This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Added a Server 2019 standard to a 2012R2 domain in the process of upgrading the domain. Many things broke. Tried to roll back but now the Primary Domain Controller is no longer properly functioning, the secondary domain controller will not promote back to a domain controller, users and computers are getting kicked off the domain. The 2019 server is removed, but still can't get the PDC to work right. I believe the error has something with changes the new server made to DNS. We have a split domain with sgicorp.sgicompanies.com the local network hosted by these servers, and sgicompanies.com a webpage Network Solutions hosts. When running dcdiag /c /v the first error that comes up is *Active Directory LDAP Services Check An error that is usually temporary occurred during DNS host lookup. Please try again later. Got error while checking LDAP and RPC connectivity . Please check your firewall settings.'
Firewall is off in all 3 modes, some RDP sessions are refusing due to failure to connect to a domain controller. Policies don't run when the computer can't log on. The list is endless. This domain has been 100% stable for 5 years until I followed instructions to begin upgrading it to a 2019 network. Been working on this for 20 hours today and 15 yesterday. Please make specific suggestions and not generic have you tried this...
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
Hello SteveKenthowmany times,
Thank you for your reply.
In my opinion, it seems there may be some potential problems in your domain before you promote 2019 server as a DC.
Now I understand you will keep the last 2012 R2 PDC working, and you will set up a new 2019 Domain in the next several weeks.
We hope that your new 2019 AD environment will be completed soon and replace the old 2012 R2 AD environment.
Best Regards,
Daisy Zhou
.What is the SYSVOL replication engine of the 2012R2 domain (FRS or DFSR)? -
using dfsrmig.exe /GetGlobalState in PowerShell yields "current DFSR global state: "eliminated". Succeeded.
there were two 2012r2 domain controllers and redundant DNS for 7 years that worked flawlessly. I added Server 2019 following the Microsoft white paper on migrating 2012r2 to 2019. Then I removed the secondary 2012r2 domain controller after verifying all was stable - and that is when the authentication problems began. I removed the 2019 server and all traces of it after being unable to resolve some of the errors coming up in BPA. All that is left is the original PDC. Trying to add AD and DNS back to the secondary 2012r2 server and promote it fails with no authenticating PDC is available.
There is only one domain on these two 2012r2 servers that I am trying to get stable again. sgicorp.sgicompanies.com. It shows as a forward group with all the entries in it, static and dynamic. All traces of the 2019 server have been removed. We will create a new 2019 domain to replace the 2012r2 one but that is weeks off and these people have to be able to work in the meantime.
Netdom query FSMO yields:
C:\Users\administrator>netdom query fsmo
Schema master sgidc01.sgicorp.sgicompanies.com
Domain naming master sgidc01.sgicorp.sgicompanies.com
PDC sgidc01.sgicorp.sgicompanies.com
RID pool manager sgidc01.sgicorp.sgicompanies.com
Infrastructure master sgidc01.sgicorp.sgicompanies.com
The command completed successfully.
Maybe a baremetal backup of the secondary DC . The system state and user files are backed up on Carbonite for the PDC but if a restore fails the company would not be able to work so I can't run risking that without having the secondary PC working again. It will not promote due to the error listed earlier in my answer
Hello SteveKenthowmany times,
Thank you for posting in Microsoft Community forum.
1.How many Domain Controllers in the 2012R2 domain?
Only one DC and you add 2019 then remove it??
What are the OS versions of these Domain Controllers?
2.What is the domain functional level and forest functional level of the 2012R2 domain?
3.What is the SYSVOL replication engine of the 2012R2 domain (FRS or DFSR)?
4.How did you upgrade the domain? Perform the in-place upgrade the OS of one domain controller or promote the 2019 Server as one Domain Controller?
5.Please run netdom query FSMO on one DC to check the result.
6.Do you have one recent back up for the Domain Controller in the domain?
I hope the information above is helpful.
If you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
