Solved

Unable to demote domain controller after removing all roles and services to a new DC.

Posted on 2010-09-02
7
547 Views
Last Modified: 2012-05-10
Hello Gurus,

I hope you find this one interesting and have pleasure in solving it:

We created a fresh out of the box forest and domain for a client having replication problems with their old domain.

The new domain and forest was created using a vmware virtual machine. An exchange 2010 was configured on a physical box on this new domain. After this the old (and last) DC (a physical box) from the old domain, was demoted and joined to a workgroup, added to the new domain and promoted to a DC as well. Everything went well and all FSMO roles were transferred to the physical DC; DHCP DNS and Global catalog were all transfered as well and removed from the DC in vmware. All client computers are all pointing to the new DC in the physical server.
Of course, our goal is to demote the vmWare server and give other usage to it. The problem is that everytime we shut down the virtual DC, people stop being able to log in, exchange stops, ISA stops, everything stops!

So, after all this testing, it's obvious that we wouldn't try to simply demote the VM domain controller server to a simple member server without consulting you Gurus!

Can anyone help us out on this one?

Much appreciated!

Andrey

0
Comment
Question by:kodilu
  • 3
  • 2
  • 2
7 Comments
 
LVL 24

Expert Comment

by:MojoTech
Comment Utility
Has the new DC been configured as a Global Catalouge server?> and are all DNS of member server set to use your NEW DC/DNS server for name resolution? also is the new DC pointing to itself for DNS?

0
 
LVL 11

Expert Comment

by:sighar
Comment Utility
Is the DNS Active Directory integrated?
What do the SRV resource records point to in DNS? The old one or the new one?
How long ago did you promote the new DC? It can take time to replicate, so maybe that's your problem.
Run DCDIAG on both servers to see if you get any errors.
0
 

Accepted Solution

by:
kodilu earned 0 total points
Comment Utility
MojoTech: to all of your questions, the answer is yes.. we got that part covered.

siqhar:
The DNS is AD integrated. The migration was done months ago, and the new DC was promoted on the very first day.
We had already ran DCDIAG on both servers, and we got no errors..
I have now checked the SRV resourse records, and it is pointing to both servers because they both are DC's and DNS servers.. But our DHCP is sending leases pointing only to the new DC/DNS server..

Is it possible that by demoting the vmware DC, it cleans all records from DNS (and leaving only the records to the new DC) and it solves our problem?
As somebody actually done that to confirm it?!
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 24

Expert Comment

by:MojoTech
Comment Utility
"
Is it possible that by demoting the vmware DC, it cleans all records from DNS (and leaving only the records to the new DC) and it solves our problem?
As somebody actually done that to confirm it?!"

Yes it should do that.
0
 
LVL 11

Expert Comment

by:sighar
Comment Utility
With two DCs, when you shut one off the other one should take over. That's why it's recommended to have two DCs or more. Theoretically, demoting the VMware DC should clean out the AD and DNS but just as theoretically your domain should keep on functioning when you shut down the VMware DC.

I'd find out first what's causing the problem.
BTW, will you be running only one DC? Why not two? Can you promote another server (virtual or otherwise) and see if you can then shut down the VMware DC without problems?
0
 

Author Comment

by:kodilu
Comment Utility
No full solution was found. Problem persists.
0
 

Author Closing Comment

by:kodilu
Comment Utility
No full solution was found. Problem persists.
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now