Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Windows 2003 Domain Controller Rename

How can I rename my Windows 2003 Domain Controllers?

Although not the best idea in the world and although I rather re-build the entire server from scratch, this can be done in Windows Server 2003-based Domain Controllers. The procedure is quite simple. It only requires one reboot of the DC that had it’s name renamed. You don’t even have to sit near the DC, you can accomplish it from any computer that has the Windows Server 2003 Support Tools installed, and if you have the appropriate user credentials.
Note: Only Windows Server 2003 Domain Controllers can be renamed.
Note: You must be a member of the Domain Admins group.
Another Note: Domain Controllers running Microsoft’s Certificate Authority services (CA) can never be renamed.
Lamer Note: This is NOT the same as renaming your entire domain! In order to do that read Windows 2003 Domain Rename Tool.
Before:

After:

There are 2 methods for performing the rename procedure. One is easier and done through the GUI, the other is more complex and requires the installation of the Windows Server 2003 Support Tools.

Method #1 – Through the GUI

Although easier to implement, if you rename a domain controller through the System Properties dialog box instead of using the Netdom.exe tool, DNS and Active Directory replication latency may delay the ability of clients to locate or authenticate to the renamed domain controller. The length of this latency depends on your network design and the replication topology of your organization.
To rename a DC with the name from SERVER101 in the DPETRI.NET domain to ZEUS follow the next steps:

Open the System applet in Control Panel (or right-click My Computer and choose Properties).
In the Computer Name tab click Change.
A warning message appears. Read it and if you accept, click Ok.
In the Computer Name box type the new host name of the Domain Controller. Click Ok.
In the Computer Name Changes window, type the name and password of a user that is a member of the Domain Admins group.
A warning window appears saying that you must restart your computer. Acknowledge it.
Click Ok all the way out, reboot your computer.

Method #2 – By using Netdom.exe

This method is considered by most professionals to be much safer and better than the first method. By using the Netdom.exe tool, you ensure that there is little or no disturbance for the domain and client operations.
Important: To rename a domain controller using the Netdom.exe tool, the domain functional level must be set to Windows Server 2003.
In order to use Netdom.exe you must first install the Windows Server 2003 Support Tools. Double-click the Suptools.msi file found on the \Support\Tools folder on the installation CD (also see Download Windows 2003 SP1 Support Tools ).
To rename a DC with the name from SERVER101 in the DPETRI.NET domain to ZEUS follow the next steps:
1. Open Command Prompt and type:

C:\WINDOWS>netdom computername server101.dpetri.net /add:zeus.dpetri.net
Successfully added zeus.dpetri.net
as an alternate name for the computer.
The command completed successfully.

This command will update the service principal name (SPN) attributes in Active Directory for this computer account and register DNS resource records for the new computer name. The SPN value of the computer account must be replicated to all domain controllers for the domain and the DNS resource records for the new computer name must be distributed to all the authoritative DNS servers for the domain name. If the updates and registrations have not occurred prior to removing the old computer name, then some clients may be unable to locate this computer using the new or old name.

You can verify the new name was indeed added to the computer object by viewing it through Adsiedit.msc (like Netdom.exe, installed when you install the Windows Server 2003 Support Tools). Navigate to the computer object and right-click it. Select Properties:

Scroll down in the list of available attributes till you reach the attribute called msDS-AdditionalDnsHostName:

Notice that the new name should appear in the attribute’s properties.
2. Ensure the computer account updates and DNS registrations are completed, then type:

C:\WINDOWS>netdom computername server101.dpetri.net /makeprimary:zeus.dpetri.net
Successfully made zeus.dpetri.net
the primary name for the computer. The computer must be rebooted for this name change to take effect. Until then this computer may not be able to authenticate users and other computers, and may not be authenticated by other computers in the forest. The specified new name was removed from the list of alternate computer names. The primary computer name will be set to the specified new name after the reboot.
The command completed successfully.

Again, you can inspect the change with Adsiedit.msc. Scroll down in the list of available attributes for the computer object (notice how the server now appears with the new name) till you reach the attribute called msDS-AdditionalDnsHostName:

Notice that the old name should appear in the attribute’s properties.
3. Restart the computer.
4. From the command prompt, type:

C:\WINDOWS>netdom computername zeus.dpetri.net /remove:server101.dpetri.net
Successfully removed server101.dpetri.net
as an alternamte name for the computer.
The command completed successfully.

5. Make sure that the changes have successfully been replicated to all the DCs.

Renaming a domain controller requires that you first provide a FQDN as a new computer name for the domain controller. All of the computer accounts for the domain controller must contain the updated SPN attribute and all the authoritative DNS servers for the domain name must contain the host (A) resource record for the new computer name. Both the old and new computer names are maintained until you remove the old computer name. This ensures that there will be no interruption in the ability of clients to locate or authenticate to the renamed domain controller, except when the domain controller is restarted.

References

Windows Server 2003 Domain Rename Tool
To rename a Domain Controller – Windows Server 2003 help

by Daniel Petri
Jan 7, 2009

Renowned as the creator of the acclaimed Petri IT Knowledgebase back in 1999 Daniel Petri has become a distinguished figure in the IT realm, recognized for delivering reliable, expertise-driven content. This website - www.petri.com - not only embodie...

Petri.com’s New Active Directory Outage and Disaster Recovery Survey

Feb 15, 2024
Apr 16, 2024
Get-ADComputer: The PowerShell Command for Managing Active Directory Computers

Nov 15, 2023
Essential Guide to Mastering Get-ADGroupMember (AD User Management)

Oct 12, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.