DCPROMO not removing NTDS Settings and Replication Partners.

  • 218 Views
  • Last Post 25 September 2015
ahobbs posted this 24 September 2015

We have one domain and 6 AD sites. We have 2 x Windows 2008 R2 Domain Controllers in each site.

I’m replacing our physical Windows 2008 R2 DC’s with new virtual Windows 2008 R2 DC’s but I need to keep the same Computer name and IP address. I am gracefully demoting the existing PHYSICAL DC in each site and then removing it from the domain and promoting the new VIRTUAL DC in its place.

I’ve performed this successfully within two AD Sites already however I encountered a problem today with the 3rd AD Site.

I gracefully demoted the PHYSICAL DC however I noticed something different. Usually I go into AD Sites & Services and manually delete the server object and this replicates around all the other DC’s quickly.

Today, I checked a different DC in another site and the PHYSICAL DC (that I demoted) server object name plus NTDS Settings and replication partners still existed. They had not been removed successfully during the dcpromo process. I waited 60 mins but still existed.

I understand if a server object remains then we can safely delete it but I’ve never had a situation where DC hasn’t demoted properly like this. Is it still safe to delete the server object while it is still showing replication partners? If not, what would be the process?

My workaround was to re-promote the PHYSICAL DC which seems to have worked.

Thoughts?

show

Order By: Standard | Newest | Votes
abhay.ipg posted this 25 September 2015

You can perform the metadata clean up on the DC where its the object is showing.
a
Regards,
Abhay Singh
Email:- Abhay.ipg@xxxxxxxxxxxxxxxx
Cell :- +91-8527676669
Skype:- abhayit1

show

sajeed posted this 25 September 2015

Please go with metadata cleanup and wait for normal convergence. Before you start make sure the replication of new DC and remaining old DC so that you will have idea about the current replication .

On Sep 25, 2015 2:31 AM, "Amanda Hobbs" <ahobbslist@xxxxxxxxxxxxxxxx> wrote:


We have one domain and 6 AD sites.  We have 2 x Windows 2008 R2 Domain Controllers in each site.



I’m replacing our physical Windows 2008 R2 DC’s with new virtual Windows 2008 R2 DC’s but I need to keep the same Computer name and IP address. I am gracefully demoting the existing PHYSICAL DC  in each site and then removing it from the domain and promoting the new VIRTUAL DC in its place.



I’ve performed this successfully within two AD Sites already however I encountered a problem today with the 3rd AD Site.



I gracefully demoted the PHYSICAL DC however I noticed something different. Usually I go into AD Sites & Services and manually delete the server object and this replicates around all the other DC’s quickly.



Today, I checked a different DC in another site and the PHYSICAL DC (that I demoted) server object name plus NTDS Settings and replication partners still existed. They had not been removed successfully during the dcpromo process. I waited 60 mins but still existed.



I understand if a server object remains then we can safely delete it but I’ve never had a situation where DC hasn’t demoted properly like this.  Is it still safe to delete the server object while it is still showing replication partners?  If not, what would be the process?



My workaround was to re-promote the PHYSICAL DC which seems to have worked.



Thoughts?


show

danj posted this 25 September 2015

I just did a similar process for a client, effectively swapping out 6 2003 DCs for 2012R2 ones, but keeping the same name and IP address. The new DCs were built with a temporary name and address then the old ones demoted, then the new ones renamed with netdom.

It's useful to set preferred bridgeheads to prevent the DC you are 'recreating' from being the bridgehead. Otherwise when you demote it the remaining DC(s) in the site can get cutoff from replication (in one direction at least) and you need to add a manual connector temporarily to kick it back into life. That might have happened here.

Also 60 mins may not be long enough, distributed directories do things at their own pace sometimes. I'd love to know what it is actually doing during some of these processes; two identical DCs in one site, one took a few mins, the other almost 90 mins. It's important to have forest-wide convergence at every stage when you are dealing with servers keeping the same name.

As other posters have stated: do metadata cleanup and remove NS and SRV records from DNS. Rogue DNS glue records can scupper your next dcpromo.

Dan

show

ahobbs posted this 25 September 2015

Hi Dan

Thanks for the reply. Just to clarify the AD Site actually contains 3 x DC's of which two have already have been swapped from physical to virtual.

I haven't set any preferred bridgeheads in this site. I assumed when I demoted the physical server the KCC would auto assign this role to one of the other 2 x DC's as part of the demotion and this would replicate changes to other site DC's?

I've also enabled Change Notification between sites via a reg key.

Also, I checked all the DNS records and they were cleaned up as part of the demotion.

Would a metadata cleanup need to be performed on all the DC's?

Thank you

A

show

barkills posted this 25 September 2015

Would a metadata cleanup need to be performed on all the DC's?
[BA] No, just on one. The result of the cleanup action is then replicated to the other DCs.
.+-�w��i��0��-�����+���֬

Close