One of the needs that arise during an Active Directory upgrade is to have to rename the new Domain Controllers with the Name and IP of the old ones. This should be avoided, application owners should be advised about the impact of this misconfiguration and guided on who to properly configure them. Unfortunately, there are still environments that face this ask so I thought I would write a short how-to just to help to wants to insist this way or maybe mess around in a lab.
Before going through the steps be aware that you may have an issue with DFSR SYSVOL objects after the rename which the following article details:
https://support.microsoft.com/en-hk/help/2001271/domain-controller-rename-does-not-rename-all-ad-dfs...
Also after performing the procedure, the corresponding computer object contains left-over data with old and new samAccountName :
|
Attribute
|
Value
|
|
msDS-AdditionalDnsHostName
|
<old samAccountName >
<new samAccountName >
|
|
msDS-AdditionalSamAccountName
|
<not set>
|
|
servicePrincipalName
|
<SPNs for new samAccountName >
<SPNs for new FQDN name>
<SPNs for old samAccountName >
|
The first two attributes should be empty when rename is finished, and there should only exist SPNs for the new names.
Also you may want to check SRV records in DNS under _tcp.domain.com" and "_tcp.dc._msdcs.domain.com", they should match new name (old name shouldn't be there anymore)
Ok now let's move on...
My test environment has the following DCs:
- DC1 (2008) – IP 10.10.10.10
- DC2 (2008) – IP 10.10.10.11
- DC3 (2016) – IP 10.10.10.100
- DC4 (2016) – IP 10.10.10.101
There are two methods to achieve the same result.
The first method is the recommended one, always follow this process, as it is much easier:
First method (recommended): Proceed with removing the domain controller role from DC1 and then DC2 (demote) before inserting DC3 and DC4.
- Removing AD and Domain Services Role from DC2
- Rename to DC2-OLD
- IP change
- Turn Off
- Rename DC4 to DC2
- Assign this new DC2 IP 10.10.10.11
- Install the Domain Services role and promote it to DC.
- Same thing between DC1 and DC3.
For those that are preserving with the rename process here you go:
Second method: used when you have or think to have applications hardcoded with DC name and want to preserve OLD names and IPs. In this case you install DC3 and DC4 and promote them to domain controllers 2016 so you will have 4 DCs (2 OLD and 2 NEW):
- Removing AD and Domain Services Role from DC2
- Rename to DC2-OLD
- IP change
- Turn Off
- On DC4, run the NETDOM command to rename:
- First perform a preflight check with the following command:
Netdom computername <temp-name> /ENUMerate ### (where the parameter is the temporary host name of DC2016):
Netdom computername DC4 /ENUMerate ### The expected result of this command is the display of only one name.
- Then we run the command to add the final host name as follows:
Netdom computername /add: ### (where parameter is the FQDN of old DC2008):
Netdom computername DC4 /add: DC2.domain.intra
- Next, run the following command to make the primary:
Netdom computername <temp-name> /MAKEPRIMARY <FQDN-old-name>
Netdom computername DC4 /MAKEPRIMARY DC2.domain.intra
- Restart the DC to make the change work.
- After restarting, verify that there are two names:
Netdom computername <old-name> /ENUMerate ### (where parameter <old-name> is the name of the old DC2008):
Netdom computername DC02 /ENUMerate
- Run the following command to remove the temporary name:
Netdom computername /remove: ### (where parameter <FQDN-temp-name> is the FQDN of DC2016 temp name):
Netdom computername DC2 /remove: DC4.domain.intra
- Finally, verify that there is only one name configured:
Netdom computername DC2 /ENUMerate
- Change IP address configuring old IP 10.10.11
- Perform the same steps as above paragraph 5 for DC1 and DC3
- First perform a preflight check with the following command:
Netdom computername <temp-name> /ENUMerate ### (where parameter <temp-name> is the temporary host name of DC2016):
Netdom computername DC3 /ENUMerate ### The expected result of this command is the display of only one name.
- Run the following cmdlet to add the old host name:
Netdom computername /add: ### (where parameter <FQDN-old-name> is the FQDN of old DC2008):
Netdom computername DC3 /add: DC1.domain.intra
- Run the following command to make the primary on the DC:
Netdom computername <temp-name> /MAKEPRIMARY <FQDN-old-name>
Netdom computername DC3 /MAKEPRIMARY DC1.domain.intra
- Restart the DC to make the change work.
- After restarting, verify that there are two names:
Netdom computername <old-name> /ENUMerate ### (where parameter <old-name> is the old DC2008):
Netdom computername DC01 /ENUMerate
- Run the following command to remove the temporary name:
Netdom computername /remove: ### (where parameter <FQDN-temp-name> is the FQDN of new DC2016):
Netdom computername DC1 /remove: DC3.domain.intra
- Finally, verify that there is only one name listed:
Netdom computername DC1 /ENUMerate
- Change IP address configuring old IP 10.10.10.x
And that’s the end, now you have two new DCs that preserve the “old” DCs name and IP addresses.
Netdom command
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc...
Regards
Alan@CSA
