Cannot Demote Active Directory DC into member server
Posted on 2008-10-07
Before I go to the question issue need to explain a bit of my Domain Network environment.
I recently virtualised all my domain network environment from phisical servers to virtual.
Now i am running almost everything virtually in robust and very powerfull server that runs VMware Server. There also a separate Phisical Root Domain Controller that need to be demoted to a member server and let the virtual Domain Controller become the only DC
I have 3 virtual machine:
1) Server Domain controller added as additional DC
2) Member Server that function as Exchange Server
3) Terminal Server in a member server
Eventually i will add another DC as additional DC.(Redundancy)
This is production environment with 50 user small office. Not alive still experimental we need to go alive 2009
Here we go:
I tried to demote the root DC to a member server, and if i remember correctely when this operation is done the role of Active Directory DC is automatically transfred to another available DC, (In this case should be the Virtual DC) but unfortunately this doesn't happen and i get an error message when i try to remove the DC role, first he ask me if there are other GC Server and indeed the Virtual server is also GC so I click next to continue, then the wizard ask me if this is the last DC in the Domain obviously isn't so i don't check the check box. Soon after i click next and i get the following error:
The box indicating that this is the last domain controller is unchecked, however no other domain controller can be contacted. Do you wish to proceed anyway?
Now, if i say yes the operation fails if i say no then the process is aborted.
I cannot understand the issue, it seems that Active Directory has something wrong.
I checked the DNS configuration and it's all ok, the virtual server is GC, also when i go to site and services i can see the two domain controller and if i go to ntds click property i can let the two server replicate each other. So.... Where the problem is? It seems that the additional DC that is virtual machine is a read only copy of Active Directory. I notice that if i switch the root phisical server off no body can authenticate also from the virtual server it is not possible open active directory anymore, and exchange doesn't work anymore i cannot logon to any virtual machine into the domain.
Please help i had a similar problem while ago but right i cannot figure out where the issue is.