can't demote Domain Controller

Hi @ all

We are currently migrating a Domain Controller from Windows Server 2008 SBS to Windows Server 2012. I successfully added the Windows Server 2012 as a domain Controller in my forest and moved all FSMO-roles over to the new server. Everything seams runnig fine since there aren't any errors or warnings in the eventlog. I also can successfully replicate between the two DCs. All required entrys in the DNS are available too and the DC is listed as domain controller, GC and DNS- server. The two DCs are set to use the new DNS-server as primary DNS-Server.

If I want to demote the old 2008SBS I get many errors telling me that there can't be contacted any domain controller in the specified domain and the specified domain is not available, and the dcpromo finishs without demoting the old server.

If I run a dcdiag I get different errors. (DCdiag in the attachments) dcdiag-NEW-Server-2012.txt

What could be the problem?

Thanks a lot for any help
Who is Participating?
VirastaRConnect With a Mentor UC Tech Consultant Commented:

From the DCDiag this what I understand....

Doing primary tests

   Testing server: Default-First-Site-Name\NEW-Server-2012

      Starting test: Advertising

         Warning: DsGetDcName returned information for

         \\, when we were trying to reach



         ......................... NEW-Server-2012 failed test Advertising

      Starting test: FrsEvent

Check this..

server is not responding or is not considered suitable

SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE ......................... ad2008R2 failed test Advertising

Hope that helps :)
MAS (MVE)Technical Department HeadCommented:
If you dont want the DC you could forcefully remove the DC by the command
"dcpromo /forceremoval"  and follow these to remove entries from DC
piyushranusriSystem Cloud SpecialistCommented:
firstly i will suggest you to resolve the issue before doing demotion. I can see SERVER IS NOT RESPONDING, Unable to connect to the NETLOGON share! ,

check the net work connection first. because all the error is said in the text file is related to network issue.

restart the domain first and then run the dcdiag.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Cliff GaliherCommented:
I would not recommend forcibly removing the old DC since both advertising and netlogons is failing. You could permanently break your domain.

Instead, configure the primary DNS server ON the new server to point to the old server, then reboot each server so hey both aren't down at the same time.

Finally, rerun dcdiag and replmon and look for problems. Once replication reports good AND there are no errors, you can switch the DNS server back.

The error 67 in your dcdiag makes me believe that the AD zone didn't finish replicating. Thus the failure to start netlogon, thus the failure to advertise, ultimately leading to the failure to demote. The above steps allows that to finish and resolve itself.
ECOteamAuthor Commented:
I added the old server in the "forwarders" list of the DNS and the old server is listed as primary DNS-server in the NIC config now. Is it that, what you meant bevore? I rebooted both servers. I run repadmin and it shows me that all replications are finised without any errors.

If I try to demote the old server, it fails again...

I have no idea what to do next... any suggestions?

Thanks a lot for your help.
Cliff GaliherCommented:
I never mentioned forwarders. That will only further complicate things. Make sure new server points to old and old points to new, then do dcdiags on BOTH. If you want more help, please post both ipconfigs (with /all) and both dcdiags.
According to the following link it sounds like SBS likes to hold all of the FSMO roles since it is suppose to be a stand-alone DC.

1) Move all FSMO rolls to SBS, demote it than seize the FSMO rolls to your 2012 server

2) Force demote your SBS server than run a Metadata cleanup to make sure all references to your SBS server are gone.
SandeshdubeySenior Server EngineerCommented:
From the log it is clear that sysvol/netlogon share is missing on  NEW-Server-2012.I have seen the same case many times this happens when Win2008/2012 DC is introduced in win2003 network.Once 2008/12 DC is promoted the sysvol content are not replicated that is policies and script folder is not replicated to Win2008 DC.

Check the sysvol and netlogon share are available or not.Ran net share command to check the same.

Check the sysvol folder are the policies and script folder replicated or not.If it is not replicated you need to perfrom authorative and non authorative of sysvol folder to fix the same.

Assuming you have two DC Win2003 and Win2012.On 2003DC ran D4(auth restore) and on 2012DC ran D2(nonauth restore):Refer below link:

Take the backup of policies and script folder from 2003DC and copy the same to alternate location before you proceed.

Once done then you can proceed with demoting sbs server.
Did you upgrade your AD schema before adding your 2012 server to the domain?
SandeshdubeySenior Server EngineerCommented:
ECOteamAuthor Commented:
@virastar: Your first link provided helped me. Thanks a lot! Problem solved.
ECOteamAuthor Commented:
@virastar: Your first link provided helped me. Thanks a lot! Problem solved.
So was the issue that your 2012 server was not fully promoted and/or the process did not complete successfully??
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.