Solved

Cant rename server, account already exists.

Posted on 2014-10-06
8
755 Views
1 Endorsement
Last Modified: 2014-10-08
I am having a strange case after renaming a domain controller.
I am in the process of replacing 3 of my win 2008 R2 DCS with 3 new Win 2012 R2 DCs.
Ive done 2 so far by renaming them to -OLD, then promoting a new DC with original name.

On my 3rd DC which is also the primary FSMO, I was able to rename it  to SERVER1-OLD, I also transfered all 5 roles to SERVER2.
Now I am ready to rename SERVER1-NEW to original name SERVER1, but its giving me error computer already exists.
Ive given it 2 hrs to replicate after renaming the DC, the AD record no longer exists, The DC is called SERVER1-OLD , the DNS record also doesnt exits. I did a search in AD for computer SERVER1 and it didnt find it.
I also checked ADSI Edit, and its all clean, no mention of the record.
My DC diag looks ok, except some SNMP error, and no errors show in event logs for AD for over 2 hrs now.
I used the same method on my 2 other DC with no issues. The only different is this one was primary DC.
http://technet.microsoft.com/en-us/library/cc794951(v=ws.10).aspx

I tried renaming it to SERVER1-NEW2, and it worked, so its not a issue with my new server or the renaming process, it just doesnt like the original name SERVER1

Ill give it 12 more hrs to replicate, I hope it works by then, it should now but it doesnt.
Ive created new objects in AD, and they replicate in 15min.

Help is appreciated.
Thanks
1
Comment
Question by:baysysadmin
  • 5
  • 3
8 Comments
 
LVL 9

Expert Comment

by:Zacharia Kurian
ID: 40365295
A few questions in order to get a proper picture of your problem and correct me if I am wrong.

You are replacing 3 of  of your win 2008 R2 DCS with 3 new Win 2012 R2 DCs.

Your PDC which was " SERVER1" you renamed to SERVER1-OLD. At this point did you make sure the change was replicated in your AD?

You transferred your FSMO from   SERVER1-OLD (which is win2008 R2) to SERVER2 (which is win 2012 R2). Have you re IP'd the old server?

As per the MS, renaming a domain controller occurs when;

    New hardware is purchased to replace an existing domain controller.
    Domain controllers are decommissioned or promoted and renamed to maintain a naming convention.
    Domain controllers are moved or placed in sites.


Do you fall in any of the above? I mean are you planning to decommission your win 2008 R2s?
0
 

Author Comment

by:baysysadmin
ID: 40366055
I am going to decommision the old ones, ive done 2 so far, this SERVER1 is the last one.
Eventually I keep the original IP and name.
Yes I did wait for the name and dns to replicate, no issues.
I did have a hickup after renaming SERVER1 to old, it would get stuck at applying settings after reboot.
I had to go to safe mode and disable the NIC, then login as normal and re enable the NIC. The replication continued fine after that.

I tried renaming it again after 12 hrs, no luck same error.
0
 

Author Comment

by:baysysadmin
ID: 40366232
I just tried joining a new PC with a name SERVER1 rather than renaming an existing one.

I got a differnt error. No Mapping between account anmes and security IDs was done.

This error usuall shows when the object with same name from previous server still exists in AD.
So it looks like my hickup left something in the AD, but ADSI Edit cant see any left over object.
Is there another place to look, like deleted items or something.
0
 

Author Comment

by:baysysadmin
ID: 40366263
I think i figured it out, looks like my SERVER1-OLD didnt rename properly.
When looking at the object in ADSI the long string that has the computer name in it for every type of service starts with SERVER1-OLD but then when I scroll over some of the entries at the end still have the original name SERVER1


serverReferenceBL: CN=SERVER1-OLD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fp,DC=domain,DC=com;
servicePrincipalName (40): ldap/SERVER1-OLD/FP; HOST/SERVER1-OLD/FP; ldap/SERVER1-old.domain.com/domain.com; ldap/SERVER1-OLD; ldap/SERVER1-old.domain.com/FP; HOST/SERVER1-old.domain.com/domain.com; HOST/SERVER1-old.domain.com; HOST/SERVER1-OLD; HOST/SERVER1-old.domain.com/FP; RestrictedKrbHost/SERVER1-OLD; RestrictedKrbHost/SERVER1-old.domain.com; GC/SERVER1-old.domain.com/domain.com; NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/SERVER1-old.domain.com; ldap/SERVER1-old.domain.com/ForestDnsZones.domain.com; TERMSRV/SERVER1-old.domain.com; TERMSRV/SERVER1-OLD; ldap/SERVER1-old.domain.com/DomainDnsZones.domain.com; DNS/SERVER1-old.domain.com; ldap/SERVER1-old.domain.com; Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/SERVER1.domain.com; TERMSRV/SERVER1; TERMSRV/SERVER1.domain.com; HOST/SERVER1/FP; ldap/SERVER1/FP; ldap/SERVER1.domain.com/ForestDnsZones.domain.com; ldap/SERVER1.domain.com/DomainDnsZones.domain.com; DNS/SERVER1.domain.com; GC/SERVER1.domain.com/domain.com; RestrictedKrbHost/SERVER1.domain.com; RestrictedKrbHost/SERVER1; HOST/SERVER1.domain.com/FP; HOST/SERVER1; HOST/SERVER1.domain.com; HOST/SERVER1.domain.com/domain.com; ldap/SERVER1.domain.com/FP; ldap/SERVER1; ldap/SERVER1.domain.com; ldap/SERVER1.domain.com/domain.com; E3514235-4B06-11D1-AB04-00C04FC2DCD2/1d4d3bfa-699e-456c-8363-7b739da65928/domain.com; ldap/1d4d3bfa-699e-456c-8363-7b739da65928._msdcs.domain.com;
userAccountControl: 0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION );
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:baysysadmin
ID: 40366298
I renamed it again to SERVER1-OLD2, but no luck, the last few records still have the name SERVER1, they just dont update.

What are my options here, try to manually edit the object, or demote the DC now, and delete the object.
Hopefully when I join the server with SERVER1 name it would work?
0
 
LVL 9

Accepted Solution

by:
Zacharia Kurian earned 500 total points
ID: 40367741
If your new windows 2012  R2 server has all the FSMO roles assigned, and the other additional domains (windows 2012 R2s) are getting replicated to  your PDC (windows 2012 R2), then you can decommission the old server and delete any objects related.

But make sure that you do not have absolutely any issues with your current windows 2012 R2 DCs.  Check the AD health and the DNS. Run the BPA against all the roles installed in your windows 2012 DCs.  Above all take a complete backup of your windows 2012 R2 DCs, along with the DNS backup too.
0
 

Author Comment

by:baysysadmin
ID: 40368579
I ended up decommisioning the old one. And then removing it from domain.
I did have to cleanup some DNS records which didnt get removed, replication was messed up after that.
After I cleaned things up, it replicated fine in about 30min.

Thanks
0
 
LVL 9

Expert Comment

by:Zacharia Kurian
ID: 40368883
Glad that you made it. Make sure to backup your AD & DNS. Keep monitoring your new DCs from time to time.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now