Networking

Rename Windows Server 2003 domain controllers

Rebuilding a Windows Server 2003 domain controller allows you to clean things up and start fresh with the server, whereas renaming the domain controller changes only the name in Active Directory. In some cases however, a simple name change will do nicely and a complete server rebuild is purely overkill. Derek Schauland explains how you can rename domain controllers in Windows Server 2003.

Windows Server 2003 has several advances over the Windows 2000 Server line. One of these features is the ability to rename a domain controller without demoting and rebuilding the entire server. Many IT pros still say that rebuilding is the best way to accomplish this goal and, in many cases, they are correct. Rebuilding a domain controller allows you to clean things up and start fresh with the server, whereas renaming the domain controller changes only the name in Active Directory. In some cases, a simple name change will suffice, and a complete server rebuild is overkill.

Suppose that your company acquires another company, and you must merge the infrastructure of the acquired company with your existing infrastructure. Your first step is to rename the domain controllers at the new company in order to give them better visibility to users and administrators at the parent company. Your goal is to rename the weekend widgets domain to fit your company's naming scheme. (Note: There are many steps involved in the process of merging existing infrastructures; however, the domain controller renaming step is our focus.)

To rename a domain controller, take the following steps:

1. Log on to the domain controller you want to rename.

2. Click the Start menu and right-click My Computer.

3. Select Properties from the Context menu.

4. Select the Computer Name tab and click the Change button. You will see a message telling you that you cannot move a domain controller without demoting it and that you are only changing the name of the domain controller in an existing domain. Click OK to continue.

5. Enter the new host name of the domain controller and click OK. A dialog box will ask you for appropriate credentials to complete the name change.

6. Enter the user name and password of a user who is a member of the Domain Admins group.

7. Acknowledge the warning that you will need to restart the computer.

8. Click OK to exit the Properties screens and restart the computer.

The name change will be complete once the computer restarts. It may take some time before users or other computers within Active Directory can find the new domain controller, as the changes propagate gradually throughout the Directory.

Miss a Windows Server 2003 tip?

Check out the Windows Server 2003 archive, and catch up on the most recent tips from this newsletter.

Stay on top of the latest Windows Server 2003 tips and tricks with our free Windows Server 2003 newsletter, delivered each Wednesday. Automatically sign up today!

About

Derek Schauland has been tinkering with Windows systems since 1997. He has supported Windows NT 4, worked phone support for an ISP, and is currently the IT Manager for a manufacturing company in Wisconsin.

19 comments
scotts
scotts

wow.... you know someones going to try this tip and then wonder why the objects didn't propagate

jtruebe
jtruebe

It seems to me the whole point of the article was to illustrate that in Server 2k3, you can simply rename a DC using the standard renaming method employed on workstations. Granted, the instructions may seem unnecessary, but the article would have been strangely awkward without them. That said, I'd probably use the old fashion method or the netdom instructions provided by MS.

