We help IT Professionals succeed at work.

Did this DC demote gracefully?

isdirect asked
Medium Priority
Last Modified: 2008-02-01
Hi everyone - I have a fairly new (2 months old) Windows 2003 domain.  It is not a migrated domain, but brand-new, fresh out of the box.  Of course I started with one Domain Controller (and all associated roles), and then added a second DC which also became the Exchange Server 2003.  Recently, Microsoft documentation (and some opinions here) prompted me to demote the Exchange Server, which I did using DCPROMO, and which seemed to go smoothly except for a couple of bad entries in the Recipient Update services, which I resolved.  Just to be "safe," and to provide additional DC services, I created yet another new DC (not promoted, but fresh.)

Here's my question: since I demoted the Exchange server from DC to member server, the KCC service has reported Event 1104 in the Directory Services log on the original DC.  The Event refers to the demoted DC.  Should I receive this event more than once (if at all?)  Did the DC demote gracefully, or do I need to use the metadata cleanup process (which I had to do on my old domain a couple of times - messy business)?  The text of the Event entry scares me a little, because the demoted DC did NOT "move" to another site from the original DC.  It was demoted using DCPROMO.

Here's the text of Event 1104 (STJCOMM is the name of the demoted domain controller):

The Knowledge Consistency Checker (KCC) successfully terminated the following change notifications.
Directory partition:
Destination network address:
Destination domain controller (if available):
CN=NTDS Settings\0ADEL:2184d591-efa4-44ba-aedf-83ff917fb311,CN=STJCOMM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=stjnet,DC=local
This event can occur if either this domain controller or the destination domain controller has been moved to another site.
Watch Question

Top Expert 2006

if the error is still hanging around then that message would be repeating

my only worry is the exchange side of things - i havent dealt with scenario much but i understand that you cant promote a server to a DC with exchange installed, you have to reinstall exchange. I wonder if the same applies for demoting???

if your system is not giving you any greif then you have answered the above system, i would keep an eye on the event logs on both the DC and the exchange server and let me know if anything new pops up

check AD sites and services also ad make sure the old DC is not being referenced
isdirectSr. Network Analyst


Thanks for the comments.  I am not an expert (that's why I ask questions here!) but I have never run across a warning not to promote or demote an Exchange Server from an Active Directory role.  I posted a related question in the Exchange Server topics, and someone there also admonished me for doing this.  I'll probably learn a painful lesson from it.

Nevertheless - yes, the demoted server still appears in AD Sites & Services, but oddly enough it now has no NTDS settings attached to it.  Is that related to the KCC message?

I have used the Exchange Best Practices Analyzer tool, and it informed me of a couple of errors which I corrected, but at this time it runs "clean" with no warnings - a couple of "Information" notes, but no warnings or errors.  So I might have gotten lucky with my Exchange Server as it relates to the bad demotion.

Your opinion?  Should I go through the metadata cleanup steps?  (Microsoft KB Q216498?)
Top Expert 2006

i also just read a couple of posts down that you shouldnt change the roles of an exchange server as i suspected! ah well to late now i guess :)

ive often seen errors arise due to the old server sitting in sites and services so for myself, yes i would clean up the server using the ntdsutil, but i also worry about the consequences of that on your already temporamental exchange state....

if you go through with it then i would be creating some pretty powerfull backups in case of problems

are the errors still occuring in your even viewer ?
isdirectSr. Network Analyst


I am lucky enough to have a really good Veritas backup server - I used it to move about 100 mailboxes from an old domain to this new Exchange server, but I certainly don't want to do that again if I can avoid it!!

The message in my Directory Services Event Viewer says that it is "Information" with "No user action required."  It appears on my original domain controller and not on the Exchange server.  I'm not sure about the frequency of the Knowledge Consistency Checker process, but the event was logged this morning at 7:05am and again at 12:35pm.  I have had no unexpected events reported on the Exchange server since I demoted it.

I appreciate your expertise!

Top Expert 2006
eventually in time that error message should right itself but sometimes it can take months,

if your network is currently ok and you have no issues then i wouldnt be playing with anything - i only say this due to your exchange situation - usually im all for jumping into ntdsutil and going for it     i just dont want to poke at a fire

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.