none
Unable to demote AD DC

    Question

  • Hi Techies, My organization has a server running Win 2008 R2 with Exch 2010 on it for some months. Its also a AD & DC. Since its serving for less than 10 clients, I thought of moving the Exch 2010 to a smaller server. What I was:-

    1. Installed Win 2008 R2

    2. Did a DCPROMO - I choose the option to be as an Additional Domain Controller on the same IP range and successfully did transferred the User and computer objects

    3. Installed the Exchange 2010.

    4. Took a backup of Existing Exch 2010 and restored it on the new Exch 2010 server

    5. Able to replicate and all works fine.

    Now, the real problem came was, the new server which I was building for, is needed for some other purpose, so I ditched the server out of the network.

    When I go into the Existing server and opened the EMC, I found there were 2 databases (old and new). I dismounted the new one and removed it under the Organization Configuration - Mailbox. After I closed the EMC and reopened it, I got a pop up that I should activate my new Exch 2010 or it will expire in 119 days. Though, I removed it, I still get that whenever I open the EMC. Also, I still see that new Exch 2010 server name under the Server Configuration with a blue exclamation. How will I remove it and bring back to the normal like how it was before?

    I also tried demoting the AD DC from the new server, but it said that its not a last AD DC. 

    When I go to Active Directory Sites and Services - Sites - Default-First-Site-Name - Servers - I still see the new Server and am unable to remove. It throws an error "---------------------------

    Active Directory Domain Services

    ---------------------------

    Do not delete the WIN-17RFD41NVLE1 container object. WIN-17RFD41NVLE1 contains objects representing Domain Controller WIN-17RFD41NVLE1 and possibly other DCs. To delete these objects, demote the DCs using the Active Directory Domain Services Installation Wizard (DCPROMO). If the DCs represented by these objects are permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO), you must delete them one at a time.

    ---------------------------

    OK   

    ---------------------------"


    Anand K
    Friday, July 01, 2011 8:53 AM

Answers

  • Demote the DC using dcpromo /forceremoval & perform the metadata cleanup. Make sure other DC/member server is pointing the new windows 2008 R2 as an DNS server instead of windows 20008 R2 going to be demoted server. Also, verify windows 2008 R2 DC is also a GC server.

    If, windows 2008 R2 DC doesn't hold FSMO roles, you can demote the DC using dcpromo /forceremoval. After metadata cleanup which is mandatory step, you are required to remove the left out references manually.

    Metadata Cleanup of a Domain controller

    http://awinish.wordpress.com/2011/05/08/metadata-cleanup-of-a-domain-controller/

     

    Regards


    Awinish Vishwakarma| CHECK MY BLOG

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Friday, July 01, 2011 9:40 AM
    Moderator
  • Hello,

    first of all, you have to make sure that there is at least one DC holding a GC that is left for your domain.

    Once done, proceed like that:

    • Run dcpromo /forceremoval on the old DC to force its demotion
    • Run netdom query fsmo command to check that the old DC is holder of FSMO roles or not. If yes, you have to resize them to the other DC
    • Perform a metadata cleanup
    • Detele all remaining DNS records in your domain DNS zone

    Note that it is recommended to have at least two DC / DNS / GC servers per domain.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator

    Friday, July 01, 2011 10:37 AM
  • Hello,

    first i like to mention that it is NOT recommended to run Exchange, doesn't matter which version, on a DC.

    If i understand you correct the new installed machine should be demoted, this require to UNINSTALL Exchange FIRST, demoting with Exchange installed is NOT supported.

    So uninstall Exchange and then run dcpromo to demote it. The question about the last DC will always appear when demoting a DC and you have to choose if it is the last DC in the domain or not. In your case do NOT check mark the box as one DC still exists.

    If the demotion doesn't work that way you have to disconnect the new installed machine from the network, NEVER reconnect it, then run metadata cleanup on the existing one to remove all objects from the problem machine: http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx

    In your case i would install the removed machine from scratch to use it again.

    For the Exchange problems part please use the Exchange forum instead this one:

    http://social.technet.microsoft.com/Forums/en-US/category/exchangeserver/

    "After I closed the EMC and reopened it, I got a pop up that I should activate my new Exch 2010 or it will expire in 119 days."

    After installing Exchange you have to activate it with the serial number as done on the first installed Exchange server.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Sunday, July 03, 2011 10:30 AM

All replies

  • Demote the DC using dcpromo /forceremoval & perform the metadata cleanup. Make sure other DC/member server is pointing the new windows 2008 R2 as an DNS server instead of windows 20008 R2 going to be demoted server. Also, verify windows 2008 R2 DC is also a GC server.

