Cannot demote DC

Cannot demote DC

Post by nick varnali » Fri, 06 Jun 2003 21:32:44



Here is my problem. We recently purchased a new computer
that will replace our old DC. We made another one of our
server's a second DC so that I could demote our first DC,
which would then allow me to make our new server a DC. My
problem is that when I run dcpromo on the old DC it keeps
telling me that my credentials are wrong and to use a user
that has Enterprise Admin rights to our domain. The
password and user are correct. No matter what I input it
will no demote my DC controller, and keeps asking for
proper credentials. I looked at the DC policies and
Administrators is there. I'm at a loss to figure out what
the heck is going on.
 
 
 

Cannot demote DC

Post by Thierry F. [MVP » Fri, 06 Jun 2003 22:02:46


Hi,

have you moved the FSMOs roles and the Global Catalog before attempting to
demote your DC ? I suggest to check the logs from the event viewers on the
old DC. You should have some criticals events.

Another solution:

- shut down the old DC ;
on the new DC:
- use ntdsutil to seize the FSMO roles.
- add the GC.
- use ntdsutil to remove the old DC.
- use the dns console to remove old records of the old DC.
- use adsiedit to remove the domain controler object from Active Directory.

Use this way only if you know what you do !

Thierry F. [MVP Windows 2000]



Quote:> Here is my problem. We recently purchased a new computer
> that will replace our old DC. We made another one of our
> server's a second DC so that I could demote our first DC,
> which would then allow me to make our new server a DC. My
> problem is that when I run dcpromo on the old DC it keeps
> telling me that my credentials are wrong and to use a user
> that has Enterprise Admin rights to our domain. The
> password and user are correct. No matter what I input it
> will no demote my DC controller, and keeps asking for
> proper credentials. I looked at the DC policies and
> Administrators is there. I'm at a loss to figure out what
> the heck is going on.


 
 
 

Cannot demote DC

Post by Nick Varnali » Fri, 06 Jun 2003 22:27:20


Yes. all the FSMO roles and Global Catalog were moved to
another DC controller. There were some errors in the logs
during the DCPROMO operation. Most had to do with the DNS.

Quote:>-----Original Message-----
>Hi,

>have you moved the FSMOs roles and the Global Catalog

before attempting to
Quote:>demote your DC ? I suggest to check the logs from the

event viewers on the
>old DC. You should have some criticals events.

>Another solution:

>- shut down the old DC ;
>on the new DC:
>- use ntdsutil to seize the FSMO roles.
>- add the GC.
>- use ntdsutil to remove the old DC.
>- use the dns console to remove old records of the old DC.
>- use adsiedit to remove the domain controler object from
Active Directory.

>Use this way only if you know what you do !

>Thierry F. [MVP Windows 2000]




>> Here is my problem. We recently purchased a new computer
>> that will replace our old DC. We made another one of our
>> server's a second DC so that I could demote our first
DC,
>> which would then allow me to make our new server a DC.
My
>> problem is that when I run dcpromo on the old DC it
keeps
>> telling me that my credentials are wrong and to use a
user
>> that has Enterprise Admin rights to our domain. The
>> password and user are correct. No matter what I input it
>> will no demote my DC controller, and keeps asking for
>> proper credentials. I looked at the DC policies and
>> Administrators is there. I'm at a loss to figure out
what
>> the heck is going on.

>.

 
 
 

Cannot demote DC

Post by Thierry F. [MVP » Fri, 06 Jun 2003 23:48:48


Your forward zone (AD integrated) may be incomplete. You can:

- remove all the records from the zone (yes you can!)
- use ipconfig /registerdns
- restart the netlogon service

You dns zone will be completed.

Add is necessary the reverse zone (AD integrated) to match your network.

Thierry F.



Yes. all the FSMO roles and Global Catalog were moved to
another DC controller. There were some errors in the logs
during the DCPROMO operation. Most had to do with the DNS.

