Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cannot demote dc - Last DNS server for zone

Posted on 2011-03-22
9
Medium Priority
?
2,413 Views
Last Modified: 2012-05-11
Hi, having trouble demoting a domain controller (2008 integrated DNS)
I get an error complaining about this dc being the last dns for the following ad integrated zone.
This is a primary zone (not the same domain that the dc itself is on), ad integrated, accepting secure and non-secure updates.
thnks.
0
Comment
Question by:Nelesh_N
  • 5
  • 2
  • 2
9 Comments
 
LVL 74

Accepted Solution

by:
Glen Knight earned 1336 total points
ID: 35187711
If you check the properties of the zone on the Dc you are trying to demote, under Type click Change and uncheck the box for Store in Active Directory.  Then restart the DNS services.
0
 
LVL 1

Author Comment

by:Nelesh_N
ID: 35187898
But I do need it to be stored in AD, I dont want anything ito the zone to change.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35187915
You cannot have a DNS zone stored in AD if the DNS server is not a domain controller.

This is why you are receiving the error when trying to DCPROMO
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 9

Assisted Solution

by:Chev_PCN
Chev_PCN earned 664 total points
ID: 35188466
If the zone is AD-integrated, then it should be replicated to all other DC's.
Verify this on the other DC's and check replication.
One worst case scenario would be to use the DCPROMO / forceremoval & then do a metadata cleanup afterwards. How many DC's do you have in total?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35188474
Why would you want to do a forceremoval, it's a failry simply fix!!
0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 35188495
As mentioned - worst case scenario only if the DC will not demote gracefully.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35188499
But the reason it will not demote gracefully is because it has a zone on it which is AD integrated, it's a simple fix.
0
 
LVL 1

Author Comment

by:Nelesh_N
ID: 35197098
It is AD integrated...
0
 
LVL 74

Assisted Solution

by:Glen Knight
Glen Knight earned 1336 total points
ID: 35197102
So change it so that it isn't AD Integrated and you will then be able to demote the server.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question