We help IT Professionals succeed at work.

Can't demote DC from domain

dovla83
dovla83 asked
on
617 Views
Last Modified: 2012-05-09
Hello to all!

I have domain with one 2003 DC and one 2008 DC. All FSMO roles are on 2008 DC and 2008 DC is a GC server. I want to dcpromo out 2003 DC but when the procedure comes to part when it contact other DC (2008), i got error message that says that I don't have Enterprise admin rights. I tried to dcpromo out this 2003 DC with "Administrator" and my admin account and both are Domain admin accounts and both accounts are in the "Enterprise admins" group.
Please help!
Thnx!
Comment
Watch Question

Is the domain you are working on a forest root or a child domain?

If it's a child domain, try using an account from the forest root domain.

Author

Commented:
It is a forest root domain. I have one child domain with two DC's and in that child domain I demoted 2 DC's (2003) an install two 2008 DC's without errors. So now I'm stuck with root domain with one 2003 and one 2008 DC and I can't raise func. levels to 2008. :)
can you please post the exact error you get when you try and DCPROMO the 2003 server.

Author

Commented:
Here is the exact error:

The operation failed because: The attempt at remote domain controller dc2008.dka.com to remove domain controller CN=DC,CN=Servers,CN=MySite,CN=Sites,CN=Configuration,DC=akd,DC=hr from the forest was unsuccessful.  "Access is denied."

And below that I can enter username, password and domain. I tried with domain "Administrator" account and my Domain Admin account but same error apears.

dc2008 is other DC i root domain.
Try examining the health of your DC environment (dcdiag /v, repadmin).

If you are running Windows Server 2003 SP1 or later, you can take advantage of dcpromo /forceremoval (as per http://support.microsoft.com/kb/332199)

Or, simply turn it off, seize all the roles over to the new DC (even though you say you have, do it again) and do a clean up using ntdsutil

Author

Commented:
On DC I want to remove from domain I have about 50 printers and some shared folders that are mapped to users. If I use /forceremoval are printers and shared files still available to users? I will keep the same name of server and only change the IP address?
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Ok, I removed DC with /forceremoval command. The problem is that I can't cleanup metadata (with ntdsutil or via AD users&computers on 2008 domain controller). In both cases I got error message "Access is denied". I tried with Domain Administrator and my Domain admin account (both are Enterprise admin accounts).

The biggest problem is that I can't rejoin removed DC to domain to be a member server. I get error message that object already exist. That server is printer server (over 40 printers) and holds shared folders for entire domain.

Please help because my entire domain users can't print or access shared files...

Thnx!

Author

Commented:
Here is the error from ntdsutil:

metadata cleanup: remove selected server
Transferring / Seizing FSMO roles off the selected server.
DsRemoveDsServerW error 0x5(Access is denied.)
metadata cleanup:

Here is the error from AD Users&Computers console: the biggest problem is that removal procedure points to wrong domain controller, it should be DC not DC1!!!


error.JPG

Author

Commented:
Issue solved!

The problem was that in NTDS settings in Sites & Services, NTDS and DC objects were protected from accidental deletion!
sorry...only just picked this one back up.

Glad you got it sorted...you a happy bunny now?

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.