Domain Controller rename doesn't rename all AD DFSR SYSVOL objects
This article provides resolutions to fix the issue where the domain controller rename doesn't rename all AD DFSR SYSVOL objects.
Original product version: Windows Server 2003
Original KB number: 2001271
The SYSVOL msDFSR-Member container used by DFS Replication (DFSR) isn't updated when a domain controller is renamed. For example, when renaming a DC named "OldName" to a DC named "NewName", the following object doesn't get renamed:
CN=OLDNAME,CN=Topology,CN=Domain System Volume,CN=DFSR-Globalsettings,CN=System,DC=contoso,DC=com
File replication will continue to work correctly and normally, and SYSVOL won't be affected for group policy processing or scripts.
However, the CN won't be updated or removed during later demotions or via Metadata Cleanup. This will leave orphaned DFSR topology objects in the Active Directory domain indefinitely. In addition, if a new domain controller - with the previously renamed DC's old name - were to be promoted in the domain, it would take over the old object and temporarily stop replication on the renamed domain controller until an administrator manually recreated a new object for the renamed domain controller using ADSIEDIT.MSC.
A code defect in the domain controller rename process.
Before running DCPROMO.EXE, rename computers to the final intended name using the System control panel applet or NETDOM.EXE.
When renaming an existing DC, first demote it gracefully with DCPROMO.EXE, rename it, then promote it back to being a DC.
Use ADSIEDIT.MSC to correct the AD objects manually, using the following steps:
Sign in as a Domain Administrator on a DC in the affected domain.
Connect to the default naming context.
Navigate to the DFSR Topology container. For example, in a domain called
contoso.com, it will be:
CN=Topology,CN=Domain System Volume,CN=DFSR-Globalsettings,CN=System,DC=contoso,DC=com
Rename the msDFSR-Member CN object that has the old computer name and give it the new computer name.
Was: CN=OLDNAME,CN=Topology,CN=Domain System Volume,CN=DFSR-Globalsettings,CN=System,DC=contoso,DC=com
Change to: CN=NEWNAME,CN=Topology,CN=Domain System Volume,CN=DFSR-Globalsettings,CN=System,DC=contoso,DC=com
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For issues with renaming DCs and the File Replication Service (FRS) for SYSVOL, reference:
316826 You Must Rename the SYSVOL Member Object to Rename a Windows Server 2003 Domain Controller