Unable to rename domain controller: 'The account already exists.'

(I posted this to superuser.com, but in case I don't get any help there,
I've decided to post this here, because I can't find any newsgroups
with activity that are dedicated to Active Directory and Windows
Server. I would have posted this to serverfault.com, but they only want
posts dealing with business production environments. This is a personal
project.)

I successfully demoted an old domain controller (Windows Server 2016) in
a clean manner, cleanly removed the server from the domain, deleted the
associated object in 'Computers' in Active Directory Users and
Computers, but when I went to rename the new domain controller (running
Windows Server 2019) to the name of the old domain controller, I get the
following error:

'The account already exists.'

So I scoured Active Directory Users and Computers, DNS Manager, Active
Directory Sites and Services, and even the registry on the new domain
controller itself. I've restarted the new domain controller numerous
times. There is no mention of the old domain controller's name, but I
still get the error, regardless of whether I run Rename-Computer in
Powershell, or NETDOM at the command line:

'The account already exists.'

Now, the old domain controller was running Active Directory Certificate
Services as well, but I removed all the data entries created by the old
CA service from Active Directory Sites and Services.

Is there any place else to look for references to the old domain controller?

-- Andrew

On 09/02/2019 03:18, Andrew wrote:


Is there any place else to look for references to the old domain
controller?

-- Andrew

Please use Microsoft Official Forums by choosing the appropriate link
from he

https://social.technet.microsoft.com/Forums/lync/en-US/home?category=windowsserver

G/L



--
With over 950 million devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.

"Andrew" wrote in message ...

(I posted this to superuser.com, but in case I don't get any help there,
I've decided to post this here, because I can't find any newsgroups
with activity that are dedicated to Active Directory and Windows
Server. I would have posted this to serverfault.com, but they only want
posts dealing with business production environments. This is a personal
project.)

I successfully demoted an old domain controller (Windows Server 2016) in
a clean manner, cleanly removed the server from the domain, deleted the
associated object in 'Computers' in Active Directory Users and
Computers, but when I went to rename the new domain controller (running
Windows Server 2019) to the name of the old domain controller, I get the
following error:

'The account already exists.'

So I scoured Active Directory Users and Computers, DNS Manager, Active
Directory Sites and Services, and even the registry on the new domain
controller itself. I've restarted the new domain controller numerous
times. There is no mention of the old domain controller's name, but I
still get the error, regardless of whether I run Rename-Computer in
Powershell, or NETDOM at the command line:

'The account already exists.'

Now, the old domain controller was running Active Directory Certificate
Services as well, but I removed all the data entries created by the old
CA service from Active Directory Sites and Services.

Is there any place else to look for references to the old domain
controller?

-- Andrew

Andrew,

It may be because the name still exists in WS2019's tombstone. Rather than
me trying to recall how I did this (several years back) try reading this
article.

http://www.firewall.cx/microsoft-kno...tombstone.html

You may find a more recent dated article for WS2019 but this should help you
get started.

Has directions on how to change the lifetime of tombstone objects.



--
Bob S.

On 2/9/2019 4:19 PM, n/a wrote:

"Andrew"Â* wrote in message ...

(I posted this to superuser.com, but in case I don't get any help there,
I've decided to post this here, because I can't find any newsgroups
with activity that are dedicated to Active Directory and Windows
Server. I would have posted this to serverfault.com, but they only want
posts dealing with business production environments. This is a personal
project.)

I successfully demoted an old domain controller (Windows Server 2016) in
a clean manner, cleanly removed the server from the domain, deleted the
associated object in 'Computers' in Active Directory Users and
Computers, but when I went to rename the new domain controller (running
Windows Server 2019) to the name of the old domain controller, I get the
following error:

'The account already exists.'

So I scoured Active Directory Users and Computers, DNS Manager, Active
Directory Sites and Services, and even the registry on the new domain
controller itself. I've restarted the new domain controller numerous
times. There is no mention of the old domain controller's name, but I
still get the error, regardless of whether I run Rename-Computer in
Powershell, or NETDOM at the command line:

'The account already exists.'

