Mitch Tulloch's Blog

Windows tip: Re-using domain controller names

You have five domain controllers named SEA-DC1 thru SEA-DC5. The physical hardware for SEA-DC3 is getting kind of old, so you do the following:

1. Demote SEA-DC3 from domain controller to member server. Then remove the member server from the domain, disconnect it from your network, and send it to the recycling depot.

2. Attach a brand-new system to your network, install Windows Server OS and name the new box SEA-DC3. Then join the new server to the domain and promote it to a domain controller using dcpromo.

What's wrong with this scenario? Well, nothing much provided you wait awhile after demoting your original SEA-DC3 server in order to ensure that the demotion action has fully replicated to all your other domain controllers. The reason you need to wait is because your new SEA-DC3 box has a different machine GUID than your old SEA-DC3 box, so you have to ensure that all knowledge of the old GUID has been removed from AD before you join the new box to your domain.

On the other hand, there's no real need for your new domain controller to have the exact same name as your old one. Or let me be more precise—there better not be any need for using the same name. A common Active Directory mistake is to hard-code the names of your domain controllers into a line-of-business application that you've coded in-house. I've heard of several companies that did this and lived to regret it down the road, and you don't want to end up as roadkill on the Active Directory highway!

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world