Rename remote Win2k machine [revisited]

  • Thread starter Thread starter Gerry Hickman
  • Start date Start date
G

Gerry Hickman

I know this has been covered before, but did we ever get any good answers?

It seems in XP/2003 there are WMI calls you can make to do this, but
they don't work on Win2k. I don't know if this is due to lack of
underlying APIs (available remotely) or just lack of available classes
that can be called from scripting?

There's more to renaming a machine that just changing it's name. In an
ideal world the following will happen

"The machine talks to the DCs and adjusts it's computer account name and
keeps it's secure channel and retains domain admin permissions and no
reboot is needed".

However, in reality it seems the following has to happen:

1. The machine is "unjoined" from the domain, and it's computer account
gets deleted from the server, and this also means domain admin rights
are removed. (That can be a pain in itself as can't remote Admin the box
anymore!) A reboot is needed to complete the operation.

2. The local name of the machine gets changed

3. The machine has to be "rejoined" to the domain and rebooted again.
This could be tricky in script, as you no longer have domain admin
rights under which to run the script!

When using the GUI on the local box, however, you can do all this with
just one reboot; I'm not sure what order this happens in, does the name
get changed in the reg BEFORE the join attempt is made or after?

The only potentially scriptable tool I can find is NETDOM, part of the
"Support Tools", but despite having a "rename" option, it seems this is
ONLY for BDCs, not workstations! An other major problem with Netdom is
that you'd need to feed it plain text passwords, not good.

So to manually (but remotely) rename a machine you could (in theory)

1. Put the new name in the Reg, ready for reboot (not the active name)
2. Run Netdom (with the Reboot option) to unjoin it
3. Wait 60 seconds
4. Run Netdom again (with the Reboot option) to rejoin it

Obviously this is a joke, it's not even automated!

Surely admins on big networks have been doing this kind of thing with
NT4 for years?

There was an other poster suggested the following (no reboots?!?)

1. Rename the computer in the reg
2. Stop all the services
3. Start all the services

How on earth that will cope with domain membership, I have no idea; I'm
also not sure how you can start the services again (you won't have RPC
anymore). However, it's possible you could push a script to the local
box, run it there and then wait for it to complete, but that's starting
to get a bit over the top just to rename a computer.
 
Gerry, please e-mail me on another issue. Send to (e-mail address removed)
(remove nospam).

You know how to ask a complicated question, my friend.

I don't really have any input other than an observation. (your point #1) I
think the machine accounts in AD are renamed rather than deleted and
re-added to the domain, I think that is why they often remain in the correct
OU after renaming. And then again, during a rename sometimes the new
machine account is created and leaves the original machine account in AD as
a "ghost". The ghost is in the correct OU and the new account is created in
the Computers default container so I suppose the machine was unable to
rename for some reason and then added itself. I don't know why some
machines do things differently.

This is why we have our field techs disjoin the computer from the domain,
restart and add the machine back - avoiding ghosts.
 
Hi Scott,

I'll reply and e-mail at later date; I've left this MSG marked for
attention.

Just to quickly mention, I did manage to do a remote rename on
Wednesday, using combination of WMI and NETDOM. It was a bit
over-complex for my liking - some of the implications I identified
happened EXACTLY as I predicted (!), BUT it did work and it's a real
boon if you can't actually get to the box that needs renamed.
 
Hi Scott,

I looked in this a bit more. Based on the speed with which you can
rename a machine, I think you are right about #1. Basically it's much
quicker to "rename" than it is to unjoin/rename/rejoin.

Unfortunately, this can only be done sitting at the local machine (under
Win2k anyway). It does make me wonder if there's a low level API call
that can do this remotely though.

On my own network, I didn't get the problem with ghosts; as soon as I
renamed the machine, AD machine accounts were suddenly updated
correctly. Quite impressive, but again impossible to do using scripting.

You can certainly use WSH/NETDOM to do reliable remote renaming of
machines, but to make it totally automated you'd have to put plain text
passwords in the BAT files.

One problem I did run into, however, is that old DNS records do not get
deleted, and an old PTR record can cause dynamic update to fail because
it sees the IP is already mapped. However, it's possible this is related
to the D-DNS issues I described in an other thread. It's certainly worth
checking for the first 10 machines.
 
Back
Top