Link to home
Create AccountLog in
Avatar of rdefino
rdefinoFlag for United States of America

asked on

Demoting a Domain controller

We have a 2003 AD infrastructure. We have multiple dc's in the domain. I demoted one about 2hrs ago. I going to promote a new 2008 DC in it's place using the same name and ip.

But when I look under sites and services it's still there.

But when I look at the server under there that I demoted the "NTDS settings" are gone.

Should the site and dc be removed from sites and service when demoting a DC?
Avatar of Americom
Americom
Flag of United States of America image

it's normal, you need to manually delete them out of the Sites Services.
Avatar of Mike Kline
Americom gets the points here.....just chiming in to say hi...I know he is busy and not around as much.  Hope all is well :)

Thanks

Mike
Avatar of rdefino

ASKER

If I'm promoting a new one in it's place using the same ip and same name, can I just leave it there?
First delete that server object from sites and services ...check if any NS records still present in DNS name server tab for demoted DC ...remove the host A record if not already

run netdom query dc ...demoted DC should not be listed in this
run repadmin /syncall /adep to replicate changes to other DC's if any

Now run dcpromo on 2008  to promote it
Avatar of rdefino

ASKER

Am I deleting the site or the just the server from sites and services?
Hi Mike, you are always right, yep, too busy for the past couple years and getting worst lately...but all so far so good :)
just the server from sites and services
Delete the object under the Server folder but not the blue site above the server folder. Assuming your new server will be going to the same site as before.
Avatar of rdefino

ASKER

so once I delete the old dc server from sites and service. The new dc that will use the ip and name of the old one will automatically show up in that site once it's promoted?
SOLUTION
Avatar of Americom
Americom
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of rdefino

ASKER

I'm getting this error when running dcpromo on the new 2008 dc. I left the dc in a workgroup prior to this.

There is no account in AD for this system name. Probably got deleted when I deleted it from sites and services.

What do I do now?
Capture.PNG
Make sure your DNS settings are correct on new server and pointing to Your DC in Primary  DNS server field
Avatar of rdefino

ASKER

when you say "Your DC in Primary  DNS ". Do you mean the ip of the new dc?
Yes...IP of your DC should be used in Primary DNS field of TCP/IP properties in New Server
Avatar of rdefino

ASKER

fails if I use that. this server is not a dns server yet.
can you post the ipconfig /all of both the servers and dcdiag /q from existing DC
Avatar of rdefino

ASKER

looks to be replicating now. WHEWWWWW
once you have promoted as DC and restarted just check if the netlogon and sysvol has been shared on new server ...run repadmin /replsum to check the health of replication and dcdiag /q to check the health of DC
Avatar of rdefino

ASKER

so the replication completed and now I cannot login in with my domain account. This is  a domain admin account too.
Whats the error?
Avatar of rdefino

ASKER

I cannot login with domain account. Just says bad password or account.

It's not talking to the domain to check the account.

I logged in doing f8 and directory restore mode, but not sure what to do here.
Avatar of rdefino

ASKER

so I need to demote this new server and promote the original server. Any thoughts on this?
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.