We had to find a way to ‘rename’ the AD domain name without reinstalling the OS, we don’t want to do a clean installation for obvious reasons. This looked complicated but in the end, I found that it is not so difficult. This procedure is tailored to a single Domain Controller situation as most smaller companies have. If you attempt to rename a domain in a larger forest with multiple domains and/or subdomains and/or trusts between forests I would think twice before starting this procedure but if you must start reading here How Domain Rename Works: Active Directory . You also need to be aware Exchange Server is not the only server application that heavily depends on AD domain naming. If you have other application that depends on Active Directory domains you must verify that those applications accept or allow domain name changes. The startup was named Adatum, Inc and because this name was sold they had to find another name and this was Contoso, Inc. There are a couple of things you need to know before you can proceed with this: If in your Active Directory there is an Exchange Server installed on a member server then the procedure is NOT for you. Exchange Server versions later than 2003 do not allow domain rename procedures. You need to disable any Office 365 or Azure integration before you start this procedure. All clients need to be ‘reconnected’ with the Connect software to make them visible in the Essentials Dashboard. It is probably a good idea to shut down all client computers before you start with this procedure. All clients require at least two reboots to become aware of the new domain name. You must create a DNS zone for the new domain name. You must uninstall the Essentials Experience and run Cleanup, Active Directory Certificate Services (Certification Authority) and (Certification Authority Web Enrollment) before you can start the rename procedure. 1. Prepare the Windows Server 2012 R2 Essentials (role) for an Active Directory rename operation Before we can start the procedure we need to remove the Essentials Experience role and as you will see in the next steps it required us to remove Active Directory Certificate Services before we can remove the Essentials Experience role. But before you do this you must be aware of the fact that removing Active Directory Certificate Services can have serious consequences if you have encrypted files on your server. In The Encrypting File System is described how Active Directory Certificate Services is involved in encrypting files. You can migrate and save settings for Active Directory Certificate Services but this is not part of this tutorial. Our domain is ‘adatum.local’ and because the company name Adatum, Inc was sold we choose a new name Contoso, Inc. We need to change the AD domain name. Click Manage and then Remove Roles and Features. Next Next Uncheck ‘Windows Server Essentials Experience’ . You must run the Windows Server Essentials Cleanup wizard first. Check to confirm and click Run Close Start Remove Roles and Features again and uncheck ‘Windows Server Essentials Experience’, click Next. Next Click Remove Click close and reboot the server Restart Choose a reason Once you are back and logged on again restart Remove Roles and Features again. Next This is a two stage procedure because you cannot uninstall ADCS with all options unchecked. You must first uninstall Certification Authority Web Enrollment. Uncheck that and click next. Next Remove Close And again start Remove Roles and Features. Next Uncheck Certification Authority Remove features With Certification Authority unchecked click Next Click Remove Click Close 2. Add the new DNS zone named after the new domain name The new domain name must be known in DNS so we need to create some DNS records for that. Here is how you do that. From Server Manager click Tools and then DNS. Right click Forward Lookup Zones and choose ‘New Zone’. Next Next Next The name of the new zone as the name for your AD domain name. Our new domain name will be contoso.local Next Finish There is the new zone. 3. Start the Active Directory domain rename procedure with the ‘rendom’ utility In the start of this tutorial I mentioned a Technet document How Domain Rename Works: Active Directory . If you have some time over please go there and read it. I found this really interesting and it helped me understand this procedure. In addition to this read Appendix A: Command-Line Syntax for the Rendom Tool to get more information on the command line options for ‘rendom.exe’. Start an elevated command prompt. Accept the UAC warning and click Yes. Type rendom /list rendom /list Type notepad domainlist.xml notepad domainlist.xml There are the old domain names. Press CTRL-H to open the replace Windows and type in the names of your old. Click Replace all to replace the old names with the new ones. Check the values and save the XML file. Type rendom /upload rendom /upload Type rendom /prepare rendom /prepare Type rendom /execute rendom /execute Directory Services are shutting down and the server will restart. I tried to login with the old domain but that did not work. Now I will try with the new domain ‘contoso.local’ and that will work. 4. Use netdom utility to rename the Active Directory Domain Controller There is one step we still need to do on the domain controller. If you look in System settings you will find that the server is still named ‘server01.adatum.local’ and that needs to be changed. Here is how we do that. Right click the Start menu and choose to start an elevated command prompt. Run netdom computername server01.adatum.local /add: server01.contoso.local netdom computername server01.adatum.local /add: server01.contoso.local Now run netdom computername server01.adatum.local /makeprimary: server01.contoso.local You need to reboot the server now. netdom computername server01.adatum.local /makeprimary: server01.contoso.local 5. Fix domain name dependencies in Group Policy Objects and Group Policy links With gpfixup tool we change the old references to the new domain. More information can be read here Gpfixup Open an elevated command prompt on the server and run: gpfixup /olddns:adatum.local /newdns:contoso.local gpfixup /olddns:adatum.local /newdns:contoso.local And another gpfixup command that needs to be run: gpfixup /oldnb:adatum /newnb:contoso gpfixup /oldnb:adatum /newnb:contoso Final step to end the domain rename procedure is to run rendom /end. This unlocks the Active Directory for any schema changes. Reboot the server TWICE and check the logs for any errors. rendom /end 7. Run DCDiag to check for possible issues in the Active Directory After a domain rename procedure it is always a good idea to run DCdiag and check the output. From the start menu start an elevated command prompt and type DCDIAG /test:DNS /DNSALL /e /v DCDIAG /test:DNS /DNSALL /e /v Now run DCDIAG /test:RegisterInDNS /DNSDomain:contoso.local DCDIAG /test:RegisterInDNS /DNSDomain:contoso.local 8. Reinstall the Essentials Experience role on the server When everything is OK and the tests we ran in the previous chapter completed OK we can proceed and 'reinstall' the Essentials Experience role. From Server Manager choose Add roles and features Next Next You see, there is our new domain name listed. Choose next Check ‘Windows Server Essentials Experience’. This will also install and configure Active Directory Certificate Services. Next Next Next Install Click ‘Configure Windows Server Essentials’. Configure It is done and click close. 9. Fix computer accounts on the Windows Server Essentials Dashboard The Essentials Dashboard shows us normally the list with computers in our network. It still does but it mentions that the status is 'Removed'. We will bring those computers back to the Dashboard by running the Connector software on each client computer. If you start the Dashboard the first time after you have reinstalled it you may find computer accounts that show ‘Removed’ but actually they are NOT removed. What you see is the left over Archived Computer Backups for that Computer account and we need to remove those archives before we can continue. If you find any archived backups remove them. Here is proof the Computer account is still there, no worries. To get the Computers listed again in the Dashboard we need to run http://servername/connect and because the computers are already joined to the domain (even with the renamed domain) this is really quick. As soon as the Connect software is ‘reinstalled’ on the client computers they will also show in the Devices tab in the Dashboard. After I ran the Connector software the desktop showed up again in the list with Devices on the Dashboard.