i have domain, washington.example.com on Windows Server 2012 R2. For intergations with office 365, my organization, decided to rename domain name from washington.example.com to example.com. My organization has several domain controllers, that are connecting in one global vpn.
I tried to make on virtual machines renaming of my domain. In domain controller, that has FSMO, I created zone "example.com", i made manual replication between domain controllers. Next, i made in domain controller, that has FSMO, i made rendom /list from Enterprise Admin, then i edited Domainlist.xml, where i changed name of domain. Next, i made several commands to implement my changes rendom /upload, rendom /prepare, rendom /execute. Last command made reboot of all domain controllers. Also i fixed GPO via gpfixup /olddns:washington.example.com.
/newdns:example.com
Finally i made rendom /clean and rendom /end. Also, i renamed name of computer via netdom computername vm-dc.washington.example.com /add:vm-dc.example.com and netdom computername washington.example.com /makeprimary:vm-dc.example.com. Of course netdom i did for each virtual machine with domain controller.
Everything works. Computers in isolate network after rebooting in new domain. But, i read from microsoft site, that this procedure can call some troubles, if you have Certificate authority. On my domain controller, that has FSMO, i have this Certificate authority. In console of Certificate authority i see new certificates for other domain controllers with normal names, for example in past srv-dc.washington.example.com and now i see new certificate srv-dc.example.com. But, when i am looking in details, i see that Issuer
CN = washington-VM-DC-CA
DC = washington
DC = example
DC = com
So, according to this topic, i have two questions. First, is it correctly to rename domain with working Certificate authority. And the second question, how to update this Certificate authority according to the new domain name ?
No comments:
Post a Comment