We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Cannot demote from DC to Member Server.

smetterd
smetterd asked
on
Medium Priority
2,077 Views
Last Modified: 2008-01-09
One of my clients purchased a new server. He wishes to stay in a single server environment (5 employees). I installed the new server and promoted it without any problems. A couple of days later I am trying to demote the other and I get the following message.

"The box indicating that this domain controller is the last controller for the domain tapanganpediatrics.com is unchecked. However, no other Active Directory domain controllers for that domain can be contacted.

Do you with to proceed anyway?

If you click Yes, any Active Directory changes that have been made on this domain controller will be lost.

YES NO "

I have verified connectivity between the two. What else can I check?
Comment
Watch Question

Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013

Commented:
Did you transfer the FSMO roles?  Did you make it a global catalog?  Are either of the servers running Small Business Server (for a 5 user network, that's what they SHOULD be running).

Author

Commented:
I didn't manually transfer any FSMO roles. I think that they should auto-transfer to other DCs during the demotion process. Yes I made both global catalogs. Neither is running SBS.
CERTIFIED EXPERT
Top Expert 2005

Commented:
They will transfer, but it's a dangerous assumption.  You're safer (and wiser) to transfer them manually - this way you're certain there are no underlying issues.

Check to make sure the old server is now pointing to the new server for DNS and that both servers are registered.  Do not put any ISP DNS addresses on any NIC inside your LAN.

CERTIFIED EXPERT
Top Expert 2006

Commented:
i have seen dcpromo fail time and time again, there is a forceremoval switch that you can use if all else fails, but then you manually have to remove all traces from DNS, AD, Sites and Services etc, you also have to perform a metadata cleanup afterwards on the DC that is left

DCPROMO /Forceremoval

Personally, i would leave it as a redundant DC, better to have two on the network anyway

Author

Commented:
Leaving it as a redundant DC is not an option according to the owner of the equipment.

Author

Commented:
So would y'all recommend that I manually transfer all FSMO roles (seize if necessary)?
CERTIFIED EXPERT
Top Expert 2005
Commented:
Yes, transfer them gracefully if possible.  Only seize them if you cannot do it by any other means and do so once the other server is pulled offline permanently.

Then follow Jay's link to cleanup AD, DNS and AD Sites and Services of any traces of the old DC.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Jay's link? Is it a hyperlink? I can't find it.
CERTIFIED EXPERT
Top Expert 2005

Commented:
Oops, sorry about that.  He posted something similar in another Q.

Here is the article:

http://support.microsoft.com/kb/216498/en-us

Author

Commented:
I cleaned it all out and the system still cannot "find" itself. When I try to open Active Directory Users and Comptuers locally, many times even that cannot be found. In order to re-hook it, I have to right click then select Connect To Domain Controller.

How can I force this machine to always look at its own copy of AD?
CERTIFIED EXPERT
Top Expert 2005

Commented:
It sounds like the GC isn't available or all the entries for it in DNS are not present.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.