Solved

Renaming my domain controller

Posted on 2004-10-22
1,042 Views
Last Modified: 2008-05-12
Hi everyone,

I have a w2k3 domain controller that has an underscore in its name.  I am now realizing that this is a problem.  I wanted to install MS Office Project Server 2003, and because of the underscore I received an error saying that I needed to rename the server.  I'm sure there may be workarounds to this problem, but I'd really like to have a valid computer name that will not cause problems.

I have read that w2k3 has the ability to rename a pdc, but I cannot find any outline as to how this is done.  Since I do not need to change the name of the domain, is it safe to assume that most applications (Exchange 2003 sp1, Live Communications server, SQL Server 2000, etc.) will accept the new name easily?  What is the best procedure for renaming this server?
0
Question by:pwi11
    11 Comments
     
    LVL 70

    Accepted Solution

    by:
    0
     
    LVL 70

    Expert Comment

    by:Chris Dent

    Ah Before you use that:

    To rename a domain controller using the Netdom tool, the domain functional level must be set to Windows Server 2003. For more information, Related Topics.

    Please refer to this to make sure you understand the functional level:

    http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_levels.asp
    0
     
    LVL 16

    Expert Comment

    by:JamesDS
    pwi11
    Rename a DC:
    http://www.petri.co.il/windows_2003_domain_controller_rename.htm
    http://www.winnetmag.com/Article/ArticleID/41055/41055.html

    The Exchange Server will need a reboot, Live Communications Server and SQL Server 2000 will also need rebooting and shouldn't care, so long as they are not all on the same server.

    If they are all running on the same server then let me know and i'll find you some more resources.

    A less stressful method is to build another DC, transfer the GC and FSMO roles and replicate the AD Database fully, then DCPROMO your existing server to remove AD, rename it and DCPROMO it again to promote it and transfer everything back again. I prefer this option personally as you can do it without downtime on your domain, but it does need another DC to be avaiable to host the GC, FSMO roles and AD database.

    Cheers

    JamesDS
    0
     

    Author Comment

    by:pwi11
    I may need to use the DCPROMO method here.  Right now the server's domain functional level is set to windows server 2000.  This server is on the domain 'domain2.local'.  There are no other DCs on this domain.  This domain is isolated from the internet.  However, when I need to get updates for the server, I disable the connection to the workstations, and enable a LAN connection that is connected to another domain that has internet access.  That domain ('domain1.com') uses a w2k server as its PDC.

    Since the domains are different, would it be ok to upgrade the domain functional level to w2k3?

    I can build another DC.  In fact I have another w2k3 server that is readily available.  Does anyone have a link that will walk me through the demoting and promoting procedure?
    0
     

    Author Comment

    by:pwi11
    Just a note - Exchange 2003 sp1 is installed on the server that I wish to change the name of.  Will demoting and promoting again affect this?
    0
     
    LVL 16

    Assisted Solution

    by:JamesDS
    pwi11
    So long as the domain names are different they will coexist on the same lan happily.

    HOWEVER - YOU CANNOT RENAME AN EXCHANGE 2003 SERVER:
    http://searchexchange.techtarget.com/ateQuestionNResponse/0,289625,sid43_cid571105_tax296923,00.html

    To DCPROMO a machine:
    http://www.petri.co.il/how_to_install_active_directory_on_w2k.htm
    The link refers to W2k but it's the same process for W2k3

    Once you have a second DC built, use Active Directory Sites and Services tool to make it a GC and transfer the FSMO roles:
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;324801

    Use REPLMON from the Support tools pack on the CD to check that you database is fully replicated.

    run DCPROMO on the existing machine to remove AD - it will prompt you through the steps.

    Rename and run the above to transfer back again.

    Cheers

    JamesDS
    0
     

    Author Comment

    by:pwi11
    Thanks JamesDS.

    Well, I used DCPROMO to install a second Domain Controller in my Active Directory domain.  The installation was sucessful, I restarted, and I was able to see all of the information in AD on the new server.  The next step was to transfer roles.  I registered Schmmgmt.dll, opened mmc and added the Active Directory Schema snap in.  When I tried to Change Domain Controller, I typed the name of the new DC, then got the error:

    "The domain controller could not be set.  The parameter is incorrect"

    What does this mean????

