Global Catalog Errors. Demoting the additional domain controller
Posted on 2007-11-23
We have two domain controllers in a hosted environment. One of them Server1 is setup as Primary Domain Controller and the other Server2 is setup as the addtional domain controller.
Everything was working fine until there were some changes done on the PDC with respect to security as recommended by the Penetration-Testing group (a third party company). We now have problems with active directory replication and I can cleary see that any new users created in one of the servers are not being replicated to other. We are getting erros in Server2 relating to finding the PDC.
I tried to run the netdiag /fix and dcdiag /fix commands. The netdiag /fix went through successfully, but the dcdiag /fix reported the problem with finding the global catalog server.
My querry is:
In server2 (Additional Domain Controller) we have setup IIS and is being used for some web applications. We also have the SQL server installed in it. Could someboy please suggest me if I can run the DCPROMO in server2, demote it and then put the Active directory back to make it the Additional domain controller. Also would any of the services like the IIS, database etc be affected in doing so!
Do we have any other workaround to fix this issue as the application up-time is very critical to me, because the last thing I want hear from our clients is that the website is down just after two day from its launch date.