Petri

Windows 2003 Domain Controller Rename

How can I rename my Windows 2003 Domain Controllers?

Although not the best idea in the world and although I rather re-build the entire server from scratch, this can be done in Windows Server 2003-based Domain Controllers. The procedure is quite simple. It only requires one reboot of the DC that had it’s name renamed. You don’t even have to sit near the DC, you can accomplish it from any computer that has the Windows Server 2003 Support Tools installed, and if you have the appropriate user credentials.

Note: Only Windows Server 2003 Domain Controllers can be renamed.

Note: You must be a member of the Domain Admins group.

Another Note: Domain Controllers running Microsoft’s Certificate Authority services (CA) can never be renamed.

Lamer Note: This is NOT the same as renaming your entire domain! In order to do that read Windows 2003 Domain Rename Tool.

Before:

After:

There are 2 methods for performing the rename procedure. One is easier and done through the GUI, the other is more complex and requires the installation of the Windows Server 2003 Support Tools.

Method #1 – Through the GUI

Although easier to implement, if you rename a domain controller through the System Properties dialog box instead of using the Netdom.exe tool, DNS and Active Directory replication latency may delay the ability of clients to locate or authenticate to the renamed domain controller. The length of this latency depends on your network design and the replication topology of your organization.

To rename a DC with the name from SERVER101 in the DPETRI.NET domain to ZEUS follow the next steps:

        1. Open the System applet in Control Panel (or right-click My Computer and choose Properties).
        2. In the Computer Name tab click Change.
        3. A warning message appears. Read it and if you accept, click Ok.
        4. In the Computer Name box type the new host name of the Domain Controller. Click Ok.
        5. In the Computer Name Changes window, type the name and password of a user that is a member of the Domain Admins group.
        6. A warning window appears saying that you must restart your computer. Acknowledge it.
        7. Click Ok all the way out, reboot your computer.

        Method #2 – By using Netdom.exe

        This method is considered by most professionals to be much safer and better than the first method. By using the Netdom.exe tool, you ensure that there is little or no disturbance for the domain and client operations.

        Important: To rename a domain controller using the Netdom.exe tool, the domain functional level must be set to Windows Server 2003.

        In order to use Netdom.exe you must first install the Windows Server 2003 Support Tools. Double-click the Suptools.msi file found on the \Support\Tools folder on the installation CD (also see Download Windows 2003 SP1 Support Tools ).

        To rename a DC with the name from SERVER101 in the DPETRI.NET domain to ZEUS follow the next steps:

        1. Open Command Prompt and type:

          This command will update the service principal name (SPN) attributes in Active Directory for this computer account and register DNS resource records for the new computer name. The SPN value of the computer account must be replicated to all domain controllers for the domain and the DNS resource records for the new computer name must be distributed to all the authoritative DNS servers for the domain name. If the updates and registrations have not occurred prior to removing the old computer name, then some clients may be unable to locate this computer using the new or old name.

          You can verify the new name was indeed added to the computer object by viewing it through Adsiedit.msc (like Netdom.exe, installed when you install the Windows Server 2003 Support Tools). Navigate to the computer object and right-click it. Select Properties:

          Scroll down in the list of available attributes till you reach the attribute called msDS-AdditionalDnsHostName:

          Notice that the new name should appear in the attribute’s properties.

          2. Ensure the computer account updates and DNS registrations are completed, then type:

            Again, you can inspect the change with Adsiedit.msc. Scroll down in the list of available attributes for the computer object (notice how the server now appears with the new name) till you reach the attribute called msDS-AdditionalDnsHostName:

            Notice that the old name should appear in the attribute’s properties.

            3. Restart the computer.

            4. From the command prompt, type:

              5. Make sure that the changes have successfully been replicated to all the DCs.

                Renaming a domain controller requires that you first provide a FQDN as a new computer name for the domain controller. All of the computer accounts for the domain controller must contain the updated SPN attribute and all the authoritative DNS servers for the domain name must contain the host (A) resource record for the new computer name. Both the old and new computer names are maintained until you remove the old computer name. This ensures that there will be no interruption in the ability of clients to locate or authenticate to the renamed domain controller, except when the domain controller is restarted.

                References

                Windows Server 2003 Domain Rename Tool

                To rename a Domain Controller – Windows Server 2003 help

                Join The Conversation

                Sponsors

                Sponsors