I have replaced 2 DCs (Win2012 R2) in a root domain with 2 Win2022 newer ones by demoting them: obviously one at a time, adding a new server in its place with the same name and same IP address after checking that every trace of the old one had disappeared from AD and DNS.
There is also a child domain (2 DCs Win2012 also) which I want to replace the same way.
All four DCs are Global Catalogs, and all are DNS servers (AD integrated).
At the end of the upgrade of the root, replication works, DNS objects are replicated in all servers, but BPA Scan reports these errors on both child domain DCs only:
- DNS: The DNS server 10.x.x.x on Ethernet must resolve names in the primary DNS domain zone
- DNS: The DNS server 127.0.0.1 on Ethernet must resolve names in the primary DNS domain zone
(The 10.x.x.x being the other domain controller as primary DNS server).
Also, in the event log there are replication errors with the root domain DCs:
- Event IDs 1926: "The attempt to establish a replication link to a read-only directory partition with the following parameters failed. Error value: 5 Access is denied."
This does not occur on the new root domain DCs, they seem to replicate with the child domain just fine.
For some reason, the "old" child domain DCs don't recognize themselves as DNS servers, even if everything works through the AD forest. Everything resolves, nslookup works both ways etc.
I tried to add a third DC (Win 2022) to the child domain (still Win 2012) but the process showed:
"DNS cannot be installed on this domain controller because this domain does not host DNS."
Anyone has some idea on how to solve this?
Thank you very much in advance!