Now, the old domain controller was running Active Directory Certificate
Services as well, but I removed all the data entries created by the old
CA service from Active Directory Sites and Services.

Is there any place else to look for references to the old domain
controller?

-- Andrew

Andrew,

It may be because the name still exists in WS2019's tombstone.Â* Rather
than me trying to recall how I did this (several years back) try reading
this article.

http://www.firewall.cx/microsoft-kno...tombstone.html


You may find a more recent dated article for WS2019 but this should help
you get started.

Has directions on how to change the lifetime of tombstone objects.

Success: There apparently was an entry in ADSI Edit under:

Configuration - CN=Sites - CN=Default-First-Site-Name - CN=Servers -
CN={Old Domain Controller}.

The thing is, in ADSI Edit, 'Configuration' isn't normally shown (at
least with the Remote Server Administration Tools), unlike the screen
shots in that link you provided. You have to right-click on 'ADSI Edit'
in MMC, and in the 'Connection Settings', under 'Connection Point', and
under 'Select a well known Naming Context', you select 'Configuration'.
You can also type it under the 'Name' field at the top.

So it looks like that was what was blocking me from changing the name. I
didn't need to change the tombstone lifetime.

Thanks!

-- Andrew

"Andrew" wrote in message ...

On 2/9/2019 4:19 PM, n/a wrote:

"Andrew" wrote in message ...

(I posted this to superuser.com, but in case I don't get any help there,
I've decided to post this here, because I can't find any newsgroups
with activity that are dedicated to Active Directory and Windows
Server. I would have posted this to serverfault.com, but they only want
posts dealing with business production environments. This is a personal
project.)

I successfully demoted an old domain controller (Windows Server 2016) in
a clean manner, cleanly removed the server from the domain, deleted the
associated object in 'Computers' in Active Directory Users and
Computers, but when I went to rename the new domain controller (running
Windows Server 2019) to the name of the old domain controller, I get the
following error:

'The account already exists.'

So I scoured Active Directory Users and Computers, DNS Manager, Active
Directory Sites and Services, and even the registry on the new domain
controller itself. I've restarted the new domain controller numerous
times. There is no mention of the old domain controller's name, but I
still get the error, regardless of whether I run Rename-Computer in
Powershell, or NETDOM at the command line:

'The account already exists.'

Now, the old domain controller was running Active Directory Certificate
Services as well, but I removed all the data entries created by the old
CA service from Active Directory Sites and Services.

Is there any place else to look for references to the old domain
controller?

-- Andrew

Andrew,

It may be because the name still exists in WS2019's tombstone. Rather
than me trying to recall how I did this (several years back) try reading
this article.

http://www.firewall.cx/microsoft-kno...tombstone.html
You may find a more recent dated article for WS2019 but this should help
you get started.

Has directions on how to change the lifetime of tombstone objects.

Success: There apparently was an entry in ADSI Edit under:

Configuration - CN=Sites - CN=Default-First-Site-Name - CN=Servers -
CN={Old Domain Controller}.

The thing is, in ADSI Edit, 'Configuration' isn't normally shown (at
least with the Remote Server Administration Tools), unlike the screen
shots in that link you provided. You have to right-click on 'ADSI Edit'
in MMC, and in the 'Connection Settings', under 'Connection Point', and
under 'Select a well known Naming Context', you select 'Configuration'.
You can also type it under the 'Name' field at the top.

So it looks like that was what was blocking me from changing the name. I
didn't need to change the tombstone lifetime.

Thanks!

-- Andrew

I just remoted into a clients WSE2016 VM (non-AD server) setup to see how to
get to the Connection Settings. I opened ADSIEdit.msc (it's also available
under Windows Admin Tools ADSI Edit) and on the right side clicked on More
Actions Connect To and arrived at the same window. I haven't used
WS2019 yet but it should be close....?

At any rate, the "idea" worked even though you had to figure out the route
to get there....

Glad it helped.
--
Bob S.