Windows 2008 DC's still trying to communicate with decomissioned DC's

Posted on 2009-12-21
Medium Priority
Last Modified: 2012-06-10
Hi  there.  I have 2 fairly new Windows 2008 DC's in a single domain.  I went through the process of decommissioning 2 old Win2k DC's using dcpromo.  everything seemed to go smoothly.
For some reason i can still see entries in the logs of the Windows 2008 DC's referencing the old DC's.

I am seeing Event ID 1925 where the new DC's are still trying to replicate with the old DC's.
also Event 1864 saying that it has not received replication information in quite some time from 2 Directory servers.

At this time, I am not having any issues, but I wonder what steps i missed to cause these errors and if this will cause problems in the future.


Question by:imagitastech
LVL 33

Expert Comment

ID: 26097389
LVL 57

Accepted Solution

Mike Kline earned 252 total points
ID: 26097434
Sounds like you went through a graceful dcpromo on those 2000 boxes.  Did you also delete them out of sites and services...even with a graceful dcpromo/decommision you still need to do that.
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 248 total points
ID: 26100458
Also, I would make sure that you have removed all DNS records for the demoted DCs as well.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Assisted Solution

USAF_The_One earned 252 total points
ID: 26102271
Were the 2000 boxes running any DNS server services? The 2008 boxes may be trying to replicate information to them because they still think those servers are DNS servers. Check the 08' boxes to see if any it's trying to communicate with the old servers. Also check the snap-in and the zone settings to see if the old server's IP's are listed there as well. I'm not sure deleting the SRV, A, and PTR records for those systems (graceful demotion should have removed the _msdcs, _tcp, etc... records for the 2000 servers automatically), if you still see those records present, the demotion may not have successfully completed.

Expert Comment

ID: 26102349
If you delete the DCs in the Domain Controller OU, metadata will be cleaned automatically. This is new to Windows 2008 and Windows 2008 R2.

you can use the article below to cleanup metadata:

Author Comment

ID: 26104627
Thanks for the input everyone!

I did find and remove some traces of the old DC's in DNS and It looks like I do need to remove them from Sites and Services.

When removing the old DC's from Sites and Services, I get a message that "the object contains other objects. are you sure you want to delete all objects it contains?"

The only things I see associated with the old DC objects are connections to other DC's under NTDS Settings.

Is it safe to just delete the Server objects for the old DC's or should I remove the connections first?

thanks again!
LVL 33

Assisted Solution

NJComputerNetworks earned 248 total points
ID: 26104664
you can delete the object.. the connections will automatically go away...

Author Comment

ID: 26104925
Ok. So I could not delete the objects as they were. I had to delete the connections, then delete the NTDS settings for each of the old DC objects, and then I was able to delete the Server objects.

I think I'm all set. I will monitor the logs just to be sure.

Thank you all for your help!


Expert Comment

ID: 38068028
How to delete the connections and ntds-settings?
I have the same problem on a w2k8r2 maschine :-(

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question