Rename multiple AD computers???

F

farscapesg1

2[H]4U
Joined
Aug 4, 2004
Messages
2,648
OK, my google-fu is failing me here. It may be due to certain "permission" issues also :(

We need to rename about 300 devices that are already in AD, in less than 2 weeks. Of course, those assigned with the task have known about it and dragged their feet and are now panicking...

Couple comments...

1) Devices were imaged with SCCM OS deployment tied to a "service account" at our corporate level for the creation of the AD objects. Unfortunately, getting this login/password information is out of the question.

2) We have admin rights to the boxes, and AD rights to make create/delete computer accounts, just not rights to modify the accounts created by OSD.

3) These are all Windows XP boxes

Anyone got a script, or know of a script that could accomplish this? NetDom doesn't seem to work due to the rights issue...
 
the account used/granted permission to join the machine to the domain should not affect renaming machines.
although I have not used SCCM, so I s'pose it may be different.

What's the error you get when attempting to rename with the netdom command?

can you log in to a computer and rename it without issue? If so, then it's not a permission issue.
 
I get an access is denied message.

If I sit in front of the system logged in with my account (a member of the local admin group) and try to just rename it, I get Access is Denied.

However, I can switch it to a workgroup, restart, log on with local admin accounts and rename it, restart, then join it back to the domain after I create a new AD object...
 
farscapesg1 said:
I get an access is denied message.

If I sit in front of the system logged in with my account (a member of the local admin group) and try to just rename it, I get Access is Denied.

However, I can switch it to a workgroup, restart, log on with local admin accounts and rename it, restart, then join it back to the domain after I create a new AD object...
Click to expand...

so then your domain admins have not granted you permissions to rename objects.

which means, the way it's setup, you would have to manually create all the computer objects.

now, you could use netdom to remove from domain, rename, and rejoin without pre-creating the objects, but then of course all the machines would go in to the default Computers container.

edit: actually, doesn't look like you can move the computer to Workgroup mode with NetDom. So, you're hosed unless your admins modify your rights and give you the ability to rename computer objects
 
You must log in or register to reply here.
Back
Top