Hi all, I have one Windows domain restructure issue for consulting and thanks a lot for your inputing in advance.

The case is like as below:

We have one windows domain named "corp.abcd.com" which having one child domain "china.corp.abcd.com".  There are only two DCs in parent domain "corp.abcd.com" while all other running servers, computers, exchange 2010 server are all under child-domain "china.corp.abcd.com". We also have some public domains which having "abc.com" suffix like "www.abc.com" for web server, "exchange.abc.com" for mail server web access, "sts.abc.com" which ever used for ADFS server for Microsoft Office365 platform authentication but now being removed(user using Microsoft office365 authentication directly). These DNS records are maintained via internet DNS supplier like GoDaddy. We have more than 10 offices which located in different cities and having internal-VPN connection each other.

What we want to have is to have a new domain named "abc.com" without child domain more, each office will be as one OU in the domain.  And in coming future, we will install one new server for each office so I am thinking the way how to get new domain structure without impacting existing users, computers, DCs, mail servers and other application servers which running with domain credential.

The possible ways could be:

1) Create new domain "abc.com" on new servers, create domain trust with existing domain "corp.abcd.com" and "china.corp.abcd.com" respectively, migrate the AD object to new domain office by office. 

2) Rename existing domain to "abc.com" directly.

I just started to try method 1 and stopped at beginning stage of "domain trust" creation.  I got both DNS issue and suffix conflict issue when creating domain trust.  As mentioned, we have some public domains using with "abc.com" suffix, so on DNS servers of "china.corp.abcd.com" domain, there are several DNS zone with "abc.com" suffix like "exchange.abc.com", "sts.abc.com", which caused suffix conflict issue.  In the other side, domain trust creation process pop-up another error of "no log on servers"---I guess it's DNS resolution issue so added DNS server of "abc.com" domain to  forwarder list of DNS server of "corp.abcd.com" domain and "china.corp.abcd.com" respectively.  However, the change soon caused the user failed to access our public domain like "www.abc.com".  The reason should be client computer's DNS resolution request being forwarded to new DC of domain "abc.com" but it actually doesn't have the records of these public domains. I guess I can add the Host record for each public domain on new DC of "abc.com" domain. Not try it yet.

For method 2, I just started to check related docs on Microsoft Tech site but no full picture yet.

Is there anyone can help point out the correct way and steps I should to take?  Thanks a lot!

Regards,

Thomas

More comments.

Current domain's DNS records is in mess and I do prefer to create one new domain then migrate those useful AD objects(users, computers) to new domain and get ride of many out-of-dated objects.

It looks domain name is also not supported by Exchange 2010 as well.  So only method 1 available?

Thomas

• Edited by Thomas-Zhang Tuesday, January 21, 2014 3:27 PM

Hi,

I think you are right.

http://msmvps.com/blogs/acefekay/archive/2009/08/19/domain-rename-with-or-without-exchange.aspx

Regards.