Link to home
Start Free TrialLog in
Avatar of pwi11
pwi11

asked on

Renaming my domain controller

Hi everyone,

I have a w2k3 domain controller that has an underscore in its name.  I am now realizing that this is a problem.  I wanted to install MS Office Project Server 2003, and because of the underscore I received an error saying that I needed to rename the server.  I'm sure there may be workarounds to this problem, but I'd really like to have a valid computer name that will not cause problems.

I have read that w2k3 has the ability to rename a pdc, but I cannot find any outline as to how this is done.  Since I do not need to change the name of the domain, is it safe to assume that most applications (Exchange 2003 sp1, Live Communications server, SQL Server 2000, etc.) will accept the new name easily?  What is the best procedure for renaming this server?
ASKER CERTIFIED SOLUTION
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial

Ah Before you use that:

To rename a domain controller using the Netdom tool, the domain functional level must be set to Windows Server 2003. For more information, Related Topics.

Please refer to this to make sure you understand the functional level:

http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_levels.asp
Avatar of JamesDS
JamesDS

pwi11
Rename a DC:
http://www.petri.co.il/windows_2003_domain_controller_rename.htm
http://www.winnetmag.com/Article/ArticleID/41055/41055.html

The Exchange Server will need a reboot, Live Communications Server and SQL Server 2000 will also need rebooting and shouldn't care, so long as they are not all on the same server.

If they are all running on the same server then let me know and i'll find you some more resources.

A less stressful method is to build another DC, transfer the GC and FSMO roles and replicate the AD Database fully, then DCPROMO your existing server to remove AD, rename it and DCPROMO it again to promote it and transfer everything back again. I prefer this option personally as you can do it without downtime on your domain, but it does need another DC to be avaiable to host the GC, FSMO roles and AD database.

Cheers

JamesDS
Avatar of pwi11

ASKER

I may need to use the DCPROMO method here.  Right now the server's domain functional level is set to windows server 2000.  This server is on the domain 'domain2.local'.  There are no other DCs on this domain.  This domain is isolated from the internet.  However, when I need to get updates for the server, I disable the connection to the workstations, and enable a LAN connection that is connected to another domain that has internet access.  That domain ('domain1.com') uses a w2k server as its PDC.

Since the domains are different, would it be ok to upgrade the domain functional level to w2k3?

I can build another DC.  In fact I have another w2k3 server that is readily available.  Does anyone have a link that will walk me through the demoting and promoting procedure?
Avatar of pwi11

ASKER

Just a note - Exchange 2003 sp1 is installed on the server that I wish to change the name of.  Will demoting and promoting again affect this?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of pwi11

ASKER

Thanks JamesDS.

Well, I used DCPROMO to install a second Domain Controller in my Active Directory domain.  The installation was sucessful, I restarted, and I was able to see all of the information in AD on the new server.  The next step was to transfer roles.  I registered Schmmgmt.dll, opened mmc and added the Active Directory Schema snap in.  When I tried to Change Domain Controller, I typed the name of the new DC, then got the error:

"The domain controller could not be set.  The parameter is incorrect"

What does this mean????

However, in the field labeled CURRENT DOMAIN CONTROLLER, the name if the new server is listed.

What next?
Avatar of pwi11

ASKER

I transferred the roles using NTDSUTIL.  Then i ran dcdiag to check the status of the roles, but I get an error here too.

the first FsmoCheck reported "A good time server could not be located"

I have the Windows Time service running on both DCs.  How do I advertise the server as a time server?
Avatar of pwi11

ASKER

ok here's an update -

I got all the roles transferred.  I believe the time problem is due to the fact that the server is not on the internet.  Now I am trying to run REPLMON.EXE, but when I run this program nothing happens.  No screen comes up at all.  Task manager does not shoe this process running.
pwi11
You did read my post that says you can't rename an Exchange Server didn't you :)

See my next post about fixing timesync errors - you WILL Need access to the internet to configure a time service tho

Cheers

JamesDS
pwi11
Fixing timesync is different according to the machine type...

If it's a Member Server, standard Domain Controller (not a PDCEmulator) or standard workstation then behave as if its a member server (below)
If it's a PDCEmulator then make sure you allow port 123TCP/UDP outbound on your firewall and configure the external microsoft time service by entering this at the command line
NET TIME /SETSNTP:time.windows.com

If it's a workstation, member server or a standard Domain Controller:

Members of the Active Directory sync with their local DC (local as in local AD site). The DCs then sync with the PDCEmulator, so the PDCE is the root of all time - as it were!

Diagnosis of timesync errors is difficult, but do not be tempted to use NET TIME /SETSNTP: on all machines in the domain (as suggested to many questions like this one, unless it's a PDCE), as it specifically overrides the natural internal operation of the time service within Active Directory.

These commands are written for Windows 2003 and Windows XP. There are some equivalents for windows 2000, use W32tm /? or W32Time /? from the command line to look for alternatives on older OSs.

Use NET TIME /SETSNTP:
to clear any entry and return to the default settings

Use NET TIME /SET /YES
to synch NOW with your authenticating DC and begin the diagnosis:

Start by verifying your domain is synching AD by using REPLMON.EXE in the support tools pack on the Windows installation CD.

If this is OK then run this from the command line:
W32TM /monitor

to ensure that each member server/workstation is actually pointing to a DC.

If this is OK then run this from the command line:
W32TM /resync /rediscover

followed by:
W32TM /resync /nowait

and check the system eventlog for W32TIME errors. This process does a full reset and recheck of the time system as it relates to one member machine on your AD.

Post any errors here

Explanation of why it doesn't always instantly set the right time:
Timesync works as follows:

If the local clock time of the time client is behind the current time received from the time server, W32Time will change the local clock time immediately.
If the local clock time of the time client is more than three minutes ahead of the time on the time server, W32Time will change the local clock time immediately.
If the local clock time of the time client is less than three minutes ahead of the time on the server, W32Time will quarter or halve the clock frequency for long enough to bring the clocks into sync. If the client is less that 15 seconds ahead, it will halve the frequency; otherwise, it will quarter the frequency. The amount of time the clock spends running at an unusual frequency depends on the size of the offset that is being corrected.

W32Time will periodically check its local time with the current time by connecting to the time source. This process starts as soon as the service turns on during system start-up. W32Time attempts synchronization every 45 minutes until the clocks have successfully synchronized three times. When the clocks are correctly synchronized, W32Time then synchronizes at eight-hour intervals, unless there is a failure to obtain a timestamp, or a validation failure. If there is a failure, the process starts over from the beginning.

Set it by hand (or with the command NET TIME /SET /YES) as close as you can and then simply leave it to sort itself out.


Cheers

JamesDS