locked
Demoting Server 2008 R2 Domain Controller RRS feed

  • Question

  • I've recently set up two new Server 2012 R2 DCs, and am trying to demote the first of the two old ones (2008 R2). I went through the DCPROMO wizard then rebooted, and it now seems impossible to log into the VM to remote the roles (it also has DNS and DHCP) - it just hangs at 'applying user settings'. I've tried going in using safe mode but I just get a blank desktop with the 'safe mode' warnings around the edges.

    I suspect a DNS problem, and it's causing major issues with the network - Outlook won't connect to Exchange, etc. I really need to solve this before the office opens in about 9 hours time. Any help would be much appreciated!

    Thanks


    David

    Wednesday, January 13, 2016 10:44 PM

Answers

All replies

  • Hi

     Please run the following commands and paste results on OneDrive..

    - netdom query fsmo

    - dcdiag

    - repadmin /replsum

    - ipconfig /all


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Wednesday, January 13, 2016 10:51 PM
  • I can't run them on that machine as I can't log in to it, but on another DC (the new FSMO), netdom query FSMO shows the correct new DC for all five roles (the problem one was never the FSMO anyway)

    dcdiag - all pass OK

    repadmin - all pass OK

    ipconfig /all - gives four DNS servers: the two new DCs, the two old ones, plus the loopback address.

    Thanks


    David


    Wednesday, January 13, 2016 11:13 PM
  •  Outlook won't connect to Exchange, etc.>>> Check the new server 2012 confgured with GC role and check the Exchange server dns ip,needs to resolve the new dc's.

    And if you do not gracefully demote this 2008 server,you will do metadata cleanup for demote from domain.

    Metadata cleanup

    https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx?f=255&mspperror=-2147217396


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Wednesday, January 13, 2016 11:18 PM
  • Exchange server, etc, all pointing at the correct IP addresses for DNS server.

    Just using a client to test, and they cannot access the internet - done the usual release and renew, flushdns, etc.

    There appears to be some major DNS fault, but I still can't see what it is!

    The old DC should have been demoted OK - it was the reboot after the demotion when it started playing up. It doesn't appear in the list produced by netdom query dc

    Thanks


    David

    Wednesday, January 13, 2016 11:25 PM
  • Hi David,
    Please do an NSLOOKUP to see if there are any errors on your DNS server.
    For more information, please check:
    https://technet.microsoft.com/en-us/library/cc725991.aspx

    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Wendy Jiang Tuesday, January 19, 2016 8:56 AM
    Friday, January 15, 2016 9:33 AM