Issue with domain controller

Felix · 17 Feb 2010 at 16:49

I am currently installing a new domain controller to replace an older server. On the last step of changing the name of the 2 servers the new one has some how changed its name on the server but not updated it in active directory.

I now can't change it back to the original name as it says the account doesn't exist nor can I do a dcpromo to demote it, remove it from the domain and then add it back on this time hopefully correctly changing its account name in active directory. The promote it again.

There are no FSMO roles on this server, only a global cat.

Any ideas?

Felix · 17 Feb 2010 at 18:13

Sorry for the lack of detail.

The old domain controller is 2003 DC3 - domain schema and forest schema both updated to version 47. I bring a new 2008 server online with the name DC-3, I promote it, they run side by side for a week. On Monday I demoted the old server.

Today I change the ip address of the old server DC3 to a spare ip, I reboot. I change the name to OLDDC3 reboot again. All fine.

On the new server DC-3 I change the IP address to the old servers and rebooted. I then tried to change the name, however it says the name already exists. I click ok and try again. Same thing. I reboot the new server log in to try again and the name has changed. I check AD but it hasn't in the list of domain controllers.

Felix · 17 Feb 2010 at 18:49

No, because after the rename on DC3 the account was changed to OLDDC3.

Felix · 17 Feb 2010 at 19:40

Yup tried that.

Felix · 17 Feb 2010 at 20:29

I'll double check but surely with AD integrated DNS the record will have had its name change too.

Regarding the same name, there are various services and 3rd party devices that authenticate using the server and they have the DNS name rather than the IP address.

Felix · 18 Feb 2010 at 08:05

Like I said, there are no FSMO roles on the DC, no DNS, it is just a domain controller with a global cat on it. There are 2 other domain controllers in that domain and they already have the FSMO roles. This DC is purely for redundancy and authentication for various devices and services.

Felix · 18 Feb 2010 at 10:42

I think my only choice is to remove the DC from AD manually following these instructions http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Anyone attempted this before?

Thanks for the help btw.

Felix · 18 Feb 2010 at 12:31

I think that is what has happened, the new DC has been on for over a week but I think the demotion and then the name/ip changes have been too quick.

I'll get the new server reinstalled and just avoid the name change and find what devices and services are affected.

Thanks