Solved

Cannot demote dc - Last DNS server for zone

Posted on 2011-03-22
9
2,256 Views
Last Modified: 2012-05-11
Hi, having trouble demoting a domain controller (2008 integrated DNS)
I get an error complaining about this dc being the last dns for the following ad integrated zone.
This is a primary zone (not the same domain that the dc itself is on), ad integrated, accepting secure and non-secure updates.
thnks.
0
Comment
Question by:Nelesh_N
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
9 Comments
 
LVL 74

Accepted Solution

by:
Glen Knight earned 334 total points
ID: 35187711
If you check the properties of the zone on the Dc you are trying to demote, under Type click Change and uncheck the box for Store in Active Directory.  Then restart the DNS services.
0
 
LVL 1

Author Comment

by:Nelesh_N
ID: 35187898
But I do need it to be stored in AD, I dont want anything ito the zone to change.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35187915
You cannot have a DNS zone stored in AD if the DNS server is not a domain controller.

This is why you are receiving the error when trying to DCPROMO
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 9

Assisted Solution

by:Chev_PCN
Chev_PCN earned 166 total points
ID: 35188466
If the zone is AD-integrated, then it should be replicated to all other DC's.
Verify this on the other DC's and check replication.
One worst case scenario would be to use the DCPROMO / forceremoval & then do a metadata cleanup afterwards. How many DC's do you have in total?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35188474
Why would you want to do a forceremoval, it's a failry simply fix!!
0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 35188495
As mentioned - worst case scenario only if the DC will not demote gracefully.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35188499
But the reason it will not demote gracefully is because it has a zone on it which is AD integrated, it's a simple fix.
0
 
LVL 1

Author Comment

by:Nelesh_N
ID: 35197098
It is AD integrated...
0
 
LVL 74

Assisted Solution

by:Glen Knight
Glen Knight earned 334 total points
ID: 35197102
So change it so that it isn't AD Integrated and you will then be able to demote the server.
0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question