Options for fixing non-FQDN "single-label" Domain

[topkat2000]

Hello all. I just recently inherited control of a 2000 Domain with
700+ users that was apparently not designed very well. I have tracked
the root of most of my problems down to the fact that it has a
non-FQDN or "single-label" domain name ("company", NOT
"company.local" or "company.com"). I have been reading up on the
options for correcting such a scenario, but it’s hard to tell which
option is best. All I’m really concerned about is retaining my AD
data (users, accounts, profiles, etc.). And of course not having to
reinstall all my server apps would be nice too.

Is upgrading to server 2003 and using the "rename" option my best
bet? Is it safe? Would it be smart for me to bring up a peer DC to
"backup" my domain before beginning such a process? (We only have
one DC currently.) What other options do I have (if any) to get all
my AD data into a correctly named domain?

Thanks very much in advance,

Josh-

 

[Deji Akomolafe]

You didn't mention which documents you've been reading. I believe that the
archive on this NG has lots of information on correcting (or living with) a
single-labeled domain.

something like http://support.microsoft.com/kb/300684 may be helpful.

Upgrading to W2K3 and doing a rename is not really all that easy. It is
easier now, but easier is not the same as easy. Given the option between
migrating to a new domain and doing a rename, I'd vote for migration. You
could use something like ADMT to an entirely new domain where the name is as
you want it to be. ADMT will let you "retain" you
users/accounts/profiles/etc.

Now, the fact that you have only one DC should be of more concern to you
right now. Why, because if you lose that DC, you are in a HUGE pile of
unspeakables.

--

Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Hello all. I just recently inherited control of a 2000
Domain with
700+ users that was apparently not designed very well. I
have tracked
the root of most of my problems down to the fact that it
has a
non-FQDN or "single-label" domain name ("company", NOT
"company.local" or "company.com"). I have been reading
up on the
options for correcting such a scenario, but it's hard to
tell which
option is best. All I'm really concerned about is
retaining my AD
data (users, accounts, profiles, etc.). And of course
not having to
reinstall all my server apps would be nice too.

Is upgrading to server 2003 and using the "rename" option
my best
bet? Is it safe? Would it be smart for me to bring up a
peer DC to
"backup" my domain before beginning such a process? (We
only have
one DC currently.) What other options do I have (if
any) to get all
my AD data into a correctly named domain?

I agree with Deji, a single-label domain is bad, a single-label domain with
only one DC and 700+ users is a huge gamble.

Build a new domain on another machine, use ADMT to migrate all the accounts
and SIDs to the new domain, demote the single-label DC then re-promote it to
the new domain.
This way user accounts, profiles, your applications are all migrated to the
new domain. The only thing the users will notice different is the NetBIOS
domain name. The new domain will need to have a different NetBIOS name so
you can create the trust before using ADMT.

 

[Ace Fekay [MVP]]

You didn't mention which documents you've been reading. I believe
that the archive on this NG has lots of information on correcting (or
living with) a single-labeled domain.

something like http://support.microsoft.com/kb/300684 may be helpful.

Upgrading to W2K3 and doing a rename is not really all that easy. It
is easier now, but easier is not the same as easy. Given the option
between migrating to a new domain and doing a rename, I'd vote for
migration. You could use something like ADMT to an entirely new
domain where the name is as you want it to be. ADMT will let you
"retain" you users/accounts/profiles/etc.

Now, the fact that you have only one DC should be of more concern to
you right now. Why, because if you lose that DC, you are in a HUGE
pile of unspeakables.

Maybe, just maybe, if topkat's domain is still in mixed mode, he can opt to
put an NT4 BDC into the domain, demote the W2k DCs, promote the NT4 to a PDC
and upgrade that to W2k or W2k3 but this time correctly naming the domain.
THis will alleviate his losing his users and other objects.

But of course, if Exchange 2000 is involved here, we've got a problem. Even
though it's the same domain name, Exchange still uses Kerberos for
authentication, and that will be gone when the current DCs are dumped. When
creating a new AD domain (even if the same domain and user accounts), the
domain certificate created will be different and I *believe* Exchange will
dump on that. I think a reinstall of Exchange but not before using Exmerge
to pull out all the mailboxes, will work, and then pulling the mailboxes
back in. The Exchange server name will still be the same, so profiles will
not need to be changed.

But all of this is based on if the domain is still in MIXED MODE.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Paramount: What's up with taking Enterprise off the air??
Infitinite Diversities in Infinte Combinations.
=================================