2

I have an AD with 71 computers.

However, there are actually less than 50 physical computers, so I'm doing some cleanup. But, up until now when renaming PC's, I've only renamed them at the workstation through Control Panel->System.

So, the displayed name of computers in AD does not match the workstation's computer name. The displayed name, the "Canonical name of object" under Properties->Object, and the cn attribute in Attribute Editor are all the old name, while the "Computer name" and "DNS name" under Properties->General are the updated name also found at the workstation.

How do I reconcile the two different sets of names for each computer? I cannot edit the "Canonical name of object" in Properties, nor can I edit the cn attribute:

Operation failed. Error code: 0x2016; The directory service cannot perform the requested operation on the RDN attribute of an object. 00002016: Modify of RDN 'CN' on CN=COMP,OU=TEST,DC=DOMAIN,DC=local not permitted, must use 'rename operation instead.

Going forward, what is the proper way to rename a PC so that it updates both at the workstation and throughout AD?

jHilscher
  • 1,810
  • 2
  • 25
  • 29
user3761043
  • 21
  • 1
  • 2

2 Answers2

0

There is a command line available (reference here: https://technet.microsoft.com/en-us/library/cc788029.aspx) that people will use to automate the renaming of domain-joined workstations.

Sam
  • 507
  • 2
  • 11
  • 1
    I used the 'netdom' 'renamecomputer' command to rename one of the computers on the domain, but the displayed name in AD and the 'cn' attribute are still the old name. Is there something wrong with my AD? – user3761043 Jan 11 '16 at 21:14
  • I agree that this is in fact exactly what happens: the `netdom` utility **does not change the AD object's cn**. Now it must be said that the CN is essentially only used by humans, and then only within the AD tooling. The machine itself uses the GUID (or perhaps SID) of the machine account object to refer to it. – Kuba hasn't forgotten Monica Apr 24 '19 at 17:16
0

It's a two-step process: first you rename the computer, and then rename its OU/CN. netdom renamecomputer doesn't rename the AD object, and I assume that Rename-Computer doesn't either (please edit this answer if that's incorrect).

PowerShell

  1. Rename-Computer

  2. [ Get-ADComputer | ] Rename-ADObject

CMD

  1. netdom renamecomputer

  2. dsmove

Kuba hasn't forgotten Monica
  • 95,931
  • 16
  • 151
  • 313