larsamund
larsamund

To rename a domain controller 1. Open Command Prompt. 2. Type: netdomcomputernameCurrentComputerName/add:NewComputerName This command will update the service principal name (SPN) attributes in Active Directory for this computer account and register DNS resource records for the new computer name. The SPN value of the computer account must be replicated to all domain controllers for the domain and the DNS resource records for the new computer name must be distributed to all the authoritative DNS servers for the domain name. If the updates and registrations have not occurred prior to removing the old computer name, then some clients may be unable to locate this computer using the new or old name. 3. Ensure the computer account updates and DNS registrations are completed, then type: netdomcomputernameCurrentComputerName/makeprimary:NewComputerName 4. Restart the computer. 5. From the command prompt, type: netdomcomputernameNewComputerName/remove:OldComputerName Value Description CurrentComputerName The current, or primary, computer name or IP address of the computer you are renaming. NewComputerName The new name for the computer. The NewComputerName must be a fully qualified domain name (FQDN). The primary DNS suffix specified in the FQDN for NewComputerName must be the same as the primary DNS suffix of CurrentComputerName or it must be contained in the list of allowed DNS suffixes specified in the msDS-AllowedDNSSuffixes attribute of the domainDns object. OldComputerName The old name of renamed computer. Important ??? To rename a domain controller using the Netdom tool, the domain functional level must be set to Windows Server 2003. For more information, see Related Topics. ??? Renaming a domain controller requires that you first provide a FQDN as a new computer name for the domain controller. All of the computer accounts for the domain controller must contain the updated SPN attribute and all the authoritative DNS servers for the domain name must contain the host (A) resource record for the new computer name. Both the old and new computer names are maintained until you remove the old computer name. This ensures that there will be no interruption in the ability of clients to locate or authenticate to the renamed domain controller, except when the domain controller is restarted. Notes ??? To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as. ??? To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt. ??? This command-line method requires the Netdom Windows support tool. For information about installing Windows support tools, see Related Topics. ??? If the domain controller belongs to a group with a Group Policy enabled on its primary DNS suffix, the string specified in the Group Policy is used as the primary DNS suffix. The local setting is used only if the Group Policy is disabled or unspecified. ??? By default, the primary DNS suffix portion of a computer's FQDN is the same as the name of the Active Directory domain to which the computer is joined. To allow different primary DNS suffixes, a domain administrator can create a restricted list of allowed suffixes by creating the msDS-AllowedDNSSuffixes attribute in the domain object container. This attribute is managed by the domain administrator using Active Directory Service Interfaces (ADSI) or Lightweight Directory Access Protocol (LDAP). For more information about programming interfaces and directory access protocol, see Related Topics. ??? Domain controller locator (Locator) DNS resource records are registered by the domain controller after the renamed domain controller has been restarted. The records that are registered are available on the domain controller in the systemroot\System32\Config\Netlogon.dns file. ??? To enumerate the names with which the computer is currently configured, at a command prompt, type: netdomcomputernameComputerName/enumerate:{AlternateNames | PrimaryName | AllNames} ??? You can also specify a parameter that will use administrator credentials required to modify the computer account in Active Directory. If this parameter is not specified, Netdom uses the credentials of the user currently logged on. For more information, see the Netdom command-line help. ??? If you rename a domain controller through the System Properties dialog box instead of using the Netdom tool, DNS and Active Directory replication latency may delay the ability of clients to locate or authenticate to the renamed domain controller. The length of this latency depends on your network design and the replication topology of your organization. Top of page To rename a domain controller in a domain that contains a single domain controller 1. Install a Windows Server 2003 member server in the domain. 2. On the new server, create an additional domain controller by installing Active Directory. 3. After Active Directory is installed, enable the global catalog on the new domain controller. 4. Transfer the operations master roles from the domain controller that you want to rename to the new domain controller. Note that you must transfer the roles, do not seize them. 5. Verify that the new domain controller is functioning correctly by doing the following: 1. Verify authentications and global catalog searches. 2. Run Dcdiag.exe against the domain controller. 3. Perform any other appropriate tests to verify that the new domain controller can provide all of the domain functions of the first domain controller. 6. Verify that the \sysvol and \netlogon drives are shared on the new domain controller by doing the following: 1. On the new domain controller, open Command Prompt. 2. Type: Net share 1. In the list that is generated, verify the existence of Sysvol and Netlogon. 7. Uninstall Active Directory from the domain controller that you want to rename to be a member server. 8. Rename the member server. 9. Install Active Directory on the renamed server to create an additional domain controller. 10. Transfer the operations master roles back to the renamed domain controller. 11. Enable the global catalog on the renamed domain controller. For information about performing the individual steps in this procedure, see the topics under "See Also." Note ??? You can also rename a domain controller in a domain that contains a single domain controller by using My Computer. However, doing so will result in a service interruption to clients. Always perform a system state backup before you rename a domain controller. For more information about backing up system state data, see the topics under "See Also."

asgr86
asgr86

Has this method been tested or tried somewhere.

davidmastro
davidmastro

How about renaming the domain itself? I would like to rename a child domain, for example, change green.color.com to red.color.com... is this possible to do without having to go around to all the workstations to rejoin to a new domain?

Stewpowellh
Stewpowellh

Some people have to learn it as they go. Thanks for the info.

Reb00t
Reb00t

Just the fact that I spent 30 seconds reading how to rename a computer.

tom.robinson
tom.robinson

Did you just tell us how to rename a computer? Come on man!

Derek Schauland
Derek Schauland

I wouldn't see object propagation as an issue because neither the GUID for the renamed DC or the SID have changed. Active Directory should be able to identify this Server by either of these items after a rename... There are some reboot side effects, but it still beats rebuilding the server in some cases

conor_vahland
conor_vahland

The article was stating that using win2003 you can rename a domain controller similar as a workstation. What they left out was that this simple method was not available on a Windows 2000 domain controller - you had to demote, rename, promote. now you can simply change its name and upon reboot dns end everything just works.

Derek Schauland
Derek Schauland

I am not sure renaming a domain is possible without a ton of work. It certainly isn't quite as simple as renaming a controller. I will do some research and see what I can find.

Piffer
Piffer

I'd like to know that as well. I would think that anyone working with a DC already knows how to rename one.

dborboa
dborboa

When I got to the end of this I was stuck thinking: Did I miss something?...Then I realized I just learned from TechRepublic how to rename a computer!!! Ha...ha...he...he...snicker...Oh boy! I was expecting to learn something to impress my friends with.

simone_oor
simone_oor

Anyway, aren't you supposed to use netdom for this ? Are all the objects in DNS updated correctly if you use this simple menthod above ? I read somewhere that they aren't necessarily. I recently had to rename and chose to do it the old fashioned way anyway: demote, rename , promote. In a small domain with not many replications, it is not a big deal if you have other DCs to take over roles temporarily. Our Microsoft consultant told us this is STILL the best way.

davidmastro
davidmastro

I'm sure quite a few other people would also be interested in any method that might be less labor intensive than having to go around to reconfigure every workstation... thanks for your time and consideration

kleclair
kleclair

When I read this topic in email I was expecting a great new way to update the ADS objects when renaming a DC. Cmon guys, if we knew how to click on the link in the email message this tip came in, we probably know how to rename a machine. Almost an insult on our intelligence. Maybe I'm being a bit harsh but I think it is deserving in this case.

jfrappier
jfrappier

Maybe TechRepublic should reduce the frequency of these emails/post so they are more relevant when they do come out.

laman
laman

Most of us know how to rename the computer, however the most important things is what side effect is using this method to rename the DC? If things are that simple, I don't see why MS has to write up a kb with detailed steps. It sounds like tell people you can throw a gas can into the fire without telling them it could blow up.