Active Directory

Renaming NETBIOS name of Active Directory Error

Recently I was testing renaming the NETBIOS name of an Active Directory domain. While this process is fairly easy, there are a few gotcha's, and before one would like to rename their domain or NETBIOS name, serious testing is required to be sure everything works after rename. In the end, if something goes wrong, the rollback will not be a walk in a park. It will hurt, and it will eat your time. So there was I going thru the usual steps.

  • Execute rendom /list
  • Edit Domainlist.xml and change NetBIOS
  • Run rendom /showforest to confirm everything works
  • Run rendom /upload to upload NetBIOS changes
  • Run rendom /prepare to prepare
  • Run rendom /execute to start renaming process (all DC's for whole forest reboots at the same time)
  • Run gpfixup /olddns:evotec.xyz /newdns:evotec.xyz
  • Run gpfixup /oldnb:OLDNB /newnb:NEWNB
  • Fix possible places where Netbios name is used
  • Restart at least two times all workstations/servers
  • Run rendom /clean to remove references to the old name
  • Run rendom /end to end rename of the domain

And the last step was an unpleasant surprise. Rendom /End error.

C:\Users\Administrator>rendom /end
Failed to delete rename script on the DN: CN=Partitions,CN=Configuration,DC=test,DC=lab on host AD-test.test.lab.
00002077: SvcErr: DSID-030F114D, problem 5003 (WILL_NOT_PERFORM), data 0
: Cannot complete this function. :1003

Before I give you the solution to this error, please keep in mind the above steps, while easy to follow, require testing. I would never rename NetBIOS or domain name without testing on a test environment that is a copy of the original domain with a handful of servers/computers to replicate identical conditions. You shouldn't either.

Rendom /End - Solution

To correct this problem, we need to move the Domain Naming Master function to another DC and then return the function to the original DC. Once completed, the step rendom /end should be able to complete. In my case, I had only one DC (test lab), but it's enough to try and move Domain Naming Master role to the very same DC.

Move-ADDirectoryServerOperationMasterRole -OperationMasterRole DomainNamingMaster -Identity MyDC.domain.local

Moving the role of DomainNamingMaster fixed the issue and allowed me to finish my rename process.

This post was last modified on %s = human-readable time difference 16:44

Przemyslaw Klys

System Architect with over 14 years of experience in the IT field. Skilled, among others, in Active Directory, Microsoft Exchange and Office 365. Profoundly interested in PowerShell. Software geek.

Share
Published by
Przemyslaw Klys

Recent Posts

Upgrade Azure Active Directory Connect fails with unexpected error

Today, I made the decision to upgrade my test environment and update the version of…

1 month ago

Mastering Active Directory Hygiene: Automating Stale Computer Cleanup with CleanupMonster

Have you ever looked at your Active Directory and wondered, "Why do I still have…

2 months ago

Active Directory Replication Summary to your Email or Microsoft Teams

Active Directory replication is a critical process that ensures the consistent and up-to-date state of…

7 months ago

Syncing Global Address List (GAL) to personal contacts and between Office 365 tenants with PowerShell

Hey there! Today, I wanted to introduce you to one of the small but excellent…

11 months ago

Active Directory Health Check using Microsoft Entra Connect Health Service

Active Directory (AD) is crucial in managing identities and resources within an organization. Ensuring its…

1 year ago

Seamless HTML Report Creation: Harness the Power of Markdown with PSWriteHTML PowerShell Module

In today's digital age, the ability to create compelling and informative HTML reports and documents…

1 year ago