Unable to demote domain controller after removing all roles and services to a new DC.

Posted on 2010-09-02
Last Modified: 2012-05-10
Hello Gurus,

I hope you find this one interesting and have pleasure in solving it:

We created a fresh out of the box forest and domain for a client having replication problems with their old domain.

The new domain and forest was created using a vmware virtual machine. An exchange 2010 was configured on a physical box on this new domain. After this the old (and last) DC (a physical box) from the old domain, was demoted and joined to a workgroup, added to the new domain and promoted to a DC as well. Everything went well and all FSMO roles were transferred to the physical DC; DHCP DNS and Global catalog were all transfered as well and removed from the DC in vmware. All client computers are all pointing to the new DC in the physical server.
Of course, our goal is to demote the vmWare server and give other usage to it. The problem is that everytime we shut down the virtual DC, people stop being able to log in, exchange stops, ISA stops, everything stops!

So, after all this testing, it's obvious that we wouldn't try to simply demote the VM domain controller server to a simple member server without consulting you Gurus!

Can anyone help us out on this one?

Much appreciated!


Question by:kodilu
  • 3
  • 2
  • 2
LVL 24

Expert Comment

by:Mike Thomas
ID: 33586106
Has the new DC been configured as a Global Catalouge server?> and are all DNS of member server set to use your NEW DC/DNS server for name resolution? also is the new DC pointing to itself for DNS?

LVL 11

Expert Comment

ID: 33591396
Is the DNS Active Directory integrated?
What do the SRV resource records point to in DNS? The old one or the new one?
How long ago did you promote the new DC? It can take time to replicate, so maybe that's your problem.
Run DCDIAG on both servers to see if you get any errors.

Accepted Solution

kodilu earned 0 total points
ID: 33594513
MojoTech: to all of your questions, the answer is yes.. we got that part covered.

The DNS is AD integrated. The migration was done months ago, and the new DC was promoted on the very first day.
We had already ran DCDIAG on both servers, and we got no errors..
I have now checked the SRV resourse records, and it is pointing to both servers because they both are DC's and DNS servers.. But our DHCP is sending leases pointing only to the new DC/DNS server..

Is it possible that by demoting the vmware DC, it cleans all records from DNS (and leaving only the records to the new DC) and it solves our problem?
As somebody actually done that to confirm it?!
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

LVL 24

Expert Comment

by:Mike Thomas
ID: 33594538
Is it possible that by demoting the vmware DC, it cleans all records from DNS (and leaving only the records to the new DC) and it solves our problem?
As somebody actually done that to confirm it?!"

Yes it should do that.
LVL 11

Expert Comment

ID: 33594628
With two DCs, when you shut one off the other one should take over. That's why it's recommended to have two DCs or more. Theoretically, demoting the VMware DC should clean out the AD and DNS but just as theoretically your domain should keep on functioning when you shut down the VMware DC.

I'd find out first what's causing the problem.
BTW, will you be running only one DC? Why not two? Can you promote another server (virtual or otherwise) and see if you can then shut down the VMware DC without problems?

Author Comment

ID: 34257791
No full solution was found. Problem persists.

Author Closing Comment

ID: 34289808
No full solution was found. Problem persists.

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Home Folder Permissions in Active Directory 2 32
server 2012 and 2008 3 33
SRV.SYS Causing Server Crash During Backup 11 32
Migrating Roaming Profiles to new server 5 27
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question