unable to demote the Tree domain controller

SysAdmin 151 Reputation points
2023-03-21T10:21:04.08+00:00

Hi

Please, need help

I created a new Tree DC, with a different namespace than the root DC, both are connected through the Windows server 2022 Router.

Root DC:

  • namespace: ABC.com
  • IP: 192.168.10.1

Tree DC:

  • namespace: ECST.com
  • IP: 10.255.255.1

In the process of creating Tree DC, I did not join the server to the domain (ABC.com), I just went through the process of adding the AD services rule, then selected Tree and wrote the credentials (ABC.com\Administrator) and it acknowledged the root DC(ABC.com) and I continued normally until I finished creating the new Tree DC ECST.com

I also configured sites, and subnets for both root and tree, also configured trust.

Both are pinging with IP and name.

When I tried to demote the Tree DC(Last DC) I got the following error:

User's image

so, after that error, I removed DNS from Tree DC but I failed to demote the Tree DC, so I deleted the sites and subnets and configured the IP of Tree DC to be in the same range as Root DC, although both are pinging unfortunately still demote fails.

I really don't want to use force removal.

How to fix it

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,480 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,932 questions
0 comments
Accepted answer
  1. Limitless Technology 43,966 Reputation points
    2023-03-22T13:57:52.79+00:00

    Hello there,

    The error occurs when the domain controller that's being demoted can't outbound replicate changes to the DC that owns the infrastructure FSMO or operational role for the partition referenced in the DCPROMO [log] error.

    Specifically, the demotion attempt is aborted to safeguard against data loss. In the case of DNS application partitions, the demotion is blocked to ensure that the following data is replicated:

    live and deleted DNS records

    ACLS of the DNS records

    metadata, such as registration and deletion dates

    This article solves an issue where the demotion of a Windows Server computer that hosts the Active Directory Domain Services (AD DS) or domain controller server role fails. https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/dcpromo-demotion-fails

    Similar discussion here https://social.technet.microsoft.com/Forums/lync/en-US/89752602-b9c1-4e87-a939-61c0a9c6852e/dcpromo-demotion-failure-could-not-transfer-the-remaining-data-in-directory-partition?forum=winserverDS

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer–

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest