I was performing a rename of an Active Directory domain that consists of two domain controllers running Windows Server 2012, and everything was going smoothly… However, I ran the rendom /clean utility too soon.
If you execute rendom /clean before all the machines in the domain get rebooted twice, they won't be able to access the domain any longer… /clean removes the alias/migration information from Active Directory.
Unfortunately, I ran /clean without realizing the catastrophic effect it would have — making all the machines that haven't rebooted, no longer be able to access the domain.
Is there a way to undo the /clean? I took bare-metal backups of the DC's before doing the rename operation, so I'm looking at restoring those now — but I would like to know if there's a way to just add the alias information back into Active Directory.
Best Answer
I'll preface this by saying that I've never run
/cleanearly and I've never fully inspected what bits/cleanflips under the hood. That said, I have done a large-scale domain rename in a 10,000+ object forest, and it's a delicate process. I wouldn't want to rig up a workaround that will leave you in an unsupported state. Instead, I'd definitely restore your DCs from backups as well as any other servers that did reboot twice. Then start over with a clean slate.