Unsuccessful demoting first DC 1

[hfrazier69]

I am having problems demoting the first created DC in a W2K domain.

I am currently testing upgading an small NT4 domain. I would like to retire the current NT4 PDC & BDC's, and replace them with new W2K servers. It was recommended to update a NT DC so my user database gets migrated to Active Directory. In the end, I just want DC's on my new server machines, and to decommision current NT servers. I have an extra machine to assist in the migration/upgrade.

Here's my scenario.
1) Make an extra (transitional) NT4 BDC and promote it to PDC (making sure I have other BDC's so I can restore the domain if needed).
2) Update the NT4 PDC to W2K,SP2.
3) Install Active Directory and DNS on the new, first server.
4) Create a second clean W2K member server.
5) Promote the W2K member server to a DC - making it the second DC in the domain.
6) Ensure the second DC has DNS and the Global Catalog installed.

This I have done successfully. I can make further DC's in the domain as well. My problem is removing the primary DC. (This was only a transitional machine - only used to facilite the domain migration.) My understanding was that running the AD Wizard (dcpromo) a second time would demote the DC by removing Active Directory. Unfortunately dcpromo fails with an error that it "failed finding a suitable domain controller" for the domain. I cannot demote the original (or promote another).

I think the problem lies with DNS, where I have no idea. Any help would be appreciated.

Much Thanks.

 

[sixthsense]

i tried to look over ur problem
and landed up here

http://support.microsoft.com/support/kb/articles/Q216/4/98.ASP

well hope this helps
do let me know if this works and plz write the full detail how u did it??
Technical Director
Infovalley Interwebspiders Pvt. Ltd.
Microsoft Certified System Engineer
visit

http://www.interwebspiders.com

If u find the information provided here useful to u then let me know by clicking on the link below s-)

 

[hfrazier69]

Thank you for the reply.

I have see articles on how to manually remove a DC using the ntdsutil utility (such as the MS KB arcticle you noted). I am a little relucant to following this direction since my DC is the Master DC.

My major concern with this approach is how the master respnsibilities are transfered. The DC I want to remove is the Flexible Single Operations Master (FSMO). I am a little hesitant to remove the DC until these duties are accually transfered.

If I do manually remove the master DC, how do I then promote a second DC with these duties?

Thanks again.

 

[mcconmw]

Have you tried moving your operation masters to the other server before trying to demote the first one?

 

[peterve]

You will have to move the operation masters tasks to another server :
domain naming master
infrastructure master
pdc
rid master
schema master
You can use the ntdsutil tool to do this :

1. disconnect the old server (your first server)
2. run ntdsutil
type 'roles' and the prompt
type 'select operations master' and then 'connections'

at the server connections prompt, type 'connect to server xxxxxx' where xxxxx = the Netbios name of the (new) server
after a few seconds delay the prompt returns "connected to xxxxx with credentials......."
type quit to return to the fsmo maintenance prompt

Type these actions :

seize domain naming master
seize infrastructure master
seize pdc
seize rid master
seize schema master

Click Yes to confirm your action
type quit twice,
then exit to close

now you will be able to demote the old machine (DO NOT ATTACH IT TO THE NETWORK BEFORE IT HAS BEEN DEMOTED TO STAND-ALONE SERVER)
If you can successfully demote the offline DC to a standalone server with dcpromo, you can reconnect the server to the network (if you want)
If demotion is unsuccessful, you will have to delete the Windows 2000 system on it.

Good luck

Peter Van Eeckhoutte
peter.ve@pandora.be

 

[jrdebug]

i have the same problem. i'm gonna try this one out. thanks peter!
Jeffrey Rebong
Computer Engineer/Network Administrator
jrdebug@yahoo.com

 

[WillShakespeare]

Hi all,

I'm having a different problem, but perhaps related. Donnie said:
Taking the role from a DC should only be done in extreme cases, example, if the dc holding these roles has crashed and will never be brought back online.
However, we are in a situation where we have a W2k mixed mode DC as our "PDC", and we have a 2nd W2KDC, which we would like our clients to authenticate to should the first server fail. If you try to transfer the Operations Master role to the second server when the other is offline (i.e. crashed), you CANNOT do this. The OM dialog says: "The current operations master is offline. The role cannot be transferred."
So how, Donnie, in the extreme circumstances you mentioned above, can the OM role be transferred??? (I really am interested in knowing the answer to this, but it is away from my point, below...)
So my question is HOW do I make my 2nd DC a server that can be authenticated to should the first fail?
Please help,

Will

PS - Sorry for butting into this conversation, but there seemed quite a lot similar to my problem!

 

[Niavlys]

Hi these are the steps to seize fsmo roles.

1.Boot in Directory Services Restore mode
2.run NTDSUTIL
3.type roles
4.at the fsmo maintenance prompt type connections
5.at server connectionsprompt type connect to server followed by the FQDN of the DC that will hold the role.
6.type exit
7.at the fsmo maintenance prompt type one of the following commands to seize the appropriate operations master:
-Seize RID master
-Seize PDC
-Seize infrastructure master
-Seize domain naming master
-Seize schema master

8.type quit
9.type quit again


Make sure that you permanently disconnect the DC that was holding the role before.

 

[WillShakespeare]

Niavlys,
This is great, thanks, though I'm not sure if it is directed at me?
I would like to know still, though, if a 2nd authentication server can be set up to authenticate while we are still trying to sort out the mess of a downed Primary server. I have seen your posts about, and you seem to know a lot about W2K and AD... (flattery gets me anywhere??) so I would appreciate your input... though maybe on my other posting about this subject?

Will