Quote:>-----Original Message-----
>Hi,

>have you moved the FSMOs roles and the Global Catalog

before attempting to
Quote:>demote your DC ? I suggest to check the logs from the

event viewers on the
>old DC. You should have some criticals events.

>Another solution:

>- shut down the old DC ;
>on the new DC:
>- use ntdsutil to seize the FSMO roles.
>- add the GC.
>- use ntdsutil to remove the old DC.
>- use the dns console to remove old records of the old DC.
>- use adsiedit to remove the domain controler object from
Active Directory.

>Use this way only if you know what you do !

>Thierry F. [MVP Windows 2000]




>> Here is my problem. We recently purchased a new computer
>> that will replace our old DC. We made another one of our
>> server's a second DC so that I could demote our first
DC,
>> which would then allow me to make our new server a DC.
My
>> problem is that when I run dcpromo on the old DC it
keeps
>> telling me that my credentials are wrong and to use a
user
>> that has Enterprise Admin rights to our domain. The
>> password and user are correct. No matter what I input it
>> will no demote my DC controller, and keeps asking for
>> proper credentials. I looked at the DC policies and
>> Administrators is there. I'm at a loss to figure out
what
>> the heck is going on.

>.

 
 
 

Cannot demote DC

Post by nick varnali » Sat, 07 Jun 2003 04:53:09


did that. no difference.

>-----Original Message-----
>Your forward zone (AD integrated) may be incomplete. You
can:

>- remove all the records from the zone (yes you can!)
>- use ipconfig /registerdns
>- restart the netlogon service

>You dns zone will be completed.

>Add is necessary the reverse zone (AD integrated) to
match your network.

>Thierry F.




>Yes. all the FSMO roles and Global Catalog were moved to
>another DC controller. There were some errors in the logs
>during the DCPROMO operation. Most had to do with the DNS.

>>-----Original Message-----
>>Hi,

>>have you moved the FSMOs roles and the Global Catalog
>before attempting to
>>demote your DC ? I suggest to check the logs from the
>event viewers on the
>>old DC. You should have some criticals events.

>>Another solution:

>>- shut down the old DC ;
>>on the new DC:
>>- use ntdsutil to seize the FSMO roles.
>>- add the GC.
>>- use ntdsutil to remove the old DC.
>>- use the dns console to remove old records of the old
DC.
>>- use adsiedit to remove the domain controler object from
>Active Directory.

>>Use this way only if you know what you do !

>>Thierry F. [MVP Windows 2000]




>>> Here is my problem. We recently purchased a new
computer
>>> that will replace our old DC. We made another one of
our
>>> server's a second DC so that I could demote our first
>DC,
>>> which would then allow me to make our new server a DC.
>My
>>> problem is that when I run dcpromo on the old DC it
>keeps
>>> telling me that my credentials are wrong and to use a
>user
>>> that has Enterprise Admin rights to our domain. The
>>> password and user are correct. No matter what I input
it
>>> will no demote my DC controller, and keeps asking for
>>> proper credentials. I looked at the DC policies and
>>> Administrators is there. I'm at a loss to figure out
>what
>>> the heck is going on.

>>.

>.

 
 
 

Cannot demote DC

Post by Thierry F. [MVP » Sat, 07 Jun 2003 05:21:32


If you don't have the time to investigate, I suggest to use the ntdsutil way
to remove the old DC (shutdown the DC before).

Thierry F.



did that. no difference.

>-----Original Message-----
>Your forward zone (AD integrated) may be incomplete. You
can:

>- remove all the records from the zone (yes you can!)
>- use ipconfig /registerdns
>- restart the netlogon service

>You dns zone will be completed.

>Add is necessary the reverse zone (AD integrated) to
match your network.

>Thierry F.




>Yes. all the FSMO roles and Global Catalog were moved to
>another DC controller. There were some errors in the logs
>during the DCPROMO operation. Most had to do with the DNS.

>>-----Original Message-----
>>Hi,

>>have you moved the FSMOs roles and the Global Catalog
>before attempting to
>>demote your DC ? I suggest to check the logs from the
>event viewers on the
>>old DC. You should have some criticals events.

