Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Can't remove Active directory from SBS 2008

Posted on 2014-01-05
12
Medium Priority
?
2,684 Views
Last Modified: 2014-01-06
I upgraded a network running SBS 2008 to Server 2012 R2. All that is left is to do is dcpomo the SBS server and remove it from the domain. When I run dcpromo I get the error "You did not indicate that this Active Directory domain controller is the last domain controller for the domain domain.local. However, no other Active Directory domain controllers for that domain can be contacted."

The 2012 server has all the FSMO roles. DNS appears to be correct with one exception. On the SBS server when I run  dcdiag /test:dns I get the error " Missing AAAA record at DNS server 10.10.0.11:"  10.10.0.11 is the SBS server.

I disabled IP6 but that did not have any effect

I do not get an error on the 2012 server when running dcdiag /test:dns

I turned both firewalls off

netdom query fsmo on both servers shows that the 2012 server has all the fsmo roles

repadmin /showreps is successful

nltest shows successful on both servers from both servers
nltest /dsgetdc:domain /server:newserver and oldserver

I need to find a way to remove AD from SBS 2008 so I can remove it from the network
0
Comment
Question by:ajdratch
  • 5
  • 4
  • 3
12 Comments
 
LVL 38

Expert Comment

by:Mahesh
ID: 39757687
You could run dcpromo /forceremoval command on SBS 2008 server since all of your FSMO role already transferred to windows 2012 R2 DC, but doing so it will take server directly to workgroup and you must then clean its metadata from 2012 R2 server with ntdsutil command line utility

Mahesh
0
 

Author Comment

by:ajdratch
ID: 39757689
That is my last resort. As you said, I would then need to manually clean up AD
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39757694
One option is you could setup 2012 R2 DC IP as a primary dns on SBS in TCP/IP settings and then try demoting gracefully with dcpromo.

If that fails, then there is no other option other than dcpromo /forceremoval
After that you must do Metadata clean-up
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
http://awinish.wordpress.com/2011/05/08/metadata-cleanup-of-a-domain-controller/

Mahesh
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:ajdratch
ID: 39757704
I did try as you suggested but that did not work
0
 
LVL 40

Expert Comment

by:Philip Elder
ID: 39757713
Leave IPv6 enabled as that messes things up to disable it.

Make sure DNS 0 on each DC with DNS points to itself only. Do not have any other DNS server IPs set in DNS 1 (on each NIC).

NSLookup on SBS 08 resolves the new DC name to the correct IP?

Philip
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39757732
Try below
Setup 2012 R2 DC IP as a primary dns on SBS in TCP/IP settings and then reboot the SBS server and try gracefully demote with dcpromo.

If that fails, then I don't see any other option other than dcpromo /forceremoval

Mahesh
0
 
LVL 40

Expert Comment

by:Philip Elder
ID: 39757748
If SBS is unable to resolve the new DC there may be problems in AD with replication. DNS is AD integrated and therefore both DCs should be sharing the same zone information.

Does the _msdcs.domain.local domain have GUIDs for both servers listed?

I suggest not changing the primary DNS to anything beyond itself. DNS not being healthy will be a killer.

Philip
0
 

Author Comment

by:ajdratch
ID: 39759037
_msdcs.domain.local does show both servers.

I have SBS 2008 and Server 2012 which are both DC. 2012 has all fSMO roles. Exchange 2007 has been uninstalled. I also have a member server running Exchange 2013.

What worries my now is that when I shut down SBS server, Outlook gets disconnected on all workstations.

DNS on Exchange 2013 does point to server 2012 DC
0
 

Author Comment

by:ajdratch
ID: 39759229
I have had many problems with this migration and kept thinking there had to be one thing wrong causing all the problems. Turns out sysvol was not shared. I suspect this has been the source of many issues including Exchange migration.

I made this change
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
Changed BurFlags value to D4

Sysvol is now shared. The DCPomo wizard goes past that warning however I did not go any further yet.

Sysvol on the new server does not have all the information and the netlogon folder is not shared. I need to resolve this first.
0
 
LVL 40

Expert Comment

by:Philip Elder
ID: 39759568
NOTE: With a DCPromo /ForceRemoval run on the old SBS your AD on the new DC would probably be incomplete and things may very well have been quite dire. :(

Please run the SBS Best Practices Analyzer.

We have an SBS migration guide here: http://bit.ly/oZ5ePG

While not specific to your given setup it has lots of bits about troubleshooting and cleaning up AD, replication, and more.

Philip
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39759968
How is your AD replication working between both Domain Controllers ?

You may try D2 BurFlags value on 2012 DC

You may try below article for FRS Sysvol non authoritative restore on Windows 2012 DC
http://support.microsoft.com/kb/290762

If that succeed, then your netlogon and Sysvol will get shared on new DC and then check if your replication is working properly

You may use FRSDiag tool for verification of FRS
The tool has GUI and may helps you. Check below article for its usage
http://blogs.technet.com/b/askds/archive/2008/05/22/verifying-file-replication-during-the-windows-server-2008-dfsr-sysvol-migration-down-and-dirty-style.aspx

Mahesh
0
 

Author Closing Comment

by:ajdratch
ID: 39760204
I was editiing BurFlags on the 2012 DC. When I put D4 in the 2008 DC, netlogon and sysvol folders showed up.
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question