Group Policy not updating after domain name change

Question

Group Policy not updating after domain name change

j77483-0552 1

Hello,

I recently changed our DC domain name. Mostly everything went well except for gp. I did use the gpfixup for both DNS and NB before ending rendom. The domain name has changed within gp however it won't let me gpupdate on the DC. It returns with the error:

"The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency {an account created on another domain controller has not replicated to the current domain controller).
Computer policy could not be updated successfully, The following errors were encountered:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account, created on another domain controller has not replicated to the current domain controller)."

I ran the AD replication program and there are no issues in there. When I make a GPReport, the only thing that looks off is under the user details it still shows the old domain name and computer name. I am not sure how I would go about modifying these fields.

I am wondering if anyone has run into anything similar after renaming their domain.

Thanks for your time.

3 answers

Your answer

Answer 1

Mark E 161

When the domain name changes I don’t think it updates the resolver and base domain on the controller itself, so you’ll need to manually change this for the machine to know where to look.

Assuming you’ve completed rendom
You’ll need to run; netdom computername DCName.oldfqdn /add:DCName.newfqdn
Once rebooted the OS should pickup the change.
Make sure that DNS resolution works correctly and update the policy configuration with gpfixup (belt and braces check as I know you’ve said you’ve done that above).

Hope that helps

j77483-0552 1 Reputation point

2021-07-22T15:18:08.373+00:00

Hi Mark,

Thanks for the reply.

I restored my server from a backup and have reconfigured the change. Even after redoing all the steps very carefully I still am met with the error "The following domain controller could not be contacted" with the old domain listed when starting up GP. I have run gpfixup multiple times and restarted however this error does not go away. I did get it go go away previously by selecting the options "Remove this domain from the console" however, after that I was met with the GP not updating issue above.

Answer 2

Anonymous

Hello @j77483-0552 ,

Thank you so much for posting here.

If we rename the domain, the domain controllers will not be renamed. So we need to change it manually. For more details, please refer to:
https://www.rebeladmin.com/2015/05/step-by-step-guide-to-rename-active-directory-domain-name

Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

Best regards,
Hannah Xiong

j77483-0552 1 Reputation point

2021-07-22T15:20:35.907+00:00

Hi Hannah,

I completed every step from that website, however the gpfixup does not work for me. I still get the pop up from the gpfixup steps with the old domain name. I have run gpfixup multiple times and with restarts but it still does not fix my GP issue.
Anonymous

2021-07-23T05:46:32.59+00:00

Hi,

Thank you so much for your kindly reply.

May I know if gpfixup tool executed with sucess when we ran the commands?
And if we checked the domain name from GPMC, the domain name has been changed or not?

Best regards,
Hannah Xiong
j77483-0552 1 Reputation point

2021-07-23T11:06:40.75+00:00

The gpfixup tool executed "successfully" however it did not update anything within group policy. I was still left with the popup with the old domain name on it.

The domain name is showed the new one in gpmc right now. I was able to delete the old policies and create new one with the new domain name to get around the pop up with the old domain name. However I still cannot gpupdate on the domain controller itself. I still receive a name resolution error. I have extensively checked my DNS and I have not found any problems with it using dcdiag.
Anonymous

2021-07-26T02:38:22.593+00:00

Hello @j77483-0552 ,

Thank you so much for your kindly reply.

I noticed that we have created a new ticket about this issue. I have replied to you on that ticket. Please kindly have a check.

Hope our issue could be resolved soon. Thanks a lot.

Best regards,
Hannah Xiong

Answer 3

Matthew Lynch 21

Was there a fix to this? I am getting the same issue. Gpfixup was run successfully, but I can't access GPO. I was still left with the popup with the old domain name on it.

Share via

Group Policy not updating after domain name change

3 answers

Your answer