>>Another solution:

>>- shut down the old DC ;
>>on the new DC:
>>- use ntdsutil to seize the FSMO roles.
>>- add the GC.
>>- use ntdsutil to remove the old DC.
>>- use the dns console to remove old records of the old
DC.
>>- use adsiedit to remove the domain controler object from
>Active Directory.

>>Use this way only if you know what you do !

>>Thierry F. [MVP Windows 2000]




>>> Here is my problem. We recently purchased a new
computer
>>> that will replace our old DC. We made another one of
our
>>> server's a second DC so that I could demote our first
>DC,
>>> which would then allow me to make our new server a DC.
>My
>>> problem is that when I run dcpromo on the old DC it
>keeps
>>> telling me that my credentials are wrong and to use a
>user
>>> that has Enterprise Admin rights to our domain. The
>>> password and user are correct. No matter what I input
it
>>> will no demote my DC controller, and keeps asking for
>>> proper credentials. I looked at the DC policies and
>>> Administrators is there. I'm at a loss to figure out
>what
>>> the heck is going on.

>>.

>.

 
 
 

Cannot demote DC

Post by Jimmy Harper [MSFT » Sat, 07 Jun 2003 07:41:23


Make sure you are entering the credentials as domain\username
Make sure the account you are using is a member of the Enterprise Admins
group
Make sure the DC you are demoting is pointing to the correct DNS server and
that it's SRV records and the SRV records for the other DC are properly
registered.
If you still have problems, attach the dcpromo.log  and dcpromoui.log


Quote:> Here is my problem. We recently purchased a new computer
> that will replace our old DC. We made another one of our
> server's a second DC so that I could demote our first DC,
> which would then allow me to make our new server a DC. My
> problem is that when I run dcpromo on the old DC it keeps
> telling me that my credentials are wrong and to use a user
> that has Enterprise Admin rights to our domain. The
> password and user are correct. No matter what I input it
> will no demote my DC controller, and keeps asking for
> proper credentials. I looked at the DC policies and
> Administrators is there. I'm at a loss to figure out what
> the heck is going on.

 
 
 

Cannot demote DC

Post by nick Varnali » Wed, 11 Jun 2003 04:23:19


Shut down DC I want to remove, and then use the NTDSUTIL
program to remove the DC. Correct?

Quote:>-----Original Message-----
>If you don't have the time to investigate, I suggest to

use the ntdsutil way
>to remove the old DC (shutdown the DC before).

>Thierry F.




>did that. no difference.

>>-----Original Message-----
>>Your forward zone (AD integrated) may be incomplete. You
>can:

>>- remove all the records from the zone (yes you can!)
>>- use ipconfig /registerdns
>>- restart the netlogon service

>>You dns zone will be completed.

>>Add is necessary the reverse zone (AD integrated) to
>match your network.

>>Thierry F.




>>Yes. all the FSMO roles and Global Catalog were moved to
>>another DC controller. There were some errors in the logs
>>during the DCPROMO operation. Most had to do with the
DNS.

>>>-----Original Message-----
>>>Hi,

>>>have you moved the FSMOs roles and the Global Catalog
>>before attempting to
>>>demote your DC ? I suggest to check the logs from the
>>event viewers on the
>>>old DC. You should have some criticals events.

>>>Another solution:

>>>- shut down the old DC ;
>>>on the new DC:
>>>- use ntdsutil to seize the FSMO roles.
>>>- add the GC.
>>>- use ntdsutil to remove the old DC.
>>>- use the dns console to remove old records of the old
>DC.
>>>- use adsiedit to remove the domain controler object
from
>>Active Directory.

>>>Use this way only if you know what you do !