    If, windows 2008 R2 DC doesn't hold FSMO roles, you can demote the DC using dcpromo /forceremoval. After metadata cleanup which is mandatory step, you are required to remove the left out references manually.

    Metadata Cleanup of a Domain controller

    http://awinish.wordpress.com/2011/05/08/metadata-cleanup-of-a-domain-controller/

     

    Regards


    Awinish Vishwakarma| CHECK MY BLOG

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Friday, July 01, 2011 9:40 AM
    Moderator
  • Hello,

    first of all, you have to make sure that there is at least one DC holding a GC that is left for your domain.

    Once done, proceed like that:

    • Run dcpromo /forceremoval on the old DC to force its demotion
    • Run netdom query fsmo command to check that the old DC is holder of FSMO roles or not. If yes, you have to resize them to the other DC
    • Perform a metadata cleanup
    • Detele all remaining DNS records in your domain DNS zone

    Note that it is recommended to have at least two DC / DNS / GC servers per domain.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator

    Friday, July 01, 2011 10:37 AM
  • Hello,

    first i like to mention that it is NOT recommended to run Exchange, doesn't matter which version, on a DC.

    If i understand you correct the new installed machine should be demoted, this require to UNINSTALL Exchange FIRST, demoting with Exchange installed is NOT supported.

    So uninstall Exchange and then run dcpromo to demote it. The question about the last DC will always appear when demoting a DC and you have to choose if it is the last DC in the domain or not. In your case do NOT check mark the box as one DC still exists.

    If the demotion doesn't work that way you have to disconnect the new installed machine from the network, NEVER reconnect it, then run metadata cleanup on the existing one to remove all objects from the problem machine: http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx

    In your case i would install the removed machine from scratch to use it again.

    For the Exchange problems part please use the Exchange forum instead this one:

    http://social.technet.microsoft.com/Forums/en-US/category/exchangeserver/

    "After I closed the EMC and reopened it, I got a pop up that I should activate my new Exch 2010 or it will expire in 119 days."

    After installing Exchange you have to activate it with the serial number as done on the first installed Exchange server.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Sunday, July 03, 2011 10:30 AM
  •  
    <META name=Generator content="Microsoft Word 14 (filtered)"> <STYLE> </STYLE>

     

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    BLOG (WEB-BASED) --> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test ANY suggestion in a test environment before implementing!
    -------------------------------------------------------------------------------------------------------

    "Anand Krishnamoorthy" wrote in message news:e5a52c75-8310-4eab-ba98-f37d0fa5a6b7...

    Hi Techies, My organization has a server running Win 2008 R2 with Exch 2010 on it for some months. Its also a AD & DC. Since its serving for less than 10 clients, I thought of moving the Exch 2010 to a smaller server. What I was:-

    1. Installed Win 2008 R2

    2. Did a DCPROMO - I choose the option to be as an Additional Domain Controller on the same IP range and successfully did transferred the User and computer objects

    3. Installed the Exchange 2010.

    4. Took a backup of Existing Exch 2010 and restored it on the new Exch 2010 server

    5. Able to replicate and all works fine.

    Now, the real problem came was, the new server which I was building for, is needed for some other purpose, so I ditched the server out of the network.

    When I go into the Existing server and opened the EMC, I found there were 2 databases (old and new). I dismounted the new one and removed it under the Organization Configuration - Mailbox. After I closed the EMC and reopened it, I got a pop up that I should activate my new Exch 2010 or it will expire in 119 days. Though, I removed it, I still get that whenever I open the EMC. Also, I still see that new Exch 2010 server name under the Server Configuration with a blue exclamation. How will I remove it and bring back to the normal like how it was before?

    I also tried demoting the AD DC from the new server, but it said that its not a last AD DC.

    When I go to Active Directory Sites and Services - Sites - Default-First-Site-Name - Servers - I still see the new Server and am unable to remove. It throws an error "---------------------------

    Active Directory Domain Services

    ---------------------------

    Do not delete the WIN-17RFD41NVLE1 container object. WIN-17RFD41NVLE1 contains objects representing Domain Controller WIN-17RFD41NVLE1 and possibly other DCs. To delete these objects, demote the DCs using the Active Directory Domain Services Installation Wizard (DCPROMO). If the DCs represented by these objects are permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO), you must delete them one at a time.

    ---------------------------

    OK  

    ---------------------------"


    Anand K

    Jorge de Almeida Pinto [MVP-DS] (http://blogs.dirteam.com/blogs/jorge/default.aspx)
    Saturday, July 09, 2011 5:31 PM
    Moderator