+ Post New Thread
Results 1 to 5 of 5
Windows Server 2008 R2 Thread, Remove W2K8 from forest of W2K3 servers fails in Technical; Hello, I have a forest with two Win 2003 servers and a new 2008 server. w2k3data, w2k3app, w2k8data. There was ...
  1. #1

    Join Date
    Dec 2011
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Remove W2K8 from forest of W2K3 servers fails

    Hello,
    I have a forest with two Win 2003 servers and a new 2008 server. w2k3data, w2k3app, w2k8data. There was some prep work we had to run on AD prior to joining the 2008, and that was successful. At some point, someone gained access to the c:\windows directory of the w2k3data and ran a del *.*; that server became unbootable and we had to reinstall it and re promo it. (I add this tit bit because they may have missed the required steps in preparing it for 2008 after a reinstall from the 2003 disc. -- one would hope that it would have failed dcpromo if that were the case.)

    Fast forward six months. Now we are trying to add some new software to the 2008 and the software vendor doesn't like the machine name and we have to change the unchangable. The plan was to demote 2008, remove AD, change name, add AD, and repremote.

    I found that the w2k3data did not have a check to be a 'global catalog' server. So I checked the box in ADSS to make it a global catalog like w2k3app. I also wend into w2k8data and removed its 'global catalog' check. Then allowed 24hrs for the change to populate.

    Now when I run dcpromo on the w2k8data to demote it I get an error: operation failed. ADDS could not transfer the remaining data in directory partition DC=ForestDnsZones,DC=mydomain,DC=local to Active Directory Domain Controller \\w2k3app.mydomain.local.

    This concerns me because there have been no faults with w2k3app since joining w2k8data. I only have one 2008 server and it is the one I am demoting. Is there anything special about 2008 AD where certain information can only be stored on 2008 servers or is this just a AD database issue I need to resolve to get the forest back to only 2003 servers.

    Thanks.

  2. #2


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,581
    Thank Post
    228
    Thanked 854 Times in 733 Posts
    Rep Power
    295
    if you up domain/forest function levels to 2003 you should be able to rename without demoting. But first id check which dc it thinks has what roles and any that it thinks are on the failed dc sieze

  3. #3

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Quote Originally Posted by Jim_F View Post
    Hello,
    I have a forest with two Win 2003 servers and a new 2008 server. w2k3data, w2k3app, w2k8data. There was some prep work we had to run on AD prior to joining the 2008, and that was successful. At some point, someone gained access to the c:\windows directory of the w2k3data and ran a del *.*; that server became unbootable and we had to reinstall it and re promo it. (I add this tit bit because they may have missed the required steps in preparing it for 2008 after a reinstall from the 2003 disc. -- one would hope that it would have failed dcpromo if that were the case.)
    The prep work - I presume you mean you upgraded the schema, as this would be required before joining a 2008 Server and then promoting it to a domain controller. I can imagine deleting many system files would of created a lot of problems, but I presume you re-installed it and then restored from a backup, or did you just start from scratch?

    Quote Originally Posted by Jim_F View Post
    Fast forward six months. Now we are trying to add some new software to the 2008 and the software vendor doesn't like the machine name and we have to change the unchangable. The plan was to demote 2008, remove AD, change name, add AD, and repremote.
    I agree with Sted. By upgrading the domain and forest functional levels to 2003, you can rename a server without changing any of its roles or demoting it. You simply rename it and then restart.

    Quote Originally Posted by Jim_F View Post
    I found that the w2k3data did not have a check to be a 'global catalog' server. So I checked the box in ADSS to make it a global catalog like w2k3app. I also wend into w2k8data and removed its 'global catalog' check. Then allowed 24hrs for the change to populate.
    This is fine. You only need one Global Catalog server, but the more the better.

    Quote Originally Posted by Jim_F View Post
    Now when I run dcpromo on the w2k8data to demote it I get an error: operation failed. ADDS could not transfer the remaining data in directory partition DC=ForestDnsZones,DC=mydomain,DC=local to Active Directory Domain Controller \\w2k3app.mydomain.local.
    It could be failing for a number of reasons, but to rename the server (as I wrote above) you don't need to demote the server. I would check that the servers and DNS are replicating correctly. These are typically reasons why transferring remaining data fails.

    Quote Originally Posted by Jim_F View Post
    This concerns me because there have been no faults with w2k3app since joining w2k8data. I only have one 2008 server and it is the one I am demoting. Is there anything special about 2008 AD where certain information can only be stored on 2008 servers or is this just a AD database issue I need to resolve to get the forest back to only 2003 servers.
    As above, I suspect it's a DNS or replication issue why remaining critical domain information cannot be transferred. I would also check which of your servers has the FSMO roles.

  4. #4

    Join Date
    Dec 2011
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by Michael View Post
    The prep work - I presume you mean you upgraded the schema, as this would be required before joining a 2008 Server and then promoting it to a domain controller. I can imagine deleting many system files would of created a lot of problems, but I presume you re-installed it and then restored from a backup, or did you just start from scratch?
    They reloaded from scratch, ran updates, installed AD, but could not restore that servers AD copy from backup, so they ran DCPROMO and joined it that way.


    Quote Originally Posted by Michael View Post
    I agree with Sted. By upgrading the domain and forest functional levels to 2003, you can rename a server without changing any of its roles or demoting it. You simply rename it and then restart.
    Well when I go into Advanced System Properties on the 2008 server and click Change on the Computer Name tab, it reports: Domain controllers cannot be moved from one domain to another, they must first be demoted... Which is fine, it will be on the same domain, so I click 'OK'. But the computer name is grayed. The Full Computer name is just displayed, so I click "More". I get the DNS Suffix and NetBIOS Computer Name window, and only the Primary DNS suffix of this computer is editable. The function level of AD is Windows Server 2003.


    Quote Originally Posted by Michael View Post
    As above, I suspect it's a DNS or replication issue why remaining critical domain information cannot be transferred. I would also check which of your servers has the FSMO roles.
    I'll look further into replication issues.

  5. #5

    Join Date
    Dec 2011
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks Sted & Michael!

    You guys got me thinking along the right path again. Changed my thinking back to the possible. ;-)

    In Windows 2008, the DC cannot be renamed through the interface, it must be done through the shell using NETDOM.
    Ref: Rename Windows Server 2008 Domain Controllers

    As for the AD error, there was a replication issue. The reinstalling of the W2K3 server left some baggage behind and the fSMORoleOwner of the DomainDNSZones was orphaned. To correct the issue I had to run fixfsmo.vbs script.
    Ref: Error message when you run the "Adprep /rodcprep" command in Windows Server 2008: "Adprep could not contact a replica for partition DC=DomainDnsZones,DC=Contoso,DC=com"

SHARE:
+ Post New Thread

Similar Threads

  1. Certificate authority removed from forest
    By localzuk in forum Windows Server 2000/2003
    Replies: 1
    Last Post: 7th November 2011, 09:41 AM
  2. Client setup of W2k3 server AD setup
    By Laphan in forum Windows Server 2000/2003
    Replies: 2
    Last Post: 24th August 2011, 08:39 PM
  3. Remove DNS from Server 2003
    By denon101 in forum How do you do....it?
    Replies: 8
    Last Post: 3rd August 2011, 10:55 PM
  4. Replies: 4
    Last Post: 21st September 2010, 02:45 PM
  5. Remove Exchange from a server
    By Norphy in forum Windows
    Replies: 1
    Last Post: 9th October 2006, 03:15 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •