After Renaming Domain (RENDOM) there is a DNS issue.

Posted on 2014-09-18
Last Modified: 2014-09-22
Background:   Set up a new server, new forest, new domain.    It is the only server in the network/domain/forest.
I used the company's registered name: as the name of the domain.    Bad move :(      The company's web site is hosted on a remote hosting site (OK - I just redirect to the remote site).   However, internal to the code of the website are all the links which reference      So, no problem for  remote users - but for the internal LAN users, everytime they would go to their own web site, it would not work properly.   DNS on my new server would point to the inhouse server (which does NOT have any of these files).

Attempted Solution:  Used RENDOM and ran through the process to rename the domain from to mycompany.local.        Process worked and problem appeared to be solved.  

Problem:  However, when I ran DCDIAG it claims that this server fails the Connectivity test.   Specifically, it says that the host:  <GUID>._msdcs.mycompany.local could not be resolved to an IP address.   When I look in the DNS tables, I see the mycompany.local in the Forward Lookup Zone.  (Note: I deleted the which was previously there).    However, in the mycompany.local zone, I see lots of references to mycompany.COM -- as if there are still buried references to the old domain name.

Question:  How can I fix and/or cleanup DNS so that DCDIAG is happy?       Are these references to in the mycompany.local lookup zone OK?        TIA!!!
Question by:ponedog
  • 10
  • 5

Expert Comment

ID: 40330515
yeah you cannot just simply change the name like that. as the previous name is point to your ip.

the simplest way i can think of is remove dns role and recreate it.

Author Comment

ID: 40330534
So, If I remove DNS and reboot - do I need to delete any files?

Then I just add back that role ?    Will it recreate everything including the Active Directory interface ?

Author Comment

ID: 40330596
Hmmm...   I removed DNS on the server.    I have NOT re-installed DNS yet.    I run DCDIAG and get the exact same problem -- Server failed test Connectivity.    The host <guid>._msdcs.mycompany.local could not be resolved to an IP address.

Then I re-installed DNS.     Everything continues to work properly.   However DCDIAG continues to give the same message -- Server failed test Connectivity.  The host <guid>._msdcs.mycompany.local could not be resolved to an IP address.

Any other ideas ?
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

LVL 12

Expert Comment

by:David Paris Vicente
ID: 40330605
You should clean all metadata for the previous name from your AD and do some steps to also rename your DNS server.
You can check a nice how to here.

For metadata Cleanup check this link

Hope it helps.

Author Comment

ID: 40330617
Another tidbit of information:   At a command prompt, if I ping <local server name>, it resolves to the correct IP but shows that FQDN as <local server name>.mycompany.COM        

In the DNS registry, I see the SOA (start of Authority) records all referring to the <local server name>.mycompany.COM        

So, it appears that buried somewhere in active directory is still a reference to mycompany.COM as the root authority.

Where would one change that ?   ADSIedit ?

Author Comment

ID: 40330631
Thanks David for those links.   The first link is the one that I used to rename my domain.  

One of the problems I am worried about is that I am only changing the extension of my domain -- going from .COM to .LOCAL               Don't know if that caused my problem or not.

The second link I scanned quickly - I am uncertain if it applies to my situation.  I will review it more closely later...

Thanks again.

Author Comment

ID: 40330742
When I go to "Active Directory and Computers", under mycompany.local --> Domain Controllers --> server

The properties of this server shows it has a DNS name of:  server.mycompany.COM    

This appears to be the root of the problem - the name of the only server and only domain controller is still referring to the .COM extension.

It will not let me change it - also, under NTDS Settings it does have a DNS alias of: <guid>._msdcs.mycompany.local

Not sure how to proceed - or even if the DCDIAG error is significant . . .
LVL 12

Expert Comment

by:David Paris Vicente
ID: 40330759
You can create a New Zone in your DNS server and named her for mycompany.local

I´m saying this because you can change all the records for pointed to the new name mycompany.local, but some of created properties can´t be changed straight forward.

That´s why I pointed to you the first link, you should follow that link.

But if you can remove the DNS Role and afterwards  install it again, this will be the best option. Because you will not mess with LDAP and it´s a fresh start for that role and the _msdcs.mycompany.local will be created from the start .

The down point will be you will loose all the  name resolution for the FQDN, and all clients will need to re-register there address´s and probably most of your services that require names resolution will fail.

You can change from to mycompany.local that is not the issue.

This is a new Domain?
Do you already have clients registered in this Domain?
The user´s can logon successfully?

Hope it helps

Author Comment

ID: 40331940

I have removed the DNS role, rebooted, re-installed the DNS role and this is where I am...    Everything seems to work except for the DCDIAG error.      And, I do not know if that is significant or not...

