Windows Server 2008

Rename Windows Server 2008 Domain Controllers

This question has attracted my eyes a few times on different forums, so I decided to write an article about it. Choosing the right name for your servers is one of the steps that should be taken into account when designing a new network, or when deploying new servers. You should be totally aware of the names that you will assign each one of the new servers, and take naming conventions into consideration when designing a new network or a network expansion. However, in some cases, a simple typo or human error might cause the new server to get the wrong name. While easy to fix on regular servers, Domain Controllers should be renamed by using a different method.

The procedure of renaming a regular server (Windows 2000/2003/2008) is quite simple. It is done through the My Computer properties, and usually requires one reboot.

However, DCs should be renamed by using a totally different approach.

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

Note: This article focuses on Windows Server 2008 Domain Controller renaming. Although similar to the procedure done in Windows Server 2003 Domain Controllers, I would suggest that you please see the article titled “How can I rename my Windows 2003 Domain Controllers?“. Also note that only Windows Server 2003 Domain Controllers can be renamed.

Another Note: Domain Controllers running Microsoft’s Certificate Authority services (CA) can never be renamed.

Lamer Note: This is NOT the same as renaming your entire domain! For that, please use the RENDOM utility that is (now) a part of the Active Directory – Directory Services installed files.

The command

In order to rename a DC you will need the NETDOM command. In Windows Server 2008, this is part of the operating system, and not a separate download as in previous versions. By using the NETDOM command, you ensure that there is little or no disturbance for the domain and client operations.

Renaming a domain controller requires that you first provide a FQDN as a new computer name for the domain controller. All of the computer accounts for the domain controller must contain the updated SPN attribute and all the authoritative DNS servers for the domain name must contain the host (A) resource record for the new computer name. Both the old and new computer names are maintained until you remove the old computer name. This ensures that there will be no interruption in the ability of clients to locate or authenticate to the renamed domain controller, except when the domain controller is restarted.

Important: To rename a domain controller using the NETDOM command, the domain functional level must be set to at least Windows Server 2003.

The bad news: As usual, you will need to reboot the renamed DC.

The good news: You don’t have to sit near the DC you’re renaming. You can accomplish it from any computer that has the NETDOM command, and if you have the appropriate user credentials.


You must be a member of the Domain Admins group.

To rename a DC with the name from KUKU-SERVER in the PETRI.LOCAL domain to DC-SERVER follow the next steps:

1. Open Command Prompt and type:


This command will update the service principal name (SPN) attributes in Active Directory for this computer account, and register DNS resource records for the new computer name. The SPN value of the computer account must be replicated to all DCs for the domain, and the DNS resource records for the new computer name must be distributed to all the authoritative DNS servers for the domain name. If the updates and registrations have not occurred prior to removing the old computer name, then some clients may be unable to locate this computer using the new or old name. Therefore, it’s very important to wait till the Active Directory replication finishes a replication cycle. You can check that by using tools such as REPADMIN and REPLMON.

You can verify the new name was indeed added to the computer object by viewing it through ADSIEDIT.MSC (which, for Windows Server 2008, is installed by default). Navigate to the computer object and right-click it. Select Properties:

Scroll down in the list of available attributes till you reach the attribute called msDS-AdditionalDnsHostName.

2. Ensure the computer account updates and DNS registrations are completed, then type:


Again, you can inspect the change with ADSIEDIT.MSC. Scroll down in the list of available attributes for the computer object (notice how the server now appears with the new name) till you reach the attribute called msDS-AdditionalDnsHostName.

Notice that the old name should appear in the attribute’s properties.

3. Restart the computer.

4. From the command prompt, type:


5. Make sure that the changes have successfully been replicated to all the DCs.


In this article, I have explained how to use the NETDOM command to rename Windows Server 2008 Domain Controllers. To see how this is accomplished in Windows Server 2003 Domain Controllers, see my article “How can I rename my Windows 2003 Domain Controllers?

Recent Windows Server 2008 Forum threads

Got a question? Post it on our Windows Server 2008 forums!

Related Topics:

Don't leave your business open to attack! Come learn how to protect your AD in this FREE masterclass!REGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

  • Whether you should upgrade your domain controllers to Windows Server
    2019 and beyond
  • Achieving mission impossible: updating DCs within 48 hours
  • How to disable legacy protocols and outdated compatibility options in
    Active Directory

Sponsored by: