DNS error demoting Domain Controller

Fenton, Mark 80 Reputation points
2023-08-19T19:04:22.6933333+00:00

Hi, when attempting to demote a domain controller I receive an error that says “ It appears this is the last dns server for the Active Directory integrated zone” we have over 5 dc’s in our environment and they are all replicating, Al’s the zone in question is only listed as a Conditional Forwarder, however we also utilize AD LDS so I am wondering if this zone is linked somehow to the Lightweight Directory Service. Not sure why this error is happening since all dc’s are replicating. Any help is appreciated.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,943 questions
{count} votes

Accepted answer
  1. Anonymous
    2023-08-19T19:20:36.77+00:00

    Simplest solution may be to take the problem one offline, then do some cleanup to remove remnants from active directory.

    Clean up Active Directory Domain Controller server metadata

    Step-By-Step: Manually Removing A Domain Controller Server

    --please don't forget to upvote and Accept as answer if the reply is helpful--


2 additional answers

Sort by: Most helpful
  1. Daisy Zhou 22,716 Reputation points Microsoft Vendor
    2023-08-21T02:25:07.4566667+00:00

    Hello Fenton, Mark,

    Thank you for posting in Q&A forum.

    If the DC to be demoted is also a DNS server, or if it also serves as another DNS function (such as conditional forwarder), you can remove the conditional forwarder function if you do not need it. And then can you demote it by using Dcpromo.exe.

    When you try to remove a domain controller from your Active Directory domain by using Dcpromo.exe and fail, you can also remove/delete this DC by Ntdsutil.exe tool.

    https://petri.com/delete_failed_dcs_from_ad/

    Before or after you remove this DC, if the removed DC was a DNS server, update the Forwarder settings and the Delegation settings on any other DNS servers that might have pointed to the removed DC for name resolution.

    Hope the information above is helpful. If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

  2. Deepak john 1 Reputation point
    2023-12-13T07:15:45.48+00:00

    Hello,

    it seems to be some conditional forwarders are locally created in the dc.

    i hope you are trying to demote the domain controller using powershell , you may try

    $error[0] |select * and see which zones are local and enable them to replicate with other domain controllers.

    once all resolved, i may use the blow command to demote

    Uninstall-ADDSDomainController -DemoteOperationMasterRole:$false -RemoveDnsDelegation:$false

    it will break if any thing gets failed , never skip the prechecks in production envionment.

    Uninstall-ADDSDomainController -DemoteOperationMasterRole:$false -RemoveDnsDelegation:$false

    if all tests passed , in this case i may use -IgnoreLastDnsServerForZone

    Uninstall-ADDSDomainController -DemoteOperationMasterRole:$false -RemoveDnsDelegation:$false -Force:$true -IgnoreLastDnsServerForZone

    Regards

    Deepak,

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.