Note that the DCDIAG error occurs EVEN when the DNS role has been removed from the domain controller.

I'm still puzzled....
LVL 12

Expert Comment

by:David Paris Vicente
ID: 40332321
Hi Ponedog,

In the AD Directory Services, the old server( is present?

In the command line use this command:
ntdsutil [Enter]
metadata cleanup[Enter]
remove selected server

Let me know if helped

Author Comment

ID: 40332399

As suggested in ntdsutil, "remove selected server"  resulted in an error:

"Binding to localhost . . .
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:
CN=Ntds Settings,'
Win32 error returned is 0x208f(The object name has bad syntax.)
Unable to determine the domain hosted by the Active Directory Domain Controler (5).  Please use the connection menu to specify it."

Author Comment

ID: 40332444
BTW, just for grins I tried to put in an A record (host record) with the <guid>_msdcs.mycompany.local

It wouldn't let me - since there is already this entry in the subkey (under mycompany.local) called _msdcs (which is grayed out for what it is worth).

The _msdcs subkey has only 1 entry - a NS (Name Server) record - which gives the FQDN of the Name Server as:

Again - it seems to be saying that the "real" FQDN of the domain server has the .COM extension -- which is indeed the original name when I created the forest/domain/server.

OK - I have taken the "dummy" step of editing C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
I have added the line:     <guid>._msdcs.mycompany.local

It does in fact "cure" the error I was getting when I ran DCDIAG.        The more extensive running of: DCDIAG /test:DNS gives errors when it runs the enterprise tests.  

This leads me to the following insight:      The Forest Name and Domain Name were BOTH originally mycompany.COM       Changing the DOMAIN name with rendom did NOT change the FOREST name.     The Domain Controller is still:   server.<forestname>    where forestname ends in .COM.

So my concern now is:  when I add a second domain controller to the domain, will it be able to replicate between the controllers without any problems....  

Any thoughts ?
LVL 12

Accepted Solution

David Paris Vicente earned 500 total points
ID: 40332846
Right, the NetBIOS Name it´s the same that's why I wrote and must be  only the NetBIOS name. That´s why you received the bad syntax, so let´s forget for a bit the ntdsutil.

On your dns server change all the records to the domain.local

Did you check the Active Directory Sites and Services to see if are any reference to the same NetBIOS name but with the old domain name?

How many DC's do you have?

Can you install another DC?

Author Comment

ID: 40333458

In the Active Directory Sites & Services:     Sites --> Default-First-Site-Name --> Servers --> myServer -->  DNS settings (type: msDNS-ServerSettings) --> Properties --> Attribute Editor Tab     there is an attribute: msDNS-KeymasterZones  where the value only includes references to the .COM (not the .local).    

I have no idea if I can safely change these attributes to .local - ie, what are the consequences !!

BTW, I do not have another DC to install.

Author Comment

ID: 40335816
My resolution:    I went to add a PC into the domain and realized that it could not "find" the Domain Controller (even though the DNS was pointing to the IP address of the Domain Controller).

At this point, it was:   solve the problem by brute force.

I uninstalled the Domain Services - telling the system that it was the last Domain Controller in the forest.   Then I re-booted (logging in locally).   It appeared to my untrained eye that there were still Domain Services running - so, I uninstalled again (pretty sure this is an intentional 2 step process) and finally rebooted the Server as not part of any domain, no DNS, and just a local Windows Server.
Then I re-installed the Domain Services being careful to call it mycompany.local.     Note: when it are adding the 1st Domain in a Forest, it DOES tell you that this first domain name will also be the name of the forest - I had not noticed that before :(    !!!    

So, then I rebuilt everything back...    Adding Organization Units, Users, Security Groups, Group Policies, Network Shares and Rights, etc.

It is up and working.      My conclusion is this:   rendom can work fine for renaming domains within a forest, but, should be avoided in my "simple" situation with just 1 domain in 1 new forest.    Also, I think that my concern with seeing in DNS may have been misplaced - it was probably just a reference to the forest name.    I probably messed up DNS trying to fix things and that may be why I could not add users into the domain after the RENDOM process was attempted.

Points to David for his excellent assistance!!!   Thanks    :)
LVL 12

Expert Comment

by:David Paris Vicente
ID: 40336206
Hi ponedog,

Sorry for the late response, but I was out this Weekend.

But I´m glad to ear that you could solved the issue.

Thank you for the comment.


Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Every now and then, Microsoft does something that totally impresses me. It doesn't happen often, but in this case I must say I am thoroughly impressed with Windows Server Backup. One of the long time issues with Windows Backup has been the ability t…
What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question