How to rename a Domain Controller with Netdom

Posted on 2010-12-13 in how-to, active-directory • 445 words • 3 minute read

Last updated on 2010-12-13

Tags: Administration, PowerShell, Windows Server

Renaming computers is not a tough task since you have joined one to a domain, it can be handled easily from the GUI, but domain controllers are something more sensible, especially when renaming them. When you rename a domain controller, you must ensure that there will be no interruption in the ability of clients to locate or authenticate to the renamed domain controller, except when the domain controller is restarted.

First of all, there are some considerations prior to rename your domain controller:

• You domain functional level should be at least Windows Server 2003; this is due the introduction of the Domain controller rename tool that allows you to rename domain controllers without first demoting them (like in previous versions). You can check new Active-Directory features introduced with Windows 2003 here.
• You must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority.
• You must provide a new Fully Qualified Domain Name (FQDN) for the domain controller.
• For Windows Server 2003 domain controllers, Windows Support Tools are required in order to use the netdom.exe command (Download here); for Windows Server 2008 domain controllers the command is already included as part of the operation system.

To start renaming the domain controller, my first advice is to enumerate the names with which the computer is currently configured; at a command prompt, type:

1. netdom computername ComputerName /enumerate:{AlternateNames | PrimaryName | AllNames}

Once you are sure that the new name is not already assigned to the computer, you can follow the procedure to rename a domain controller, at a command prompt, type:

2. netdom computername CurrentComputerName /add:NewComputerName

This command will update the service principal name (SPN) attributes in Active Directory for this computer account and register DNS resource records for the new computer name. The SPN value of the computer account must be replicated to all domain controllers for the domain and the DNS resource records for the new computer name must be distributed to all the authoritative DNS servers for the domain name. If the updates and registrations have not occurred prior to removing the old computer name, then some clients may be unable to locate this computer using the new or old name. 3. Ensure the computer account updates and DNS registrations are completed using tools such as Repadmin or Reptool.

3. netdom computername CurrentComputerName /makeprimary:NewComputerName

4. Restart the computer.

5. netdom computername NewComputerName /remove:OldComputerName

Make sure that the changes have successfully been replicated to all the DCs.

For more information:

• Renaming domain controllers (TechNet)
• Rename a domain controller (TechNet)
• Domain and forest functionality (TechNet)
• New features for Active Directory (TechNet)