New Windows Server 2016 won't act as DC after name change

My 2008 R2 server was very quickly showing signs of dying. I had purchased a Windows Server 2016 to replace it but when I noticed the old one was dying I put it into action. I followed the migration instructions and everything went well. However, I then made the mistake of trying to rename the new server the name of the old server. Now, I appear to be stuck. I was able to change the IP and DNS so that it reads the name I want it to read (DC01) but when I try to remote into it it says:" An attempt was made to login, but the network logon service was not started. "

I had changed the operation manager for RID, PDC and Infrastructure and it had taken, but after I changed the name it now reads "Error." in each field. I've tried changing the name back to the original name (DOMCON02) but it gives me the error: "The following error occurred attempting to rename the computer to DOMCON02 - The specified domain either does not exist or could not be contacted. "

I've tried removing the Active Directory feature from the new server but it gives me the error: The Active Directory domain controller needs to be demoted before the AD DS role can be removed.

I tried demoting the server and it says: "The wizard cannot access the list of domains in the forest. The error is: The interface is unknown."

I've tried re-promoting the server to a domain controller and it says: Error determining whether the target server is already a domain controller: The domain controller promotion completed, but the server is not advertising as a domain controller.

And lastly, When looking in Active Directory under Domain Controllers, I see the server in there, but it's under the old pre-change name, and it won't let me change it.

All this because I changed the name!

If anyone could help me figure out how to clean up this mess I would be very grateful.
TarkisalAsked:
Who is Participating?
 
yo_beeDirector of Information TechnologyCommented:
Do you have any healthy DC's in your environment. If so you can turn off the 2016 machine and do a manually clean up.  This can be done by using ntdsutil to do a meta data clean up, but this will require at least one healthy DC.  https://blogs.technet.microsoft.com/canitpro/2016/02/17/step-by-step-removing-a-domain-controller-server-manually/
If you do not have one you will need to do a restore as Cliff recommend.  If you get this system operational again I recommend you seek expert services on AD.  This is not something you want to mess with if you do not have a solid understanding in this area.  

Good luck.
0
 
Cliff GaliherCommented:
Since you tried to rename the new server as the old  I can only assume that the old server was demoted. Do you have any backups of either DC in a healthy state?
0
 
TarkisalAuthor Commented:
I don't (Though I will make sure I do after this mess) I'm wondering if I should just blow away the new controller completely and start over? Maybe if I start over with the name changed (And yes the original was demoted but is now unaccessible) it will let me set it up?
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Cliff GaliherCommented:
Without the old, you'll effectively be building a new domain. Recreating users. Joining machines. Losing any file ACLs. But without any backup whatsoever, I don't see any other options.
1
 
TarkisalAuthor Commented:
Thanks to both of you for the responses. If I can get the original DC up long enough to pull from it how would I proceed? Would I do the ntdsutil on the old server or the 2016 server?
0
 
yo_beeDirector of Information TechnologyCommented:
with the demotion  and no backup of that DC you are SOL.  The rebuild is the only option as Cliff mentioned.
0
 
yo_beeDirector of Information TechnologyCommented:
How many user accounts, computer, network shares?  
You will need to rejoin all the computers and all the user's profiles on the computers will be very difficult to get back as well. You have you work cut out for you.  

When do you need to get this back online?
0
 
TarkisalAuthor Commented:
Tomorrow morning? About a 100 users and computers. I had two 2008 servers. DC01 and DC02. I demoted DC01 but left DC02 be. It wasn't the main one but it should be healthy and had all of the information from 01. I'm hoping I can pull from that with a new 2016 server build.
0
 
yo_beeDirector of Information TechnologyCommented:
So you maybe in luck.
You need to remove the role from the 2016 server and this link will help you work through this.
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816826(v=ws.10)
DCPROMO /ForceRemoval 

Open in new window

 
may work for the removal of the role on the server.  
Then next you will have to probably manaually clean up the metadata by using the ntdsutil.  Once you clean up the metadata of all DCs that are no longer in the system run dcdiag against your Domain to see if it is healthy again.  If so then you can add the 2016 back into the system as a DC.    

Just out of  curiosity why did you want to change the name.
0
 
Cliff GaliherCommented:
If DC02 is healthy  first thing... MAKE A FULL BACKUP!

Then clean up and clean out any reference to DC01 and the 2016 DC. From ADUC, Metadata via ntdsutil, and from DNS.

Then wipe the 2016 server. Install clean. Promote. Seize FSMO roles.
2
 
TarkisalAuthor Commented:
I wanted to change the name because it was a test name I had used and hadn't planned on using it yet AND I was hoping to name the new server the same as the one that it was replacing as we have a number programs that use the name of the machine as opposed to the IP Address.

I'll try what you suggested (Starting with the full back up) and let you know. Thanks for the guidance.
0
 
yo_beeDirector of Information TechnologyCommented:
Good luck and a lesson you will never forget.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
If you don't consider yourself an expert in AD (and even if you do), you should be using VMs on any laptop or desktop (since Hyper-V is built in to Pro editions of Windows 8-10) to build a test network (even using trial software) to test things before doing them.  And you NEED backups.  What would happen if one of your 100 users clicked a link they shouldn't and encrypted all your data?
1
 
Peter HutchisonSenior Network Systems SpecialistCommented:
There are some Netdom commands you can try to rename a server (you should not use System control panel to do it):
https://community.spiceworks.com/how_to/103538-properly-renaming-a-domain-controller-server-2012r2
0
 
TarkisalAuthor Commented:
I'm extremely happy to report I was able to get everything up and running. First (After backing up DC02) I was able to create a new server, DOMCON01, and migrate the settings from DC02. I was able to promote that to the main server. I had to seize some of the FSMO roles from the error state first by using ntdsutil to DC02 and then to DOMCON01. I then used powershell to do a metadata cleanup  (Once again using ntdsutil) of the bad DOMCON02 and cleaned it all out. Once done, I delete DOMCON02 and recreated it. I may have pushed my luck but I didn't see any sign of the name after the cleanup and so rebuilt the server from scratch and renamed it DOMCON02 again. Happily, that worked. I then promoted that server as well, demoted the old DC02, fixed the DNS settings to point to the new servers (I wasn't about to try re-using the old IP addresses) and, as of right now, I have a perfectly functioning Windows Server 2016 environment with two DC's working in tandem. Next step - Back up, back up, back up!

Thanks to all for your help!
0
 
yo_beeDirector of Information TechnologyCommented:
Happy to help and like I said a lesson you will never forget.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.