Solved

Cannot demote a DC using DCPROMO  - 'Logon failure: the target account name is invalid.

Posted on 2013-11-13
6
6,685 Views
Last Modified: 2013-11-18
Hi,

I have a urgent need to demote a 2003 DC server. The server was offline for over 60 days and it appears to have tombstoned. The server was offline and due to a network issue and now users are having issues logging in to their workstations, etc

The server has no roles attached to it and is not a GK server. I'm getting replication issues on my good DC.

The error I receive is - The operation failed because:


Managing the network session with  ****.local failed.

'Logon failure. The target account name is incorrect.


How do I demote this server?
0
Comment
Question by:APC_40
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 23

Accepted Solution

by:
Thomas Grassi earned 500 total points
ID: 39644787
take a look at this

http://www.petri.co.il/delete_failed_dcs_from_ad.htm#

What errors are you getting? Post
0
 

Author Comment

by:APC_40
ID: 39644847
On my good DC it says in event viewer under directory service -


Event ID  - 2042  -  

Source NTDS replication.

Description - It has neen too long since this machine last replicated with the named source machine. The time between replicatins with this source has excedded the tombstone lifetime. The source machine may still have copies of object that have been deleted.

On the 'bad' DC -


Error event ID  1864  -


The local domain controller has not recently received replication information from a number of domain controllers. The count of domain controllers is shown, divided in to the following intervals.

More thatn 24hrs
2
More thatn a week
2
More than a month
2
More than two months
2
More than a lifetime
2
Tombstone lifetime Days
60
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39644868
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:APC_40
ID: 39645989
Ok I've deleted the DC using the metadata cleanup and it's been removed from DNS. Only 2 DCs are now in AD. I did not DCPROMO /force, i deleted the server through meta data cleanup

Unfortunately I logged on to a few PCs and some allowed access but others did not as before.  I don't understand why sometimes I can logon to a PC but others i can't . The message when trying to logon states 'a domain controller could not be found, etc...'


There was still an issue that when a users password was changed in AD and they were forced to change it, it never asked for them to change it.

Any further guidance?
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39646931
Run this and post results

@echo off
echo "Starting NetDiag on SERVER" >>c:\util\dclogx.txt
netdiag >>dclogx.txt

echo "Starting DCDiag on SERVER" >>c:\util\dclogx.txt
dcdiag >>dclogx.txt
dcdiag /test:registerindns /dnsdomain:FQDN>>dclogx.txt
dcdiag /c /v >>dclogx.txt
dcdiag /test:dns >>dclogx.txt
browstat status -v our >>dclogx.txt

echo "Who owns FSMO Roles" >>dclogx.txt
NTDSUTIL roles Connections "Connect to server SERVER" Quit "select Operation Target" "List roles for connected server" Quit Quit Quit >>dclogx.txt

EXIT


Lets check your AD and DNS
0
 

Author Closing Comment

by:APC_40
ID: 39656061
Cleared the DC using metadatacleanup - cheers all.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Have you ever had a hard drive that you can't boot into, but need to change the registry? Here is the solution! This article guides you through accessing and editing a registry of a non-primary drive. To read registry information on a non-prim…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question