Demotion
Posted 05-27-2008 at 07:52 PM by Bob_McMillen
This morning I was scheduled to demote a domain controller that I replaced last week. Sounds easy enough. I've done it hundreds of times.
All you need to do is go to a run command and type "dcpromo". Isn't it funny you always have to start something to shut it down? Why not type "DCdemote"?
After typing in the command I clicked for all the prompts to finish.
While it was going through its demotion I thought I would catch up on a little reading. When suddenly I heard a beep. The message said the RPC service is unavailable. I checked out all the event logs and found that my server, which I’m trying to demote, no longer thinks it’s a domain controller.
How can I demote a domain controller that no longer thinks it’s a domain controller ?
I then pulled up a list of all the shares and noticed the netlogon and syslog file share were missing. These are required in order for a domain controller to act appropriately. I have seen this problem several times but never as I was about to demote a server.
The fix for this is to go into the registry and reset the burflags. This allows active directory to rebuild the shares that may have been truncated by a previous update or other corruption. Since I had already transferred the master roles to the new server all I had to do was set the registry to a non authoritative restore.
After running this command the shares returned as I had hoped. I then ran the DC promo command once again. Unfortunately, I got the same error as the sysvol share once again deleted itself. After resetting the burflags two more times I decided to look for another solution.
I ran the replication monitor and it said there were problems replicating. I then ran DCDIAG and it showed me the IP address of the server was different than it actually was. Now this was looking like a dns problem so I opened up the dns manager. I looked for this incorrect IP address that DCDIAG was telling me, but I couldn’t find it. Then it dawned on me that someone had probably created a hosts file that pointed to the incorrect address.
A hosts file always trumps a DNS server entry.
I was correct. After deleting this address and running a flush dns command I was able to get farther during the demotion.
Then I received a new error. This one said that I did not have enough privileges to run the demotion when I was logged on as the administrator. Someone had removed rights to the administrator and gave them to their own account. Rather than search through what rights were missing I was able to type in his username and password and complete the demotion. Now I have a lot of time to find out how the administrator account was changed.
What which should have only taken 10 minutes ended up taking close to 4 hours. Wil the challenges never end? I met someone who used to be in IT during the DOT COM, and now sells lemonade on the street. They look much happier.
All you need to do is go to a run command and type "dcpromo". Isn't it funny you always have to start something to shut it down? Why not type "DCdemote"?
After typing in the command I clicked for all the prompts to finish.
While it was going through its demotion I thought I would catch up on a little reading. When suddenly I heard a beep. The message said the RPC service is unavailable. I checked out all the event logs and found that my server, which I’m trying to demote, no longer thinks it’s a domain controller.
How can I demote a domain controller that no longer thinks it’s a domain controller ?
I then pulled up a list of all the shares and noticed the netlogon and syslog file share were missing. These are required in order for a domain controller to act appropriately. I have seen this problem several times but never as I was about to demote a server.
The fix for this is to go into the registry and reset the burflags. This allows active directory to rebuild the shares that may have been truncated by a previous update or other corruption. Since I had already transferred the master roles to the new server all I had to do was set the registry to a non authoritative restore.
After running this command the shares returned as I had hoped. I then ran the DC promo command once again. Unfortunately, I got the same error as the sysvol share once again deleted itself. After resetting the burflags two more times I decided to look for another solution.
I ran the replication monitor and it said there were problems replicating. I then ran DCDIAG and it showed me the IP address of the server was different than it actually was. Now this was looking like a dns problem so I opened up the dns manager. I looked for this incorrect IP address that DCDIAG was telling me, but I couldn’t find it. Then it dawned on me that someone had probably created a hosts file that pointed to the incorrect address.
A hosts file always trumps a DNS server entry.
I was correct. After deleting this address and running a flush dns command I was able to get farther during the demotion.
Then I received a new error. This one said that I did not have enough privileges to run the demotion when I was logged on as the administrator. Someone had removed rights to the administrator and gave them to their own account. Rather than search through what rights were missing I was able to type in his username and password and complete the demotion. Now I have a lot of time to find out how the administrator account was changed.
What which should have only taken 10 minutes ended up taking close to 4 hours. Wil the challenges never end? I met someone who used to be in IT during the DOT COM, and now sells lemonade on the street. They look much happier.
Total Comments 0
Comments
Recent Blog Entries by Bob_McMillen
- Trunks and VLANs and Firewalls, Oh my. (Part 4) (08-07-2008)
- Trunks and VLANs and Firewalls, Oh my. (Part 3) (08-07-2008)
- Trunks and VLANs and Firewalls, Oh my. (Part 2) (08-07-2008)
- Trunks and VLANs and Firewalls, Oh my. (Part 1) (08-07-2008)
- Video Problems with Vista Beta (06-18-2008)
