Rename a domain controller
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To rename a domain controller
To rename a domain controller in a domain that contains a single domain controller
To rename a domain controller
Open Command Prompt.
Type:
netdom computername CurrentComputerName**/add:**NewComputerName
This command will update the service principal name (SPN) attributes in Active Directory for this computer account and register DNS resource records for the new computer name. The SPN value of the computer account must be replicated to all domain controllers for the domain and the DNS resource records for the new computer name must be distributed to all the authoritative DNS servers for the domain name. If the updates and registrations have not occurred prior to removing the old computer name, then some clients may be unable to locate this computer using the new or old name.
Ensure the computer account updates and DNS registrations are completed, then type:
netdom computername CurrentComputerName **/makeprimary:**NewComputerName
Restart the computer.
From the command prompt, type:
netdom computername NewComputerName **/remove:**OldComputerName
Value Description CurrentComputerName
The current, or primary, computer name or IP address of the computer you are renaming.
NewComputerName
The new name for the computer. The NewComputerName must be a fully qualified domain name (FQDN). The primary DNS suffix specified in the FQDN for NewComputerName must be the same as the primary DNS suffix of CurrentComputerName or it must be contained in the list of allowed DNS suffixes specified in the msDS-AllowedDNSSuffixes attribute of the domainDns object.
OldComputerName
The old name of renamed computer. The OldComputerName must be a fully qualified domain name (FQDN).
Important
To rename a domain controller using the Netdom tool, the domain functional level must be set to Windows Server 2003. For more information, see Related Topics.
Renaming a domain controller requires that you first provide a FQDN as a new computer name for the domain controller. All of the computer accounts for the domain controller must contain the updated SPN attribute and all the authoritative DNS servers for the domain name must contain the host (A) resource record for the new computer name. Both the old and new computer names are maintained until you remove the old computer name. This ensures that there will be no interruption in the ability of clients to locate or authenticate to the renamed domain controller, except when the domain controller is restarted.
Notes
To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.
To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.
This command-line method requires the Netdom Windows support tool. For information about installing Windows support tools, see Related Topics.
The corresponding nTFRSMember or msDFSR-Member object is not renamed automatically, but the reference attributes are correctly set so SYSVOL replication is not impacted. The only potential problem with not renaming these objects is that if another domain controller is created at a later date with the same NetBIOS name of the old domain controller, then a conflict can occur as described in KB article 316826. After the rename is complete, you can optionally rename the nTFRSMember or msDFSR-Member object as part of cleanup.
If the domain controller belongs to a group with a Group Policy enabled on its primary DNS suffix, the string specified in the Group Policy is used as the primary DNS suffix. The local setting is used only if the Group Policy is disabled or unspecified.
By default, the primary DNS suffix portion of a computer's FQDN is the same as the name of the Active Directory domain to which the computer is joined. To allow different primary DNS suffixes, a domain administrator can create a restricted list of allowed suffixes by creating the msDS-AllowedDNSSuffixes attribute in the domain object container. This attribute is managed by the domain administrator using Active Directory Service Interfaces (ADSI) or Lightweight Directory Access Protocol (LDAP). For more information about programming interfaces and directory access protocol, see Related Topics.
Domain controller locator (Locator) DNS resource records are registered by the domain controller after the renamed domain controller has been restarted. The records that are registered are available on the domain controller in the systemroot\System32\Config\Netlogon.dns file.
To enumerate the names with which the computer is currently configured, at a command prompt, type:
netdom computername ComputerName**/enumerate:**{AlternateNames | PrimaryName | AllNames}
You can also specify a parameter that will use administrator credentials required to modify the computer account in Active Directory. If this parameter is not specified, Netdom uses the credentials of the user currently logged on. For more information, see the Netdom command-line help.
If you rename a domain controller through the System Properties dialog box instead of using the Netdom tool, DNS and Active Directory replication latency may delay the ability of clients to locate or authenticate to the renamed domain controller. The length of this latency depends on your network design and the replication topology of your organization.
To rename a domain controller in a domain that contains a single domain controller
Install a Windows Server 2003 member server in the domain.
On the new server, create an additional domain controller by installing Active Directory.
After Active Directory is installed, enable the global catalog on the new domain controller.
Transfer the operations master roles from the domain controller that you want to rename to the new domain controller. Note that you must transfer the roles, do not seize them.
Verify that the new domain controller is functioning correctly by doing the following:
Verify authentications and global catalog searches.
Run Dcdiag.exe against the domain controller.
Perform any other appropriate tests to verify that the new domain controller can provide all of the domain functions of the first domain controller.
Verify that the \sysvol and \netlogon drives are shared on the new domain controller by doing the following:
On the new domain controller, open Command Prompt.
Type:
Net share
- In the list that is generated, verify the existence of Sysvol and Netlogon.
Uninstall Active Directory from the domain controller that you want to rename to be a member server.
Rename the member server.
Install Active Directory on the renamed server to create an additional domain controller.
Transfer the operations master roles back to the renamed domain controller.
Enable the global catalog on the renamed domain controller.
For information about performing the individual steps in this procedure, see the topics under "See Also."
Note
- You can also rename a domain controller in a domain that contains a single domain controller by using My Computer. However, doing so will result in a service interruption to clients. Always perform a system state backup before you rename a domain controller. For more information about backing up system state data, see the topics under "See Also."
See Also
Concepts
Renaming domain controllers
Rename a computer
Domain and forest functionality
How to install and upgrade the operating system
Create an additional domain controller
Enable or disable a global catalog
Transfer operations master roles
Demote a domain controller
Install Windows Support Tools
Programming interfaces
Directory access protocol
Back up System State data