    However, in the field labeled CURRENT DOMAIN CONTROLLER, the name if the new server is listed.

    What next?
    0
     

    Author Comment

    by:pwi11
    I transferred the roles using NTDSUTIL.  Then i ran dcdiag to check the status of the roles, but I get an error here too.

    the first FsmoCheck reported "A good time server could not be located"

    I have the Windows Time service running on both DCs.  How do I advertise the server as a time server?
    0
     

    Author Comment

    by:pwi11
    ok here's an update -

    I got all the roles transferred.  I believe the time problem is due to the fact that the server is not on the internet.  Now I am trying to run REPLMON.EXE, but when I run this program nothing happens.  No screen comes up at all.  Task manager does not shoe this process running.
    0
     
    LVL 16

    Expert Comment

    by:JamesDS
    pwi11
    You did read my post that says you can't rename an Exchange Server didn't you :)

    See my next post about fixing timesync errors - you WILL Need access to the internet to configure a time service tho

    Cheers

    JamesDS
    0
     
    LVL 16

    Expert Comment

    by:JamesDS
    pwi11
    Fixing timesync is different according to the machine type...

    If it's a Member Server, standard Domain Controller (not a PDCEmulator) or standard workstation then behave as if its a member server (below)
    If it's a PDCEmulator then make sure you allow port 123TCP/UDP outbound on your firewall and configure the external microsoft time service by entering this at the command line
    NET TIME /SETSNTP:time.windows.com

    If it's a workstation, member server or a standard Domain Controller:

    Members of the Active Directory sync with their local DC (local as in local AD site). The DCs then sync with the PDCEmulator, so the PDCE is the root of all time - as it were!

    Diagnosis of timesync errors is difficult, but do not be tempted to use NET TIME /SETSNTP: on all machines in the domain (as suggested to many questions like this one, unless it's a PDCE), as it specifically overrides the natural internal operation of the time service within Active Directory.

    These commands are written for Windows 2003 and Windows XP. There are some equivalents for windows 2000, use W32tm /? or W32Time /? from the command line to look for alternatives on older OSs.

    Use NET TIME /SETSNTP:
    to clear any entry and return to the default settings

    Use NET TIME /SET /YES
    to synch NOW with your authenticating DC and begin the diagnosis:

    Start by verifying your domain is synching AD by using REPLMON.EXE in the support tools pack on the Windows installation CD.

    If this is OK then run this from the command line:
    W32TM /monitor

    to ensure that each member server/workstation is actually pointing to a DC.

    If this is OK then run this from the command line:
    W32TM /resync /rediscover

    followed by:
    W32TM /resync /nowait

    and check the system eventlog for W32TIME errors. This process does a full reset and recheck of the time system as it relates to one member machine on your AD.

    Post any errors here

    Explanation of why it doesn't always instantly set the right time:
    Timesync works as follows:

    If the local clock time of the time client is behind the current time received from the time server, W32Time will change the local clock time immediately.
    If the local clock time of the time client is more than three minutes ahead of the time on the time server, W32Time will change the local clock time immediately.
    If the local clock time of the time client is less than three minutes ahead of the time on the server, W32Time will quarter or halve the clock frequency for long enough to bring the clocks into sync. If the client is less that 15 seconds ahead, it will halve the frequency; otherwise, it will quarter the frequency. The amount of time the clock spends running at an unusual frequency depends on the size of the offset that is being corrected.

    W32Time will periodically check its local time with the current time by connecting to the time source. This process starts as soon as the service turns on during system start-up. W32Time attempts synchronization every 45 minutes until the clocks have successfully synchronized three times. When the clocks are correctly synchronized, W32Time then synchronizes at eight-hour intervals, unless there is a failure to obtain a timestamp, or a validation failure. If there is a failure, the process starts over from the beginning.

    Set it by hand (or with the command NET TIME /SET /YES) as close as you can and then simply leave it to sort itself out.


    Cheers

    JamesDS
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Suggested Solutions

    Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
    Learn about cloud computing and its benefits for small business owners.
    This video Micro Tutorial is the first in a two-part series that shows how to create and use custom scanning profiles in Nuance's PaperPort 14.5 (http://www.experts-exchange.com/articles/17490/). But the ability to create custom scanning profiles al…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    846 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now