Accidentally renamed a DC in Active Directory

Posted on 2011-05-13
Medium Priority
Last Modified: 2012-05-11
OK, so I made a really dumb mistake and I am trying to figure out the best way to fix it!
I had a Windows 2008 server that I was preparing to send to an overseas office as a domain controller. I built the machine but had not yet promoted it when I realized that I would not be able to send it to the new office. We ordered a new machine directly to the new office where I went, built the machine and promoted it to a domain controller.

The original machine was disconnected from the network before I went to the new office because I had it prepared for shipping. When I realized that I couldn't use it I deleted it from Active Directory with the intent of re-installing the OS.

Here's the mistake: I used the same name for the new machine and I did NOT rebuild the old machine! I brought it up on the network and renamed it (remember this was not a DC). This renamed the DC's entry in Active Directory.
So far I have not had an issue but the AD entry for the Domain Controller was renamed and I'm not sure how I should go about fixing it!

Any ideas?
Question by:Hawkeye_11105

Assisted Solution

Elwin3 earned 668 total points
ID: 35755041
If you have remote control of it. Try to demote the DC. Rename to something else if you want then promote again.

Author Comment

ID: 35755652
Thanks for the suggestion but I now realize the next issue: because the name was changed I am now getting an error: The security database on the server does not have a computer account for this workstation trust relationship."
I have used ADSIEdit to add an entry to servicePrincipalName  (added the orignal name) based on some info that I found but I need to wait to reboot the machine.
If I can get into the machine then I can try demoting it and rename it.
I will keep you informed
LVL 13

Assisted Solution

5g6tdcv4 earned 664 total points
ID: 35755809
When you joined the member server with the same name as the AD controller you broke the secure channel between the domain and the DC computer account
Basically the new member server "took" the trust away from the DC.
You will have to logon to the renamed DC as local administrator to remove it from the domain (dcpromo /forceremoval), to get around the trust issue
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.


Author Comment

ID: 35756537
The problem is because it is a domain controller there is no local administrator account
LVL 59

Accepted Solution

Darius Ghassem earned 668 total points
ID: 35756925
You need to use the DRSM Administrative password to login through RDP

You can run metadata cleanup to remove failed DC. dcpromo /forceremoval

From here you can promote the server again.

Author Comment

ID: 35757339
OK, I think we got it.
Fortunately, I have a Dell Remote Access Controller on that machine. I was able to reboot in DSRM and run the DCPromo command.
In the interest of completeness I will give the whole process of what I had to do:
Reboot into DSRM and logon to the computer
Run "DCPromo /forceremoval" and reboot
I renamed the computer and rebooted.
I had to logon to another DC and remove the original name from AD
I renamed the computer again back to the original name and rebooted
I ran DCPromo to add the machine back as a domain controller

Now I just need to wait and see what else got screwed up :-)

Thank you all for your help

Author Closing Comment

ID: 35757353
I probably would have ended up rebuilding the whole server if it wasn't for the help of these fine experts

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question