Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Unable to demote domain controller after removing all roles and services to a new DC.

Posted on 2010-09-02
Medium Priority
Last Modified: 2012-05-10
Hello Gurus,

I hope you find this one interesting and have pleasure in solving it:

We created a fresh out of the box forest and domain for a client having replication problems with their old domain.

The new domain and forest was created using a vmware virtual machine. An exchange 2010 was configured on a physical box on this new domain. After this the old (and last) DC (a physical box) from the old domain, was demoted and joined to a workgroup, added to the new domain and promoted to a DC as well. Everything went well and all FSMO roles were transferred to the physical DC; DHCP DNS and Global catalog were all transfered as well and removed from the DC in vmware. All client computers are all pointing to the new DC in the physical server.
Of course, our goal is to demote the vmWare server and give other usage to it. The problem is that everytime we shut down the virtual DC, people stop being able to log in, exchange stops, ISA stops, everything stops!

So, after all this testing, it's obvious that we wouldn't try to simply demote the VM domain controller server to a simple member server without consulting you Gurus!

Can anyone help us out on this one?

Much appreciated!


Question by:kodilu
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
LVL 24

Expert Comment

by:Mike Thomas
ID: 33586106
Has the new DC been configured as a Global Catalouge server?> and are all DNS of member server set to use your NEW DC/DNS server for name resolution? also is the new DC pointing to itself for DNS?

LVL 11

Expert Comment

ID: 33591396
Is the DNS Active Directory integrated?
What do the SRV resource records point to in DNS? The old one or the new one?
How long ago did you promote the new DC? It can take time to replicate, so maybe that's your problem.
Run DCDIAG on both servers to see if you get any errors.

Accepted Solution

kodilu earned 0 total points
ID: 33594513
MojoTech: to all of your questions, the answer is yes.. we got that part covered.

The DNS is AD integrated. The migration was done months ago, and the new DC was promoted on the very first day.
We had already ran DCDIAG on both servers, and we got no errors..
I have now checked the SRV resourse records, and it is pointing to both servers because they both are DC's and DNS servers.. But our DHCP is sending leases pointing only to the new DC/DNS server..

Is it possible that by demoting the vmware DC, it cleans all records from DNS (and leaving only the records to the new DC) and it solves our problem?
As somebody actually done that to confirm it?!
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

LVL 24

Expert Comment

by:Mike Thomas
ID: 33594538
Is it possible that by demoting the vmware DC, it cleans all records from DNS (and leaving only the records to the new DC) and it solves our problem?
As somebody actually done that to confirm it?!"

Yes it should do that.
LVL 11

Expert Comment

ID: 33594628
With two DCs, when you shut one off the other one should take over. That's why it's recommended to have two DCs or more. Theoretically, demoting the VMware DC should clean out the AD and DNS but just as theoretically your domain should keep on functioning when you shut down the VMware DC.

I'd find out first what's causing the problem.
BTW, will you be running only one DC? Why not two? Can you promote another server (virtual or otherwise) and see if you can then shut down the VMware DC without problems?

Author Comment

ID: 34257791
No full solution was found. Problem persists.

Author Closing Comment

ID: 34289808
No full solution was found. Problem persists.

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question