question

j77483-0552 avatar image
0 Votes"
j77483-0552 asked MatthewLynch-8443 published

Group Policy not updating after domain name change

Hello,

I recently changed our DC domain name. Mostly everything went well except for gp. I did use the gpfixup for both DNS and NB before ending rendom. The domain name has changed within gp however it won't let me gpupdate on the DC. It returns with the error:

"The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency {an account created on another domain controller has not replicated to the current domain controller).
Computer policy could not be updated successfully, The following errors were encountered:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account, created on another domain controller has not replicated to the current domain controller)."

I ran the AD replication program and there are no issues in there. When I make a GPReport, the only thing that looks off is under the user details it still shows the old domain name and computer name. I am not sure how I would go about modifying these fields.

I am wondering if anyone has run into anything similar after renaming their domain.

Thanks for your time.

windows-serverwindows-group-policy
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarkE-5319 avatar image
1 Vote"
MarkE-5319 answered j77483-0552 commented

When the domain name changes I don’t think it updates the resolver and base domain on the controller itself, so you’ll need to manually change this for the machine to know where to look.

Assuming you’ve completed rendom
You’ll need to run; netdom computername DCName.oldfqdn /add:DCName.newfqdn
Once rebooted the OS should pickup the change.
Make sure that DNS resolution works correctly and update the policy configuration with gpfixup (belt and braces check as I know you’ve said you’ve done that above).

Hope that helps

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Mark,

Thanks for the reply.

I restored my server from a backup and have reconfigured the change. Even after redoing all the steps very carefully I still am met with the error "The following domain controller could not be contacted" with the old domain listed when starting up GP. I have run gpfixup multiple times and restarted however this error does not go away. I did get it go go away previously by selecting the options "Remove this domain from the console" however, after that I was met with the GP not updating issue above.

0 Votes 0 ·
HannahXiong-MSFT avatar image
1 Vote"
HannahXiong-MSFT answered HannahXiong-MSFT commented

Hello @j77483-0552,

Thank you so much for posting here.

If we rename the domain, the domain controllers will not be renamed. So we need to change it manually. For more details, please refer to:
https://www.rebeladmin.com/2015/05/step-by-step-guide-to-rename-active-directory-domain-name

Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

Best regards,
Hannah Xiong

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Hannah,

I completed every step from that website, however the gpfixup does not work for me. I still get the pop up from the gpfixup steps with the old domain name. I have run gpfixup multiple times and with restarts but it still does not fix my GP issue.

0 Votes 0 ·

Hi,

Thank you so much for your kindly reply.

May I know if gpfixup tool executed with sucess when we ran the commands?
And if we checked the domain name from GPMC, the domain name has been changed or not?

117208-image.png


Best regards,
Hannah Xiong


0 Votes 0 ·
image.png (43.5 KiB)

The gpfixup tool executed "successfully" however it did not update anything within group policy. I was still left with the popup with the old domain name on it.

The domain name is showed the new one in gpmc right now. I was able to delete the old policies and create new one with the new domain name to get around the pop up with the old domain name. However I still cannot gpupdate on the domain controller itself. I still receive a name resolution error. I have extensively checked my DNS and I have not found any problems with it using dcdiag.

0 Votes 0 ·
Show more comments
MatthewLynch-8443 avatar image
0 Votes"
MatthewLynch-8443 answered MatthewLynch-8443 published

Was there a fix to this? I am getting the same issue. Gpfixup was run successfully, but I can't access GPO. I was still left with the popup with the old domain name on it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.