Rename Windows Server 2008 Domain Controllers
This question has attracted my eyes a few times on different forums, so I decided to write an article about it. Choosing the right name for your servers is one of the steps that should be taken into account when designing a new network, or when deploying new servers. You should be totally aware of the names that you will assign each one of the new servers, and take naming conventions into consideration when designing a new network or a network expansion. However, in some cases, a simple typo or human error might cause the new server to get the wrong name. While easy to fix on regular servers, Domain Controllers should be renamed by using a different method.
The procedure of renaming a regular server (Windows 2000/2003/2008) is quite simple. It is done through the My Computer properties, and usually requires one reboot.
However, DCs should be renamed by using a totally different approach.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
Note: This article focuses on Windows Server 2008 Domain Controller renaming. Although similar to the procedure done in Windows Server 2003 Domain Controllers, I would suggest that you please see the article titled “How can I rename my Windows 2003 Domain Controllers?“. Also note that only Windows Server 2003 Domain Controllers can be renamed.
Another Note: Domain Controllers running Microsoft’s Certificate Authority services (CA) can never be renamed.
Lamer Note: This is NOT the same as renaming your entire domain! For that, please use the RENDOM utility that is (now) a part of the Active Directory – Directory Services installed files.
In order to rename a DC you will need the NETDOM command. In Windows Server 2008, this is part of the operating system, and not a separate download as in previous versions. By using the NETDOM command, you ensure that there is little or no disturbance for the domain and client operations.
Renaming a domain controller requires that you first provide a FQDN as a new computer name for the domain controller. All of the computer accounts for the domain controller must contain the updated SPN attribute and all the authoritative DNS servers for the domain name must contain the host (A) resource record for the new computer name. Both the old and new computer names are maintained until you remove the old computer name. This ensures that there will be no interruption in the ability of clients to locate or authenticate to the renamed domain controller, except when the domain controller is restarted.
Important: To rename a domain controller using the NETDOM command, the domain functional level must be set to at least Windows Server 2003.
The bad news: As usual, you will need to reboot the renamed DC.
The good news: You don’t have to sit near the DC you’re renaming. You can accomplish it from any computer that has the NETDOM command, and if you have the appropriate user credentials.
You must be a member of the Domain Admins group.
To rename a DC with the name from KUKU-SERVER in the PETRI.LOCAL domain to DC-SERVER follow the next steps:
1. Open Command Prompt and type:
NETDOM computername KUKU-SERVER.PETRI.LOCAL /add:DC-SERVER.PETRI.LOCAL
This command will update the service principal name (SPN) attributes in Active Directory for this computer account, and register DNS resource records for the new computer name. The SPN value of the computer account must be replicated to all DCs for the domain, and the DNS resource records for the new computer name must be distributed to all the authoritative DNS servers for the domain name. If the updates and registrations have not occurred prior to removing the old computer name, then some clients may be unable to locate this computer using the new or old name. Therefore, it’s very important to wait till the Active Directory replication finishes a replication cycle. You can check that by using tools such as REPADMIN and REPLMON.
You can verify the new name was indeed added to the computer object by viewing it through ADSIEDIT.MSC (which, for Windows Server 2008, is installed by default). Navigate to the computer object and right-click it. Select Properties:
Scroll down in the list of available attributes till you reach the attribute called msDS-AdditionalDnsHostName.
2. Ensure the computer account updates and DNS registrations are completed, then type:
NETDOM computername KUKU-SERVER.PETRI.LOCAL /makeprimary:DC-SERVER.PETRI.LOCAL
Again, you can inspect the change with ADSIEDIT.MSC. Scroll down in the list of available attributes for the computer object (notice how the server now appears with the new name) till you reach the attribute called msDS-AdditionalDnsHostName.
Notice that the old name should appear in the attribute’s properties.
3. Restart the computer.
4. From the command prompt, type:
NETDOM computername DC-SERVER.PETRI.LOCAL /remove:KUKU-SERVER.PETRI.LOCAL
5. Make sure that the changes have successfully been replicated to all the DCs.
In this article, I have explained how to use the NETDOM command to rename Windows Server 2008 Domain Controllers. To see how this is accomplished in Windows Server 2003 Domain Controllers, see my article “How can I rename my Windows 2003 Domain Controllers?“
Recent Windows Server 2008 Forum threads
Got a question? Post it on our Windows Server 2008 forums!