>>>Thierry F. [MVP Windows 2000]




>>>> Here is my problem. We recently purchased a new
>computer
>>>> that will replace our old DC. We made another one of
>our
>>>> server's a second DC so that I could demote our first
>>DC,
>>>> which would then allow me to make our new server a DC.
>>My
>>>> problem is that when I run dcpromo on the old DC it
>>keeps
>>>> telling me that my credentials are wrong and to use a
>>user
>>>> that has Enterprise Admin rights to our domain. The
>>>> password and user are correct. No matter what I input
>it
>>>> will no demote my DC controller, and keeps asking for
>>>> proper credentials. I looked at the DC policies and
>>>> Administrators is there. I'm at a loss to figure out
>>what
>>>> the heck is going on.

>>>.

>>.

>.

 
 
 

Cannot demote DC

Post by Thierry F. [MVP » Wed, 11 Jun 2003 04:29:44


Yes using the following article:
http://support.microsoft.com/?id=216498
I used it a lot of times ;-)



Shut down DC I want to remove, and then use the NTDSUTIL
program to remove the DC. Correct?

Quote:>-----Original Message-----
>If you don't have the time to investigate, I suggest to

use the ntdsutil way
>to remove the old DC (shutdown the DC before).

>Thierry F.




>did that. no difference.

>>-----Original Message-----
>>Your forward zone (AD integrated) may be incomplete. You
>can:

>>- remove all the records from the zone (yes you can!)
>>- use ipconfig /registerdns
>>- restart the netlogon service

>>You dns zone will be completed.

>>Add is necessary the reverse zone (AD integrated) to
>match your network.

>>Thierry F.




>>Yes. all the FSMO roles and Global Catalog were moved to
>>another DC controller. There were some errors in the logs
>>during the DCPROMO operation. Most had to do with the
DNS.

>>>-----Original Message-----
>>>Hi,

>>>have you moved the FSMOs roles and the Global Catalog
>>before attempting to
>>>demote your DC ? I suggest to check the logs from the
>>event viewers on the
>>>old DC. You should have some criticals events.

>>>Another solution:

>>>- shut down the old DC ;
>>>on the new DC:
>>>- use ntdsutil to seize the FSMO roles.
>>>- add the GC.
>>>- use ntdsutil to remove the old DC.
>>>- use the dns console to remove old records of the old
>DC.
>>>- use adsiedit to remove the domain controler object
from
>>Active Directory.

>>>Use this way only if you know what you do !

>>>Thierry F. [MVP Windows 2000]




>>>> Here is my problem. We recently purchased a new
>computer
>>>> that will replace our old DC. We made another one of
>our
>>>> server's a second DC so that I could demote our first
>>DC,
>>>> which would then allow me to make our new server a DC.
>>My
>>>> problem is that when I run dcpromo on the old DC it
>>keeps
>>>> telling me that my credentials are wrong and to use a
>>user
>>>> that has Enterprise Admin rights to our domain. The
>>>> password and user are correct. No matter what I input
>it
>>>> will no demote my DC controller, and keeps asking for
>>>> proper credentials. I looked at the DC policies and
>>>> Administrators is there. I'm at a loss to figure out
>>what
>>>> the heck is going on.

>>>.

>>.

>.

 
 
 

1. cannot demote DC

Hi,
I have promoted a server to a domain controller (DC1) and
dcpromo another domain controller (DC2) in the existing
domain. The DC1 met into some problems and I have no
choice but to format it. Then when I tried to demote the
DC2, I met the following errors.
"Failed finding a suitable domain controller for the
domain. The specified domain either does not exist or
could not be contacted."
Is there any other way I can demote DC2?

Please help.
Thanks.

generic levitra india
generic levitra india
what happens if a woman takes viagra

2. SI benchmarks in different OOP languages...

3. Cannot demote DC

4. Indy Webforce...worth it?

5. cannot demote a dc using dcpromo

6. Drivers for Facit P8042 Win

7. DC Discovery Test : [FATAL] Cannot find DC in domain

8. Quicken 6.0

9. demoting DC and joining another domain.

10. Demoting the first DC in Domain....

11. dcpromo: demote DC failed

12. demoting DC with IIS running on it

13. problems demoting DC to member server