
| > | > | Content-Type: text/plain
| > | > | Content-Transfer-Encoding: 7bit
| > | > | From: v-kzhao@xxxxxxxxxxxxxxxxxxxx ("Ken Zhao [MSFT]")
| > | > | Organization: Microsoft
| > | > | Date: Tue, 02 Oct 2007 06:49:33 GMT
| > | > | Subject: RE: AD DNS Zone name change...
| > | > | X-Tomcat-NG: microsoft.public.windows.server.migration
| > | > | Message-ID: <6S80tBMBIHA.240@xxxxxxxxxxxxxxxxxxxxxx>
| > | > | Newsgroups: microsoft.public.windows.server.migration
| > | > | Lines: 196
| > | > | Path: TK2MSFTNGHUB02.phx.gbl
| > | > | Xref: TK2MSFTNGHUB02.phx.gbl
| > | > microsoft.public.windows.server.migration:2246
| > | > | NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
| > | > |
| > | > | Hello Jeff,
| > | > |
| > | > | Thank you for using newsgroup!
| > | > |
| > | > | I agree with Kevin that renaming a DC with Exchange installed is
not
| > | > | supported.
| > | > |
| > | > | From your post, here is the link to download domain rename tool
and
| > step
| > | > by
| > | > | step process to do that.
| > | > |
http://www.microsoft.com/technet/downloads/winsrvr/domainrename.mspx
| > | > |
| > | > | Here are the general domain rename steps for your reference:
| > | > | 1. Back up all Domain Controllers:
| > | > | Perform a full system state backup of all domain controllers in
the
| > | > forest.
| > | > | 2. Set up a Control Station:
| > | > | Set up a single computer as the administrative control station
for
| > the
| > | > | entire domain rename operation. . All the steps in the procedures
| > | > described
| > | > | in this section are performed and controlled from this computer.
You
| > will
| > | > | copy all the required tools to perform the domain rename
operation to
| > a
| > | > | directory on the local disk of the control station and execute
them
| > from
| > | > | there. Although the domain rename operation involves contacting
each
| > | > domain
| > | > | controller in the forest, the domain controllers are contacted
| > remotely
| > | > by
| > | > | the domain rename tools from the control station.
| > | > |
| > | > | Prerequisites:
| > | > | * Computer: Use a computer that is a member of a domain in the
forest
| > in
| > | > | which domain rename is to be performed to serve as the control
| > station.
| > | > | * Operating system: The computer must be a member computer (not a
| > domain
| > | > | controller) running Windows Server 2003 Standard Edition, Windows
| > Server
| > | > | 2003 Enterprise Edition, or Windows Server 2003 Datacenter
Edition.
| > | > | * Operating system CD: You will need the Windows Server 2003
Standard
| > | > | Edition, Windows Server 2003 Enterprise Edition, or Windows
Server
| > 2003
| > | > | Datacenter Edition operating system CD.
| > | > | Important: Do not use a domain controller to act as the control
| > station
| > | > for
| > | > | this domain rename operation.
| > | > |
| > | > | 3. Copy the necessary files to the Control Station:
| > | > | copy M:\valueadd\msft\mgmt\domren\*.* C:\domren * where M: is the
| > CDROM
| > | > | drive. In particular, verify that the two tools rendom.exe and
| > | > gpfixup.exe
| > | > | have been copied into the working directory C:\domren on the
control
| > | > | station.
| > | > |
| > | > | 4. Install the Support Tools on the Control Station.
| > | > |
| > | > | 5. Generate the current Forest Description file:
| > | > | At the command prompt on the Control Station, type the following
| > command
| > | > | and press ENTER:
| > | > | c:\domren\rendom /list
| > | > |
| > | > | 6. Save a copy of the current forest description file
| > (domainlist.xml)
| > | > | generated in step 5 as domainlist-save.xml for future reference
by
| > using
| > | > | the following copy command: copy domainlist.xml
domainlist-save.xml
| > | > |
| > | > | 7. Using Notepad.exe, edit the Forest Description file,
| > domainlist.xml,
| > | > | replacing the current DNS and/or NetBIOS names of the domains and
| > | > | application directory partitions to be renamed with the planned
new
| > DNS
| > | > | and/or NetBIOS names.
