Windows Server 2008

Rename Windows Server 2008 Domain Controllers

This question has attracted my eyes a few times on different forums, so I decided to write an article about it. Choosing the right name for your servers is one of the steps that should be taken into account when designing a new network, or when deploying new servers. You should be totally aware of the names that you will assign each one of the new servers, and take naming conventions into consideration when designing a new network or a network expansion. However, in some cases, a simple typo or human error might cause the new server to get the wrong name. While easy to fix on regular servers, Domain Controllers should be renamed by using a different method.

The procedure of renaming a regular server (Windows 2000/2003/2008) is quite simple. It is done through the My Computer properties, and usually requires one reboot.

However, DCs should be renamed by using a totally different approach.

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

Note: This article focuses on Windows Server 2008 Domain Controller renaming. Although similar to the procedure done in Windows Server 2003 Domain Controllers, I would suggest that you please see the article titled “How can I rename my Windows 2003 Domain Controllers?“. Also note that only Windows Server 2003 Domain Controllers can be renamed.

Another Note: Domain Controllers running Microsoft’s Certificate Authority services (CA) can never be renamed.

Lamer Note: This is NOT the same as renaming your entire domain! For that, please use the RENDOM utility that is (now) a part of the Active Directory – Directory Services installed files.

The command

In order to rename a DC you will need the NETDOM command. In Windows Server 2008, this is part of the operating system, and not a separate download as in previous versions. By using the NETDOM command, you ensure that there is little or no disturbance for the domain and client operations.

Renaming a domain controller requires that you first provide a FQDN as a new computer name for the domain controller. All of the computer accounts for the domain controller must contain the updated SPN attribute and all the authoritative DNS servers for the domain name must contain the host (A) resource record for the new computer name. Both the old and new computer names are maintained until you remove the old computer name. This ensures that there will be no interruption in the ability of clients to locate or authenticate to the renamed domain controller, except when the domain controller is restarted.

Important: To rename a domain controller using the NETDOM command, the domain functional level must be set to at least Windows Server 2003.

The bad news: As usual, you will need to reboot the renamed DC.

The good news: You don’t have to sit near the DC you’re renaming. You can accomplish it from any computer that has the NETDOM command, and if you have the appropriate user credentials.

Permissions

You must be a member of the Domain Admins group.

To rename a DC with the name from KUKU-SERVER in the PETRI.LOCAL domain to DC-SERVER follow the next steps:

1. Open Command Prompt and type:

​NETDOM computername KUKU-SERVER.PETRI.LOCAL /add:DC-SERVER.PETRI.LOCAL

This command will update the service principal name (SPN) attributes in Active Directory for this computer account, and register DNS resource records for the new computer name. The SPN value of the computer account must be replicated to all DCs for the domain, and the DNS resource records for the new computer name must be distributed to all the authoritative DNS servers for the domain name. If the updates and registrations have not occurred prior to removing the old computer name, then some clients may be unable to locate this computer using the new or old name. Therefore, it’s very important to wait till the Active Directory replication finishes a replication cycle. You can check that by using tools such as REPADMIN and REPLMON.

You can verify the new name was indeed added to the computer object by viewing it through ADSIEDIT.MSC (which, for Windows Server 2008, is installed by default). Navigate to the computer object and right-click it. Select Properties:

Scroll down in the list of available attributes till you reach the attribute called msDS-AdditionalDnsHostName.

2. Ensure the computer account updates and DNS registrations are completed, then type:

​NETDOM computername KUKU-SERVER.PETRI.LOCAL /makeprimary:DC-SERVER.PETRI.LOCAL

Again, you can inspect the change with ADSIEDIT.MSC. Scroll down in the list of available attributes for the computer object (notice how the server now appears with the new name) till you reach the attribute called msDS-AdditionalDnsHostName.

Notice that the old name should appear in the attribute’s properties.

3. Restart the computer.

4. From the command prompt, type:

​NETDOM computername DC-SERVER.PETRI.LOCAL /remove:KUKU-SERVER.PETRI.LOCAL

5. Make sure that the changes have successfully been replicated to all the DCs.

Conclusion

In this article, I have explained how to use the NETDOM command to rename Windows Server 2008 Domain Controllers. To see how this is accomplished in Windows Server 2003 Domain Controllers, see my article “How can I rename my Windows 2003 Domain Controllers?

Recent Windows Server 2008 Forum threads

Got a question? Post it on our Windows Server 2008 forums!

Related Topics:

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: