How to change computer's canonical/displayed name in Active Directory?

Question

I have an AD with 71 computers.

However, there are actually less than 50 physical computers, so I'm doing some cleanup. But, up until now when renaming PC's, I've only renamed them at the workstation through Control Panel->System.

So, the displayed name of computers in AD does not match the workstation's computer name. The displayed name, the "Canonical name of object" under Properties->Object, and the cn attribute in Attribute Editor are all the old name, while the "Computer name" and "DNS name" under Properties->General are the updated name also found at the workstation.

How do I reconcile the two different sets of names for each computer? I cannot edit the "Canonical name of object" in Properties, nor can I edit the cn attribute:

Operation failed. Error code: 0x2016; The directory service cannot perform the requested operation on the RDN attribute of an object. 00002016: Modify of RDN 'CN' on CN=COMP,OU=TEST,DC=DOMAIN,DC=local not permitted, must use 'rename operation instead.

Going forward, what is the proper way to rename a PC so that it updates both at the workstation and throughout AD?

Answer 1

It's a two-step process: first you rename the computer, and then rename its OU/CN. netdom renamecomputer doesn't rename the AD object, and I assume that Rename-Computer doesn't either (please edit this answer if that's incorrect).

PowerShell

1. Rename-Computer

2. [ Get-ADComputer | ] Rename-ADObject

CMD

1. netdom renamecomputer

2. dsmove

Answer 2

There is a command line available (reference here: https://technet.microsoft.com/en-us/library/cc788029.aspx) that people will use to automate the renaming of domain-joined workstations.