Renaming domain controllers

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Renaming domain controllers

The ability to rename domain controllers running Windows Server 2003 provides you with the flexibility to make changes in a Windows Server 2003 domain whenever the need arises. Rename a domain controller to:

  • Restructure your network for organizational and business needs.

  • Make management and administrative control easier.

When you rename a domain controller, you must ensure that there will be no interruption in the ability of clients to locate or authenticate to the renamed domain controller, except when the domain controller is restarted. The recommended practice for renaming a domain controller without interruption to clients is to use the Netdom tool. To rename a domain controller using the Netdom tool, the domain functional level must be set to Windows Server 2003. For more information about renaming a domain controller, see Rename a domain controller.

The System Properties dialog box can also be used to rename a domain controller, and it does not require the functional level to be raised to Windows Server 2003. Using this dialog box may result in a service interruption to clients. For more information about functional levels, see Domain and forest functionality.

The new name of the domain controller is automatically updated to Domain Name System (DNS) and Active Directory. Once the new name propagates to DNS and Active Directory, clients are then capable of locating and authenticating to the renamed domain controller. DNS and Active Directory replication latency may delay client ability to locate or authenticate to the renamed domain controller. The length of time this takes depends on specifics of your network and the replication topology of your particular organization.

During replication latency, clients may not be able to access the newly renamed domain controller. This might be acceptable for clients that try to locate and authenticate to a particular domain controller since other domain controllers should be available to process the authentication request.


The corresponding nTFRSMember or msDFSR-Member object is not renamed automatically, but the reference attributes are correctly set so SYSVOL replication is not impacted. The only potential problem with not renaming these objects is that if another domain controller is created at a later date with the same NetBIOS name of the old domain controller, then a conflict can occur as described in KB article 316826. After the rename is complete, you can optionally rename the nTFRSMember or msDFSR-Member object as part of cleanup.