1

I have inherited an active directory domain controller, and after adding a number of servers I found that I couldn't add a server with a specific name.

I since found out the admin who built the domain had used this name I was trying to use initially as the domain controller name.

So, without the new server added yet (as it won't add getting errors on 'SPN not unique' and 'domain no longer available') I put the DC back to its old name, and then performed the following:

https://community.spiceworks.com/how_to/103538-properly-renaming-a-domain-controller-server-2012r2

And also updated the DFS/R replication name:

  1. Open Active Directory Users and Computers.
  2. From the View menu, select Advanced Features.

  3. Perform rename according to replication method

    3a. If SYSVOL is replicated using the File Replication System - Expand System > File Replication Service > Domain System Volume (SYSVOL Share) and select the old server name.

    3b. If SYSVOL is replicated using Distributed File System Replication (DFS-R) - Expand System > DFSR-GlobalSettings > Domain System Volume > Topology and select the old server name.

  4. Right-click the selected object corresponding to the DC's old name and select Rename.

I also cleaned the old attributes from the DC object under Users and Computers -> the DC -> Attribute Editor -> servicePrincipalName.

And removed the old server name from the entry under msDS-AdditionalDnsHostName.

Can't find the old server name mentioned anywhere in DNS.

Checked metadata as per https://support.microsoft.com/en-ae/help/216498/how-to-remove-data-in-active-directory-after-an-unsuccessful-domain-co and cannot see the old server name, the new server name CN, DSA object, DNS host name and Computer object all as expected (no mention of old DC name).

Running dcdiag reports ok, showing the new server name as expected.

Despite this, I still cannot add the server (of the old DC name before it was renamed, although I cleared up above) - anywhere else I need to cleanup from before I lose my mind?

Anything else to check for that could have been messed up from this rename, any diagnostics other than dcdiag to check?

kasperd
  • 30,455
  • 17
  • 76
  • 124
morleyc
  • 1,150
  • 13
  • 47
  • 89
  • 1
    You can use "SETSPN.EXE /L */*" to verify there aren't any existing SPNs already registered using your proposed DC name. Edit: there should be asterisks around / but this comment form keeps stripping them. – twconnell Jan 07 '19 at 21:32
  • Good news and sorry for late reply... after leaving it some time (a couple of hours), i was then able to add - maybe AD did some cleanup? – morleyc Jan 08 '19 at 08:07

0 Answers0