Hi Folks,
I've got a 1000 user environment and am planning to run "rendom" to rename the domain and would like to double-check my understanding of the best practices/planning steps moving forward.
I've got Windows Server 2012 R2 and Exchange 2013 with every/all CUs and patches/hotfixes applied.
I'm planning to, in the order of operations:
#1. Take a CSV dump of all of the User & Exchange mailboxes in Office 365/Exchange Online with full user and mailbox GUIDs for clear and concise "before" picture of the environment.
#2. Install Exchange 2019 (CU 12 as minimum CU to remove last exchange server) and follow all the standard BPs for Exchange 2013 to 2019 Migration in addition to the procedure for removing the last Exchange Server (making sure NOT to uninstall Exchange and only shut it down). All our mailboxes are in the cloud at this point and already prior to the overall maintenance window.
#3.Update AD Connect configuration to use Password Hash Sync instead of Pass-Thru Authentication so that when we uninstall AD Connect our Exchange Users will still be able to use Outlook on their phones while this step-by-step procedure is taking place as this work is planned for a weekend maintenance window.
#4. Follow the procedure for shutting down last Exchange server in the environment, documented here:
https://learn.microsoft.com/en-us/Exchange/manage-hybrid-exchange-recipients-with-management-tools
#5. Uninstall AD Connect (V2).
#6. Perform "rendom" to rename the domain from something.olddomain.com to something.newdomain.com.
FYI/Side Bar- newdomain.com is already verified however something.newdomain.com is not... we never added something.olddomain.com as long as olddomain.com was verified when we installed AD Connect, it automatically added something.olddomain.com to the verified list and presumably the same will happen here when we install AD Connect again in step #8, presumably something.newdomain.com will be verified automatically since newdomain.com is already a verified domain in our account.
#7. Test and make sure DNS resolution works and the domain rename has been completed successfully and that there are no issues on end points / computer accounts throughout the environment. We have a bunch of LDAP/Linux stuff as well, but I won't get into those details here as that's out of scope for this question.
#8. Install AD Connect (V2) and sync the OU's and set the same configuration as we had before, however using the new domain and go back to PTA (Pass-Thru Authentication).
Particular Questions, but please also LMK if there's anything I've missed asking:
A). Has anyone done this with success and does my plan as it stands sound correct?
B). Do I need to install a new Hybrid Exchange Environment in order for Mailbox attributes to be sync'd from AD or are they already sync'd as long as AD Connect is installed?.. At the point where I reinstall AD Connect in my step # 8 my Exchange 2019 CU12+ environment is already shut down... If a hybrid environment is needed I can move step # 4 (shutting down last Exchange server) to the final step after AD Connect is successfully installed, if a hybrid environment is needed for anything at this point. I would prefer to minimize complexity so prefer to do AD Sync without Hybrid Exchange if it's not needed anymore since all my mailboxes are in the cloud and the only thing I need is the exchange management tools to manage Mail related AD Attributes, especially from powershell commands/environment (using Exchange Management Shell).
C). Can this be done without Steps # 5 & 8 and instead just "Re-Enable" Pass-Thru Authentication as a final step? I'd be less nervous about unknown changes from uninstalling and reinstalling AD Connect if doing a domain rename is a supported procedure and folks have done and had success with going this route.
If you've made it this far bravo & thank you for taking the time out of your day to help gut-check my situation, that was certainly a mouthful of typing.
Best,
G
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 6%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 22%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKY%3C/text%3E%3C/svg%3E)