Cannot demote a DC using DCPROMO  - 'Logon failure: the target account name is invalid.

Posted on 2013-11-13
Medium Priority
Last Modified: 2013-11-18

I have a urgent need to demote a 2003 DC server. The server was offline for over 60 days and it appears to have tombstoned. The server was offline and due to a network issue and now users are having issues logging in to their workstations, etc

The server has no roles attached to it and is not a GK server. I'm getting replication issues on my good DC.

The error I receive is - The operation failed because:

Managing the network session with  ****.local failed.

'Logon failure. The target account name is incorrect.

How do I demote this server?
Question by:APC_40
  • 3
  • 3
LVL 23

Accepted Solution

Thomas Grassi earned 2000 total points
ID: 39644787
take a look at this


What errors are you getting? Post

Author Comment

ID: 39644847
On my good DC it says in event viewer under directory service -

Event ID  - 2042  -  

Source NTDS replication.

Description - It has neen too long since this machine last replicated with the named source machine. The time between replicatins with this source has excedded the tombstone lifetime. The source machine may still have copies of object that have been deleted.

On the 'bad' DC -

Error event ID  1864  -

The local domain controller has not recently received replication information from a number of domain controllers. The count of domain controllers is shown, divided in to the following intervals.

More thatn 24hrs
More thatn a week
More than a month
More than two months
More than a lifetime
Tombstone lifetime Days
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39644868
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.


Author Comment

ID: 39645989
Ok I've deleted the DC using the metadata cleanup and it's been removed from DNS. Only 2 DCs are now in AD. I did not DCPROMO /force, i deleted the server through meta data cleanup

Unfortunately I logged on to a few PCs and some allowed access but others did not as before.  I don't understand why sometimes I can logon to a PC but others i can't . The message when trying to logon states 'a domain controller could not be found, etc...'

There was still an issue that when a users password was changed in AD and they were forced to change it, it never asked for them to change it.

Any further guidance?
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39646931
Run this and post results

@echo off
echo "Starting NetDiag on SERVER" >>c:\util\dclogx.txt
netdiag >>dclogx.txt

echo "Starting DCDiag on SERVER" >>c:\util\dclogx.txt
dcdiag >>dclogx.txt
dcdiag /test:registerindns /dnsdomain:FQDN>>dclogx.txt
dcdiag /c /v >>dclogx.txt
dcdiag /test:dns >>dclogx.txt
browstat status -v our >>dclogx.txt

echo "Who owns FSMO Roles" >>dclogx.txt
NTDSUTIL roles Connections "Connect to server SERVER" Quit "select Operation Target" "List roles for connected server" Quit Quit Quit >>dclogx.txt


Lets check your AD and DNS

Author Closing Comment

ID: 39656061
Cleared the DC using metadatacleanup - cheers all.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting a…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question