Demoting one of the Domain Controller in the same forest

Hi friends,

I have a 2 different domains setup in the same forest. I have to demote one of the DC.
There is a transitive trust that has been created automatically.

My question is do i have to remove the trust prior to running DCpromo to demote? If yes

I am unable to remove the trust because the remove option has been grayed out, i tried through netdom command only one way was removed and other i am getting an error either access denied or target name incorrect.

Need your assistance in demoting the DC.

regards
vinod.s
vinu2930Asked:
Who is Participating?
 
vinu2930Connect With a Mentor Author Commented:
Hi

thanks for the reply,

As suggested i tried the demotion option, initially it failed with the error that the replication tombstone period has been exceeded and the access denied when i try to replicate.

So here is what i did,

1. Recreated the two way trust which i had deleted previously.
2. added the administrator of the Domain B to the Enterprise Admins group in the root domain.(Domain A), for the Access denied Error
3. For the tombstone lifetime errror, added the entry Allow Replication with divergent and corrupt partner, replicated the server.
5. Verified no dependencies available on the DC
4. Started DCPROMO, and server demoted successfully.
0
 
Mike KlineCommented:
Is this the last domain controller in that domain that you are trying to remove?   You should be able to still demote the DC.

Thanks

Mike
0
 
HornAlumCommented:
I've demoted a DC before and did not have to do anything with trusts. It should be handled automatically. the only thing you need to be sure of is that the DC doesn't have any FSMO roles on it before you demote. It becomes more of a chore to transfer those by seizing them, rather than just transferring.
0
 
vinu2930Author Commented:
the suggested options didn't help so i tried the below and it worked.
1. Recreated the two way trust which i had deleted previously.
2. added the administrator of the Domain B to the Enterprise Admins group in the root domain.(Domain A), for the Access denied Error
3. For the tombstone lifetime errror, added the entry Allow Replication with divergent and corrupt partner, replicated the server.
5. Verified no dependencies available on the DC
4. Started DCPROMO, and server demoted successfully.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.