• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 316
  • Last Modified:

Demoting one of the Domain Controller in the same forest

Hi friends,

I have a 2 different domains setup in the same forest. I have to demote one of the DC.
There is a transitive trust that has been created automatically.

My question is do i have to remove the trust prior to running DCpromo to demote? If yes

I am unable to remove the trust because the remove option has been grayed out, i tried through netdom command only one way was removed and other i am getting an error either access denied or target name incorrect.

Need your assistance in demoting the DC.

regards
vinod.s
0
vinu2930
Asked:
vinu2930
  • 2
1 Solution
 
Mike KlineCommented:
Is this the last domain controller in that domain that you are trying to remove?   You should be able to still demote the DC.

Thanks

Mike
0
 
HornAlumCommented:
I've demoted a DC before and did not have to do anything with trusts. It should be handled automatically. the only thing you need to be sure of is that the DC doesn't have any FSMO roles on it before you demote. It becomes more of a chore to transfer those by seizing them, rather than just transferring.
0
 
vinu2930Author Commented:
Hi

thanks for the reply,

As suggested i tried the demotion option, initially it failed with the error that the replication tombstone period has been exceeded and the access denied when i try to replicate.

So here is what i did,

1. Recreated the two way trust which i had deleted previously.
2. added the administrator of the Domain B to the Enterprise Admins group in the root domain.(Domain A), for the Access denied Error
3. For the tombstone lifetime errror, added the entry Allow Replication with divergent and corrupt partner, replicated the server.
5. Verified no dependencies available on the DC
4. Started DCPROMO, and server demoted successfully.
0
 
vinu2930Author Commented:
the suggested options didn't help so i tried the below and it worked.
1. Recreated the two way trust which i had deleted previously.
2. added the administrator of the Domain B to the Enterprise Admins group in the root domain.(Domain A), for the Access denied Error
3. For the tombstone lifetime errror, added the entry Allow Replication with divergent and corrupt partner, replicated the server.
5. Verified no dependencies available on the DC
4. Started DCPROMO, and server demoted successfully.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now