How can I change dns name on domain controller?

windows active-directory windows-server-2012 domain-controller
14,974

Domain Controllers retain their original FQDN after a rename. There is a specific procedure that you must follow to correct this after a domain rename, it's outlined in this TechNet article: http://technet.microsoft.com/en-us/library/cc794925(v=ws.10).aspx

You can use this procedure to rename domain controllers after a domain rename operation.The Domain Name System (DNS) host names of the domain controllers in the renamed domains do not change automatically as a result of the domain rename operation. In other words, the DNS suffix in the fully qualified DNS host name of a domain controller in the renamed domain continues to reflect the old domain name. You can change the DNS host name of domain controllers in a renamed domain at a later time by using a special procedure.

Modification of the computer name causes updates to the DNS and Active Directory databases. The computer performs these updates automatically. After the updated data propagates to the DNS servers and Active Directory domain controllers that a client computer uses, the client computer can locate and authenticate to the renamed domain controller computer. However, DNS and Active Directory replication latency (the time that it takes for the name change to replicate throughout the databases) might cause a temporary inability of clients to locate or authenticate the renamed domain controller. Therefore, renaming a mission-critical server, such as a domain controller, requires that you follow a computer rename preparation procedure before you rename the domain controller. This preparation procedure ensures that there will be no interruption in the ability of client computers to locate or authenticate the renamed domain controller. For more information about how to rename a domain controller, see Renaming a Domain Controller.

Share:
14,974

Related videos on Youtube

Paul Stearns
Author by

Paul Stearns

I have been a code hacker for 30+ years, and really am not fluent in any one language. I currently work in PL/SQL, ActionScript and VB.NET on a daily basis.

Updated on September 18, 2022

Comments

  • Paul Stearns
    Paul Stearns over 1 year

    I am in the process of trying to clean up after a domain rename gone bad. The rename was from xxx.com to hq.xxx.com

    My current problem is that I cannot login to the DC (only DC on network) Logging into other computers is not a problem. The error is "The security database on the server does not have a computer account for this workstation trust relationship." The good news is that all other computers on the network allow logins fine.

    I have a VM on the same physical machine with windows 2012 as a member server that I installed Remote Management on. I can run Active Users & Computers, when I look under Domain Controllers I see the DC, but the "DNS Name:" is set to server.xxx.com, instead of server.hq.xxx.com. There appears to be no way to either;

    a) Change the DNS Name:, or b) Manually add another server with the right name.

    Hence my question, How can I change the DNS Name on a Windows 2012 domain controller?

    Additionally, am I barking up the wrong tree? Is there something else I should look at?

    I guess someone got their shorts in a bunch because I did not specify all of the things that I have researched and tried.

    I spent a number of hours manually changing the DNS, removing LDAP and KErberos entries linking the DC to the old (xxx.com) domain. After restarting the servers, when I couldn't get logged in to the DC I searched for other examples of that problem, I couldn't find any relevant examples. I then searched for, found & installed the remote management tools for 2012 domains, on the VM containing a member server. That is when I found that the DNS Name defined above was incorrect. I searched for this issue, to no avail. I specifically looked at all of the items in ServerFault that might be related, and found nothing useful.

    • DanBig
      DanBig over 10 years
      You could look into the steps at this link. You would obviously perform them from your member server that you setup. Likely you are in for a directory rebuild, though. virtualcurtis.wordpress.com/2011/03/02/…
  • Paul Stearns
    Paul Stearns over 10 years
    Prior to rebooting the servers, I tried the netDom approach. it would not work. I can no longer login to the domain controller, but I have tried the netdom commands from the member server, and it gives the following errors; C:\Windows\system32>netdom computername server.xxx.com /add:server.hq.xxx.com Unable to add server.hq.xxx.com as an alternate name for the computer. The error is: The network path was not found. The command failed to complete successfully.
  • Paul Stearns
    Paul Stearns over 10 years
    Yes, and yes I am using the correct netbios name, which works on all the other computers in the domain. The original netbios name was xxx\login-name the new netbios name is hqxxx\login-name. The old netbios name no longer works. I truly believe that it has to do with the "DNS Name:" listed in active users and computers for the DC, it is server.xxx.com, instead of server.hq.xxx.com.
  • Paul Stearns
    Paul Stearns over 10 years
    I was hoping there would be a better way. We are actually going to use another computer, but the same principle. Is it possible to demote a server to a member server remotely? My thought was to create a new temp DC, if possible demote the existing DC, then promote it, which should fix the issue, then get rid of the temp DC.
  • SpiderIce
    SpiderIce over 10 years
    Well if you can't login to the server I don't think it's going to demote correctly. I think the safest way would be to take it offline and rebuild it then clean up the records in AD. Normally you could demote a DC to a member server again via RDP or other remote control but would need to have login access to that system.
  • Paul Stearns
    Paul Stearns over 10 years
    I am able to run Active Users and Directories from my VM. I can get to advanced properties which should allow me to edit under Attribute Editor the dNSHostName, which is "server.xxx.com" When I change it to server.hq.xxx.com, and click Apply, I get the error; Operation failed Error code: 0x214d. Which I can't find any useful information on. The full error goes on with While processing a change to the DNS Host Name for an object, the Service Principal Name values could not be kept in sync. 0000214D: SvcErr: DSID-033E0F61, problem 5001 (BUSY), data 87. ANy ideas on this?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Join Windows 2003 R2 guest to Windows 2012 R2 domain controller
Reuse old domain controller IP address
Active Directory setup with Profile Path and Home Folder
Exchange 2013 Error - MapiExceptionUnknownUser: Unable to open message store
AD FS and DC on same Server
Cannot create printer object in Active Directory, even though the printer is on the same server
Take ownership of a file in Windows Server 2012
Adding another domain controller to a small 2008R2 network: steps I am missing(?)
Authenticate client against specific Domain Controller
Windows Server 2012 - Can't join computer to the domain