AD computer account name doesn't match Computer name
Hey team.
It's probably easy, but I've never seen it before.
My actual computer is called WXP-ACHAUDHARY (and this is also true in DNS). In AD, the title of the account is ACER-ABACUS001, yet properties shows that it knows the computer name is actually WXP-ACHAUDHARY. See my pic attached.
How can I correct the AD a/c name without disjoining the machine from the domain?
This is a single-domain 2003 environment with a WinXP client. ACER-ABACUS001 used to be the name of the machine, which was recently changed to WXP-ACHAUDHARY via newsid.exe and joined to the domain. Somewhere along the line AD seems to have gotten confused.
adname.jpg
It's probably easy, but I've never seen it before.
My actual computer is called WXP-ACHAUDHARY (and this is also true in DNS). In AD, the title of the account is ACER-ABACUS001, yet properties shows that it knows the computer name is actually WXP-ACHAUDHARY. See my pic attached.
How can I correct the AD a/c name without disjoining the machine from the domain?
This is a single-domain 2003 environment with a WinXP client. ACER-ABACUS001 used to be the name of the machine, which was recently changed to WXP-ACHAUDHARY via newsid.exe and joined to the domain. Somewhere along the line AD seems to have gotten confused.
adname.jpg
valicon
I don't think you can. I would just rejoin the machine to the domain and be done with it.
If the computer was on the domain before running newsid.exe then you really do have a problem. To change the name of a computer on the domain you just change the name from the client and reboot the system. During the name change you will be prompted for AD credentials to change it on the domain also.
I believe valicon has the best recommendation which is to disjoin the system from the domain then rejoin it.
I believe valicon has the best recommendation which is to disjoin the system from the domain then rejoin it.
ASKER
I ran newsid before the joining of the domain.
I also definitely tried renaming the machine a few times. I know this normally changes the AD account name, but not in this case.
For many reasons that I won't go into, I don't want to disjoin.
Thanks anyway.
I also definitely tried renaming the machine a few times. I know this normally changes the AD account name, but not in this case.
For many reasons that I won't go into, I don't want to disjoin.
Thanks anyway.
If you have tried renaming multiple times and it does not work then your only option would be to put this box into a workgroup, rename the machine and then join the domain.
Check in ADSI Edit. Warning: Be very careful with this tool. This is like regedit for domain objects. Very powerful but very dangerous. It is on your server CD/suptools.
First test on a desktop that you can break if you have one.
Open the Domain then drill down to the OU and computer name you want modify. Right click and hit properties.
Scroll down to one of the following.
canonicalName:
cn:
distinguishedName: -- Keep the format the same only change the CN=
dNSHostName: -- This should not need to be changed as above you said the dns name was fine.
sAMAccountName:
servicePrincipalName:
Again try this on another computer you don't care about breaking.
I would think only the canonicalName or cn would need to be changed. I just listed all the attributes I saw that had the computer name in them.
First test on a desktop that you can break if you have one.
Open the Domain then drill down to the OU and computer name you want modify. Right click and hit properties.
Scroll down to one of the following.
canonicalName:
cn:
distinguishedName: -- Keep the format the same only change the CN=
dNSHostName: -- This should not need to be changed as above you said the dns name was fine.
sAMAccountName:
servicePrincipalName:
Again try this on another computer you don't care about breaking.
I would think only the canonicalName or cn would need to be changed. I just listed all the attributes I saw that had the computer name in them.
ASKER
Sounds great. I'll get back to you. Thank you Thor.
So how did it go?
ASKER
Hey Thor.
I found 2 more fields in that list which contain the computer name: 'display name' and 'name'.
Of all these that you and I mentioned, 4 need to be changed on my naughty workstations: canonicalName, cn, distinguishedName and name.
However, none of them are able to be changed and then applied in adsiedit.msc (and I've tried them all individually). I get the error "The attribute cannot be modified because it is owned by the system".
I am a domain admin, using the Win2k3 Support Tools on my own XP workstation on the domain.
I am now researching this error and possible ways around it.
attribno.JPG
I found 2 more fields in that list which contain the computer name: 'display name' and 'name'.
Of all these that you and I mentioned, 4 need to be changed on my naughty workstations: canonicalName, cn, distinguishedName and name.
However, none of them are able to be changed and then applied in adsiedit.msc (and I've tried them all individually). I get the error "The attribute cannot be modified because it is owned by the system".
I am a domain admin, using the Win2k3 Support Tools on my own XP workstation on the domain.
I am now researching this error and possible ways around it.
attribno.JPG
Is this the primary domain? Meaning are you a sub domain or a separate domain from the original domain in the forest.
ASKER
It's just a standalone domain and I'm looking at a Gloal Catalog DC. No forests or other domains to speak of.
Please check this setting.
Right click on My Computer click properties. Open the Computer Name tab.
The Full computer name should have the correct name listed there.
Hit the change button. In the new window the computer name should again be correct.
Now hit the more button.
In this window you should have the following set.
Primary DNS suffix of this computer: yourdomain.com
Check Change primary DNS suffix when domain membership changes
NetBIOS computer name: Is this the correct name or the incorrect name?
Right click on My Computer click properties. Open the Computer Name tab.
The Full computer name should have the correct name listed there.
Hit the change button. In the new window the computer name should again be correct.
Now hit the more button.
In this window you should have the following set.
Primary DNS suffix of this computer: yourdomain.com
Check Change primary DNS suffix when domain membership changes
NetBIOS computer name: Is this the correct name or the incorrect name?
ASKER
Hey Thor. Thanks for your continued help. As you can see in my screenshot, the names are correct in all those fields and the check box is already on.
This doesn't surprise me as adsiedit showed that all these names were correct too. In adsiedit, the 4 incorrect names were: canonicalName, cn, distinguishedName and name.
adnames.jpg
This doesn't surprise me as adsiedit showed that all these names were correct too. In adsiedit, the 4 incorrect names were: canonicalName, cn, distinguishedName and name.
adnames.jpg
ASKER
In adsiedit, I even just tried changing some of those attributes for my own machine, but it still had the same error saying ti was owned by the system. :<
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Brilliant! I didn't have the courage or the time to try different things in adsiedit there. Thanks so much for your persistence.