cannot log in after computer name change setting up active directory server 2022

Question

I recently installed server 2022 and configured AD DS in the domain "GP" on two computers named CPCS-Server-01 and Server-02. I finished adding Server-02 as a second DC. When looking at the two, I wanted the server names to match so I changed the first server name to Server-01 (dropped the prefix). Left for 1 hour, then came back, then as configured automatic logout kicked in. It has now been 9 hours since any changes. I attempted to log back in as GP\administrator but get error message "The security database on the server does not have a computer account for this workstation trust relationship". I looked up the message from various sources and most said the server lost the computer name, it needs to be changed.

How can I do that without logging in?

I tried logging in as Server-01\administrator and I get a username or password error. I try CPCS-Server-01\administrator and I get "An attempt was made to logon, but the network logon service was not started"

Answer 1

Renaming a domain controller can be done but it can be risky and generally not recommended. The simplest solution may be to remove from network, seize roles (if necessary) to another healthy one.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/transfer-or-seize-fsmo-roles-in-ad-ds

do cleanup to remove remnants
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

and stand up a new one for replacement.

I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2019 or 2022, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

--please don't forget to upvote and Accept as answer if the reply is helpful--

Answer 2

tried logging in as Server-01\administrator

This wouldn't work since local accounts do not exist on domain controllers. Try logging on as domainname\administrator

--please don't forget to upvote and Accept as answer if the reply is helpful--

Answer 3

It is still an issue. It has been 20 hours since the computer name change, and it has not propagated throughout the domain.

Regarding logging in on the local machine: That is what I thought when I first installed AD, rebooted, and looked around.

I tried logging in as Server-01\administrator because it was proposed in this video here . . . and here. It was just an idea. But to point of the video, I think the cause of the message is correct (server missing) the resolution is not correct. The other DC (SERVER-02) says the first server name is still the old name CPCS-SERVER-01 but on the server, the computer name is SERVER-01. It never propagated the server name change.

Is there a way to change the server computer name after the domain is set up or should I just reinstall the OS? There is no data on SERVER-01 or SERVER-02 yet.