| > | > |
| > | > | 8. Review the new Forest Description in domainlist.xml:
| > | > | At the command prompt on the Control Station, type the following
| > command
| > | > | and press ENTER:
| > | > | c:\domren\rendom /showforest
| > | > |
| > | > | 9. Generate the domain rename instructions and upload them to the
| > domain
| > | > | naming master.
| > | > | At the command prompt on the Control Station, type the following
| > command
| > | > | and press ENTER:
| > | > | c:\domren\rendom /upload
| > | > |
| > | > | 10. Verify that the domain rename tool created the state file
| > dclist.xml
| > | > in
| > | > | the directory c:\domren and that the state file contains an entry
for
| > | > every
| > | > | domain controller in your forest.
| > | > |
| > | > | 11. Discover the DNS host name of the domain naming master:
| > | > | At the command prompt on the Control Station, type the following
| > command
| > | > | and press ENTER:
| > | > | c:\domren\dsquery server -hasfsmo name
| > | > |
| > | > | 12. Force synchronization of changes made to the Domain Naming
| > Master: At
| > | > | the command prompt on the Control Station, type the following and
| > then
| > | > | press ENTER:
| > | > | repadmin /syncall /d /e /P /q DomainNamingMaster
| > | > | (where DomainNamingMaster is the DNS host name of the domain
| > controller
| > | > | that is the current domain naming master for the forest)
| > | > |
| > | > | 13. Check for presence of required DNS resource records:
| > | > | * There must be one CNAME record associated with every domain
| > controller
| > | > in
| > | > | all authoritative DNS servers.
| > | > | * There must be one SRV record pertaining to the PDC on all
| > authoritative
| > | > | DNS servers.
| > | > | * There must be at least one record pertaining to at least one
global
| > | > | catalog (GC) server on all authoritative DNS servers.
| > | > | * There must be at least one record pertaining to at least one DC
on
| > all
| > | > | authoritative DNS servers.
| > | > |
| > | > | 14. Verify the readiness of domain controllers in the forest:
| > | > | At the command prompt on the Control Station, type the following
| > command
| > | > | and press ENTER:
| > | > | c:\domren\rendom /prepare
| > | > |
| > | > | 15. Execute the domain rename instructions on all domain
controllers:
| > At
| > | > | the command prompt on the Control Station, type the following
command
| > and
| > | > | press ENTER:
| > | > | c:\domren\rendom /execute
| > | > |
| > | > | 16. When the command has finished execution, examine the state
file
| > | > | dclist.xml to determine whether all domain controllers have
reached
| > | > either
| > | > | the Done state or the Error state.
| > | > |
| > | > | 17. Ensure that all services on the control station learn the new
| > domain
| > | > | name: Reboot the control station twice to ensure that all
services
| > learn
| > | > of
| > | > | the new domain name.
| > | > |
| > | > | 18. Unfreeze the forest configuration
| > | > | At the command prompt on the Control Station, type the following
| > command
| > | > | and press ENTER:
| > | > | c:\domren\rendom /end
| > | > |
| > | > | 19. Reboot all of the workstations twice.
| > | > | * Please refer to the following document for other steps that may
be
| > | > | necessary:
| > | > |
| > | >
|
.
- References:
- AD DNS Zone name change...
- From: JAB
- RE: AD DNS Zone name change...
- From: "Ken Zhao [MSFT]"
- RE: AD DNS Zone name change...
- From: "Ken Zhao [MSFT]"
- RE: AD DNS Zone name change...
- From: JAB
- RE: AD DNS Zone name change...
- From: "Ken Zhao [MSFT]"
- RE: AD DNS Zone name change...
- From: JAB
- AD DNS Zone name change...
- Prev by Date: Re: User Migration issue
- Next by Date: migrate from Windows 2003 standard Edition to Windows 2003 entreprise
- Previous by thread: RE: AD DNS Zone name change...
- Next by thread: RE: MSDSS problem
- Index(es):
Relevant Pages
|
Loading
