Rename Member Server Attached to an RODC

We have a member server in a remote site that needs to be renamed. The remote site has two Windows 2016 RODC's. If we rename the computer account on the R/W DC's, force a replication, then rename DMZ server and reboot would this work?
LVL 21
compdigit44Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
First, computers are "attached" to domains. Not to specific DCs.

And a rename requires that the machine be able to reach a writeable domain controller. I don't *believe* it requires a specific FSMO role holder though.  But if you've artificially restricted the machine to connecting to the RODCs then no, it won't work. That'd defeat the purpose of the RODC architecture.
0
compdigit44Author Commented:
All server in this site can only communicate with the RODC and the RODC can communicate back to the R/w DC's. This is a locked down site. What is the proper way to rename a member server in this setup.
0
Cliff GaliherCommented:
That's actually not a supported topology.  The *only* way to do what you want is to allow member servers to talk to a writeable DC.  Even without renaming a server, things will start breaking sooner or later if they can't.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Cliff GaliherCommented:
Keep in mind that the whole point of the RODC is as a preventative measure.  You don't *want* changes to replicate from an RODC back up to a writeable DC.  Otherwise, why not deploy the site DC as a writeable DC?  People choose RODCs because the site isn't physically secure, or may be administered by someone who may inadvertently delete sysvol files or make changes that shouldn't be replicated (malicious or accidental.)  That would include computer name changes.

The RODC does have real tangible benefits.  But if you've gone and "locked down" the site completely, it still breaks some things that won't work right?  There are instances where the RODC needs to be able to initiate a replication from a R/W or needs to refer a client to a writeable domain controller, thus those requirements.  Which unless I misunderstood you, doesn't exist here.

-Cliff
0
compdigit44Author Commented:
The site is basically tried like a DMZ if that helps..
0
Shaun VermaakTechnical Specialist/DeveloperCommented:
If the RODC can connect to a writable domain controller the rename will be successful
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754956(v=ws.10)
0
compdigit44Author Commented:
yes the RODC is allowed to replicated with two R/W DC's. IF this is the case my idea would work correct?
0
Shaun VermaakTechnical Specialist/DeveloperCommented:
Correct, during normal operations. When link is down between RODC and writable DC, no
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.