users not logging in with new dc


  • I promoted a new dc in a remote office verified that the new dc is in the correct site and subnet. shutdown the old dc but users are not using the new dc to login. They are going back to the main site for logins. any idea?
    Sunday, August 18, 2013 12:31 AM


All replies

  • i checked adss and i am seeing 2 ntds settings. what is the first one with the random numbers?
    Sunday, August 18, 2013 12:45 AM
  • Hi,

    Please check the DNS settings of the client and make sure that those are pointing to new DC. Also associate the client subnets to new site and check

    Sunday, August 18, 2013 8:20 AM
  • Hello,

    assure the clients use the new DNS server on the NIC. And see about the stickiness from used DCs.

    For the name in AD sites and services, is this an existing DC? If not then heck with metadata cleanup to remove old NOT existing DCs from the database.

    Best regards

    Meinolf Weber
    Microsoft MVP - Directory Services
    My Blog:

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Sunday, August 18, 2013 10:22 AM
  • Hi,

    As others mentioned, you would check the dns settings on the client, make sure those are pointing to new dc.

    Metadata cleanup is a required procedure after a forced removal of Active Directory Domain Services (AD DS).

    You perform metadata cleanup on a domain controller in the domain of the domain controller that you forcibly removed. Metadata cleanup removes data from AD DS that identifies a domain controller to the replication system. Metadata cleanup also removes File Replication Service (FRS) and Distributed File System (DFS) Replication connections and attempts to transfer or seize any operations master (also known as flexible single master operations or FSMO) roles that the retired domain controller holds.

    For more and detail information, please refer to:

    Clean Up Server Metadata

    Please also check this KB article:

    Domain Controller Server Object Not Removed After Demotion

    Hope this helps.


    If you have any feedback on our support, please click here

    Vivian Wang
    TechNet Community Support

    Monday, August 19, 2013 2:27 AM
  • I would be agreeing with others. Can you use Netmon/Wireshark to check the flow of packets to confirm where the problem is. Also, if there are multiple DC in the site, any DC can authenticate, its not necessary only particular DC will authenticate. Moreover, if there are demoted DC, use the below link to cleanup the remnants.

    Remove References of a Failed DC/Domain Or Perform Metadata Cleanup  

    Verify the sysvol share & perform the health analysis of the new DC using dcdiag utility.

    What does DCDIAG actually… do?   

    Active Directory Replication Status Tool Released

    Awinish Vishwakarma - MVP

    My Blog:

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Monday, August 19, 2013 4:06 AM
  • Hi,

    Any updates?

    Please feel free to let us know if you need further assistance.


    If you have any feedback on our support, please click here

    Vivian Wang
    TechNet Community Support

    Thursday, August 22, 2013 2:08 AM