[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 10322
  • Last Modified:

Failed 2012 Domain controller promotion

I demoted a 2003 DC and replaced it with 2012 DC with the same name and IP Address. Something appears to have gone wrong. These are the problems I have found:

1. Computer is not in site and services
2. it is in ADUC, but not showing the site or that it is a GC
3. On the machine itself it is still asking to be promoted, but when you try to promote it I get the following error:

Error determining whether the target server is already a domain controller: the domain controller promotion completed, but the server is not advertising as a domain controller.

4. DCDIAG shows multiple errors

I think I need to reinstall this dc. What is the best process?
0
V0LUME
Asked:
V0LUME
  • 8
  • 7
2 Solutions
 
BlueComputeCommented:
Right, first off, that was definitely *not* the correct approach I'm afraid. Chances are when you demoted the 2003 DC not all references to it were removed from Active Directory, and now the new server is being affected by these references. Do you have other DCs in the domain? I'm assuming so - if this isn't the case let me know rather than following these steps.
Demote the new server. If it won't go cleanly, which it probably wont, follow the manual instructions here for a 2003 server, and then the ones here as well for extra entries that relate to the 2012 servers.
RENAME THE 2012 SERVER. This is important. You'll run into problems if you try and use the same name. If you're desperate to avoid reconfiguring clients (which, I assume, is why you tried to give it the same name?) then add a CNAME record in DNS pointing the old name to the new server.
Make sure all your FSMO roles are held by valid, working servers.
Re-promote the 2012 server.

That should get you sorted. You might still have to tidy up a few DNS entries etc.
0
 
Miguel Angel Perez MuñozCommented:
I think best option is:

Demote this DC doing a force removal
Do a metadata cleanup: http://technet.microsoft.com/en-us/library/cc731035.aspx
Try promote again.

If DC can not be demote, format and reinstall may be a solution.
0
 
V0LUMEAuthor Commented:
Ok I followed the steps from an MVP in Directory services so I doubt it is not the correct process. I have already completed the same process for another DC

http://blogs.msmvps.com/acefekay/2010/10/09/remove-an-old-dc-and-introduce-a-new-dc-with-the-same-name-and-ip-address/

I already tried dcpromo /forceremoval, but dcpromo has been deprecated in 2012 so it doesn't work. Normally I demote in 2012 using server manager, but server manager is throwing an error.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
V0LUMEAuthor Commented:
last time I introduced new DCs with different IPs It caused me a major issue, because the DNS server setting didn't get updated on some clients. The records in this place are not good so there is always a rogue device out there which will fail because of an incorrect dns server setting.
0
 
BlueComputeCommented:
That's not a process I've encountered before; the MVP specifies it's for 2003 and 2008, not 2012, and it sounds fraught with danger to me to be honest but we'll roll with it for now.
Which error is server manager throwing? What happens if you try to demote using Powershell and the -ForceRemoval switch?
0
 
BlueComputeCommented:
Also, and this is fairly important, what level is the domain at and what live DCs do you still have?
0
 
V0LUMEAuthor Commented:
the domain controller I was demoting was 2003 so the process seemed appropriate. I'm gonna try the powershell command now.

The domain level is still at 2003 I haven't raised it yet. I have 8 Live DCs. FSMO roles are held by another DC.
0
 
BlueComputeCommented:
Cool. In that case, if you can't persuade the 2012 controller to demote using powershell or server manager then you'll need to isolate it from the domain, remove all references to it in AD (whether those references are for the old 2003 server with the same name or the new server) by following the manual demotion steps above on one of your live DCs (metadata cleanup and ADSIEDIT), then reinstall 2012 on your new server (I'd be very inclined to use a new name but if you're 100% sure all the references are gone from AD and DNS then you might be ok with the same name) and re-join as normal.
0
 
V0LUMEAuthor Commented:
the server manager error is this:
an error occurred when demoting the ad dc
the wizard cannot access the list of domains in the forest. The error is: the interface is unknown
0
 
V0LUMEAuthor Commented:
Powershell is throwing a similar error. I didn't use the force switch yet.

PS C:\Windows\system32> Uninstall-ADDSDomainController
LocalAdministratorPassword: ********
Confirm LocalAdministratorPassword: ********

The server will be automatically restarted when this operation is complete. The domain will no longer exist after you
uninstall Active Directory Domain Services from the last domain controller in the domain.
Do you want to continue with this operation?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y
Uninstall-ADDSDomainController : Verification of prerequisites for Domain Controller promotion failed. The wizard
cannot access the list of domains in the forest. The error is:
The interface is unknown.
At line:1 char:1
+ Uninstall-ADDSDomainController
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Uninstall-ADDSDomainController], TestFailedException
    + FullyQualifiedErrorId : Test.VerifyDcPromoCore.DCPromo.General.26,Microsoft.DirectoryServices.Deployment.PowerSh
   ell.Commands.UninstallADDSDomainCommand

Message                       Context                                      RebootRequired                        Status
-------                       -------                                      --------------                        ------
Verification of prerequisi... Test.VerifyDcPromoCore.DCP...                         False                         Error
0
 
V0LUMEAuthor Commented:
Do you think I should use the force removal? It says only use if you do not have connectivity to other DCs

-ForceRemoval

Forces the removal of a domain controller. Use this parameter to force the uninstall of AD DS if you need to remove the domain controller and do not have connectivity to other domain controllers within the domain topology.
0
 
BlueComputeCommented:
Yep, That's exactly what we need to do; it doesn't have connectivity to the DCs; that's what all the errors are saying.
0
 
V0LUMEAuthor Commented:
I managed to demote it using server manager with the force removal switch.

Going to perform Metadata cleanup next using this link: http://technet.microsoft.com/en-us/library/cc816907%28v=ws.10%29.aspx

then I will re-install. What do you think?
0
 
BlueComputeCommented:
That's perfect; just need to make sure that all references to that server are gone from active directory - it's worth running through the steps here as well to make sure it's gone. Then you should be able to either re-promote or rebuild from scratch and re-promote.
0
 
V0LUMEAuthor Commented:
The DC is now re-installed. Looks a lot cleaner now - appears in ADUC in the correct site and as a GC & Sites & Services looks good. I can't see it at our local site, but should be fine after replication occurs.

 I've now upgraded all DCs in the forest so I can finally raise the domain functional level!  It's sods law that the last DC went wrong!

Thanks for your help. Will accept the most relevant solutions.
0
 
BlueComputeCommented:
Great, glad you got it sorted :)

BC
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 8
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now