Trying to unpromote a Dc by running thed DCPROMO

I am running the command to remove the DC and I keep getting this message, I have enterprise admin rights so not sure what the issue is
Kelly-BradyAsked:
Who is Participating?
 
Kelly-BradyConnect With a Mentor Author Commented:
Here is the Sites and Services Error.
SitesAndServicesError.JPG
0
 
Kelly-BradyAuthor Commented:
Here is a screen shot of the error
DCerror.JPG
0
 
IntegrityOfficeCommented:
Dio you have any event ID messages, is your DNS structure good?Have you tried dcpromo /force?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
KenMcFCommented:
Do you have any replication problems or errors?
Can you post DCDiag and Repadmin /showreps

If you do use
dcpromo /forceremoval
you will need to do a metadata cleanup, but I would hold off until you find out why you are getting the rror.
http://technet.microsoft.com/en-us/library/cc736378(WS.10).aspx
0
 
shudmanCommented:
Yuo could look in the DCpromo.log file under \%windir%\debug. Look in there for any issues (towards the end).  Otherwise, you will have to force removal http://support.microsoft.com/?id=216498 

0
 
Reece DoddsCommented:
I had exactly the same issue in my preparation for our new exchange server.
After numerous DNS setting changes and testing, i ended up using the DCPROMO /forceremoval, then a restart the a NTDSUTIL metadata cleanup.
All is well now.
0
 
Kelly-BradyAuthor Commented:
I will post the logs tomorrow When I can get back into work, if I end up running the NTDSUTIL would I need to run it on both the remaining DC's or just one?
0
 
KenMcFCommented:
Just one of them
0
 
Kelly-BradyAuthor Commented:
Ok sorry about the delay it has been a busy week. I have added the dcdiag results and the repadmin results. They are both included in the attached text file.
DCDiag.txt
0
 
IntegrityOfficeCommented:
THere are many references to the clocks being out of sync,

http://technet.microsoft.com/en-gb/library/bb727060.aspx

Once that is sorted you need to see if that is why the netlogon service is not able to connect on each DC check that the \\servername\netlogon share is there.
make sure you have these ironed out then run the dcdiag again. Time is really important with domain controllers.
0
 
Kelly-BradyAuthor Commented:
Ok on the server that I am trying to un-promote the netlogon is not there or not accessible. So if I force the removal is the NTDSUTIL command still valid for server 08, I see references for it for server 2003. I just want to make sure that this is still the one that I need to use.
0
 
KenMcFCommented:
With 2008 you can either run ntdsutil or just deelte from ADUC, the cleanup is built in to 2008.

"In Windows Server 2008, and Windows Server 2008 R2, the administrator can remove the metadata for a server object by removing the server object in the Active Directory Users and Computers snap-in. "
0
 
Kelly-BradyAuthor Commented:
Ok so just run dcpromo /force then go in and remove the Dc from Ad. Would it be wiser to go in and make it part of a work group first?
0
 
KenMcFConnect With a Mentor Commented:
If you use dcpromo /forceremoval it will become part of a workgroup
0
 
Kelly-BradyAuthor Commented:
Ok I thought it would make it a member server, so would it still show up in ADUC if it is put into a workgroup?
0
 
IntegrityOfficeConnect With a Mentor Commented:
Should make it a member server and then drop it off the domain in the normal way
0
 
Kelly-BradyAuthor Commented:
Perfect thank you, I will try this in a few hours and I will let you know tomorrow how it went.
0
 
Kelly-BradyAuthor Commented:
Ok I have removed and it is now just a standalone server. I go through the tool listed above and I am still getting an error. It says Access denied on the removal and it will not let me delete the account out of AD. I am attaching a screen shot of the error.
RemovalError.JPG
0
 
KenMcFCommented:
A few things to try

Is the account you are using a member of Domain Admins and Enterprise Admins?

In ADUC make sure that prevent from accidental deletion is not checked. If it is not check and uncheck just to make sure.

Run netdom /query fsmo
make sure the DC you are keeping has all the FSMO roles. If it does not seize them using ntdsutil.

http://www.petri.co.il/seizing_fsmo_roles.htm
0
 
Kelly-BradyAuthor Commented:
Yes the account is a member of the Domain Admin and the Enterprise admins. Also the prevent accidental deletion is not checked. And the roles are assigned to a different DC. One thing to note is the on this other DC I can not get Sites and Services to come up. So now it appears that I have created another issue while trying to get rid of this old server. I do not understand why it will not delete the account.
0
 
Kelly-BradyAuthor Commented:
I was able to remove by using the ADSI edit and performing the metadata cleanup manually. Here is all the locations of where you would go and do this.


PROBLEM:       Meta data cleanup

RESOLUTION: --Opened Adsiedit
--Right click >> connect to domain partition
--Right click the DC and delete it successfully from Servers OU
--Opened system Container under Domain partition >> File Replication service >> Servers >> DC is not there already.
--Connecting to Configuration partition >> Able to connect
--Opened sites >> Default-first-site-link >> Servers >> Deleting DC and able to delete.
--Opened AD users and computers >> DC is not longer there,
--Ran netdom query dc >> DC is no longer in the list
--Ran Dcdiag to check if replication is clean >> Its all clean now.

0
 
Kelly-BradyAuthor Commented:
After calling Microsoft I found out how to do the metadata cleanup manually. But thank you to all who answered, your info was great and helped get to the final end solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.