Solved

Cannot demote dc - Last DNS server for zone

Posted on 2011-03-22
9
2,196 Views
Last Modified: 2012-05-11
Hi, having trouble demoting a domain controller (2008 integrated DNS)
I get an error complaining about this dc being the last dns for the following ad integrated zone.
This is a primary zone (not the same domain that the dc itself is on), ad integrated, accepting secure and non-secure updates.
thnks.
0
Comment
Question by:Nelesh_N
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
9 Comments
 
LVL 74

Accepted Solution

by:
Glen Knight earned 334 total points
ID: 35187711
If you check the properties of the zone on the Dc you are trying to demote, under Type click Change and uncheck the box for Store in Active Directory.  Then restart the DNS services.
0
 
LVL 1

Author Comment

by:Nelesh_N
ID: 35187898
But I do need it to be stored in AD, I dont want anything ito the zone to change.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35187915
You cannot have a DNS zone stored in AD if the DNS server is not a domain controller.

This is why you are receiving the error when trying to DCPROMO
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 9

Assisted Solution

by:Chev_PCN
Chev_PCN earned 166 total points
ID: 35188466
If the zone is AD-integrated, then it should be replicated to all other DC's.
Verify this on the other DC's and check replication.
One worst case scenario would be to use the DCPROMO / forceremoval & then do a metadata cleanup afterwards. How many DC's do you have in total?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35188474
Why would you want to do a forceremoval, it's a failry simply fix!!
0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 35188495
As mentioned - worst case scenario only if the DC will not demote gracefully.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35188499
But the reason it will not demote gracefully is because it has a zone on it which is AD integrated, it's a simple fix.
0
 
LVL 1

Author Comment

by:Nelesh_N
ID: 35197098
It is AD integrated...
0
 
LVL 74

Assisted Solution

by:Glen Knight
Glen Knight earned 334 total points
ID: 35197102
So change it so that it isn't AD Integrated and you will then be able to demote the server.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question