Accidentally renamed a DC in Active Directory

Posted on 2011-05-13
Last Modified: 2012-05-11
OK, so I made a really dumb mistake and I am trying to figure out the best way to fix it!
I had a Windows 2008 server that I was preparing to send to an overseas office as a domain controller. I built the machine but had not yet promoted it when I realized that I would not be able to send it to the new office. We ordered a new machine directly to the new office where I went, built the machine and promoted it to a domain controller.

The original machine was disconnected from the network before I went to the new office because I had it prepared for shipping. When I realized that I couldn't use it I deleted it from Active Directory with the intent of re-installing the OS.

Here's the mistake: I used the same name for the new machine and I did NOT rebuild the old machine! I brought it up on the network and renamed it (remember this was not a DC). This renamed the DC's entry in Active Directory.
So far I have not had an issue but the AD entry for the Domain Controller was renamed and I'm not sure how I should go about fixing it!

Any ideas?
Question by:Hawkeye_11105
    LVL 6

    Assisted Solution

    If you have remote control of it. Try to demote the DC. Rename to something else if you want then promote again.

    Author Comment

    Thanks for the suggestion but I now realize the next issue: because the name was changed I am now getting an error: The security database on the server does not have a computer account for this workstation trust relationship."
    I have used ADSIEdit to add an entry to servicePrincipalName  (added the orignal name) based on some info that I found but I need to wait to reboot the machine.
    If I can get into the machine then I can try demoting it and rename it.
    I will keep you informed
    LVL 13

    Assisted Solution

    When you joined the member server with the same name as the AD controller you broke the secure channel between the domain and the DC computer account
    Basically the new member server "took" the trust away from the DC.
    You will have to logon to the renamed DC as local administrator to remove it from the domain (dcpromo /forceremoval), to get around the trust issue

    Author Comment

    The problem is because it is a domain controller there is no local administrator account
    LVL 59

    Accepted Solution

    You need to use the DRSM Administrative password to login through RDP

    You can run metadata cleanup to remove failed DC. dcpromo /forceremoval

    From here you can promote the server again.

    Author Comment

    OK, I think we got it.
    Fortunately, I have a Dell Remote Access Controller on that machine. I was able to reboot in DSRM and run the DCPromo command.
    In the interest of completeness I will give the whole process of what I had to do:
    Reboot into DSRM and logon to the computer
    Run "DCPromo /forceremoval" and reboot
    I renamed the computer and rebooted.
    I had to logon to another DC and remove the original name from AD
    I renamed the computer again back to the original name and rebooted
    I ran DCPromo to add the machine back as a domain controller

    Now I just need to wait and see what else got screwed up :-)

    Thank you all for your help

    Author Closing Comment

    I probably would have ended up rebuilding the whole server if it wasn't for the help of these fine experts

    Featured Post

    Want to promote your upcoming event?

    Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

    Join & Write a Comment

    We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
    Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
    To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
    This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now