Rename Member Server Attached to an RODC

We have a member server in a remote site that needs to be renamed. The remote site has two Windows 2016 RODC's. If we rename the computer account on the R/W DC's, force a replication, then rename DMZ server and reboot would this work?
LVL 20
compdigit44Asked:
Who is Participating?
 
Shaun VermaakConnect With a Mentor Technical Specialist/DeveloperCommented:
Correct, during normal operations. When link is down between RODC and writable DC, no
0
 
Cliff GaliherCommented:
First, computers are "attached" to domains. Not to specific DCs.

And a rename requires that the machine be able to reach a writeable domain controller. I don't *believe* it requires a specific FSMO role holder though.  But if you've artificially restricted the machine to connecting to the RODCs then no, it won't work. That'd defeat the purpose of the RODC architecture.
0
 
compdigit44Author Commented:
All server in this site can only communicate with the RODC and the RODC can communicate back to the R/w DC's. This is a locked down site. What is the proper way to rename a member server in this setup.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Cliff GaliherCommented:
That's actually not a supported topology.  The *only* way to do what you want is to allow member servers to talk to a writeable DC.  Even without renaming a server, things will start breaking sooner or later if they can't.
0
 
Cliff GaliherCommented:
Keep in mind that the whole point of the RODC is as a preventative measure.  You don't *want* changes to replicate from an RODC back up to a writeable DC.  Otherwise, why not deploy the site DC as a writeable DC?  People choose RODCs because the site isn't physically secure, or may be administered by someone who may inadvertently delete sysvol files or make changes that shouldn't be replicated (malicious or accidental.)  That would include computer name changes.

The RODC does have real tangible benefits.  But if you've gone and "locked down" the site completely, it still breaks some things that won't work right?  There are instances where the RODC needs to be able to initiate a replication from a R/W or needs to refer a client to a writeable domain controller, thus those requirements.  Which unless I misunderstood you, doesn't exist here.

-Cliff
0
 
compdigit44Author Commented:
The site is basically tried like a DMZ if that helps..
0
 
Shaun VermaakTechnical Specialist/DeveloperCommented:
If the RODC can connect to a writable domain controller the rename will be successful
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754956(v=ws.10)
0
 
compdigit44Author Commented:
yes the RODC is allowed to replicated with two R/W DC's. IF this is the case my idea would work correct?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.