Can't Fix/Demote Domain Controller

By adam.chiarotto ·
Hello All,

I was trying to transfer our Win 2000 DC/DNS
server to a new Win 2003 box. I had tested it
in a lab with no problems, but now I'm having
nothing but problems.

Well I did dcpromo and it went fine, then
trying to transfer roles gave me a problem,
then DNS didn't replicate, now I can't demote
the DC to try it again. I was able to remove
the DNS from the Win2k3 box just fine.

I am pointing the dns for both boxes at the
working DNS server.

From the DC that works trying to use REPLMON,
won't connect to the Win2K3 box, but ping works
fine using either the IP or the dns name.

Checking the FSMO roles on both servers show
both think they are the domain naming master
and infrastructure master, which makes me think
this is a comm issue between the two. Anyway
to find and resolve this problem?

Any time I try to dcpromo to demote the Win2K3
box, I get this error:

"Active directory could not transfer the
remaining data in directory partition
CN=Schema,CN=Configuration,DC=byng,DC=local to
domain controller terver.byng.local"
"The RPC server is unavailable"

Also, in the domaindnszones and forestdnszones
parts on the working DNS box only shows the
failed Win2K3 box's address and name, could
that be a problem?

Now I haven't done anything to with the AD from
the Win2K3 box, should there be any problems
with doing a dcpromo /forceremoval and a
subsequent metadata cleanup?

I'd preferably like to fix this problem but I
don't know where to go next and the force
removal is the only thing google has found for
me that I haven't tried.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

You can not have two master servers on the same network.

You will have to rename one so it does not interfere with the main server(s).

Please post back if you have any more problems or questions.
If this info is useful, please give a thumbs up. Thanks

Collapse -

Seize Roles- That's about all I can offer

by CG IT In reply to Can't Fix/Demote Domain C ...

if you can't transfer roles, you'll have to seize them from the old box.

For Active Directory to function properly, you must have DNS service running and that DNS service zone must be for the AD domain.

If your old Domain Controller is also hosting DNS, then the new domain controller must also run DNS for the zone before you try to demote the old DC. you must make sure the old DC DNS allows zone transfers to the new DC DNS and that the zone actually transfered. Once you have both DCs functioning properly and both DNS servers, you can then transfer roles from the old to the new. you then remove the old DNS service so that there is only 1 DNS server service running. after that, it's just dcpromo demote the old DC to a member server.

Collapse -

Where've you been, CG?

by Churdoo In reply to Seize Roles- That's about ...

Haven't seen you in awhile, or have I just not seen you? Good to see you again CG, hope all is well.

Collapse -

really really busy at work which is great

by CG IT In reply to Where've you been, CG?

but I don't get a lot of time to post on the forums...

Thanks for the "good to see you" !!

Great to hear from you as well...

Collapse -

dcpromo /forceremoval

by Churdoo In reply to Can't Fix/Demote Domain C ...

This situation sounds messed up enough where I agree with your proposed next step. I would DCPROMO /forceremoval the W2K3 box and do the metadata cleanup on the remaining DC.

Did you do the ADPREP on the 2K AD before you started? If your 2K3 server is R2, the correct ADPREP is buried somewhere on CD2 of the 2K3 install CD's.

Make sure you do or have done the correct ADPREP /forestprep and /domainprep before trying the promotion of the 2K3 server again.

Related Discussions

Related Forums