Forum Discussion

jensstevens's avatar
jensstevens
Copper Contributor
Oct 29, 2025

Demoting DC Windows Server 2019

Windows Server 2019 with Domain controller forest version 2016.

When demoting our Domain controller XYDC01 in Site XY, it is the only DC and DNS in the site, but all other 20 sites have a DC with DNS. We get this error when demoting our DC. 

Active Directory domain controller appears to be the last DNS server for the following Active Directory-integrated zones: enterpriseregistration.jens.be If you demote this domain controller, you may be unable to resolve any DNS names in these zones. If you wish to proceed, specify the 'IgnoreLastDNSServerForZone' option.

 

I have tested:

#other DC and DNS server in other site

Resolve-DnsName enterpriseregistration.jens.be -Server XXDC02

 Test-NetConnection XXDC02-Port 135

Test-NetConnection XXDC02-Port 53

Get-DnsServerZone -Name "enterpriseregistration.jens.be"

repadmin /syncall /AdeP

All test have passed and succesfull.

Replication scope = Forest

Other DCs have DNS role

Zone contains NS records for other DCs Zone exists on other DCs But still having the same issue when trying to demote

Active Directory
windows server

3 Replies

  • hasanemresatilmis's avatar
    hasanemresatilmis
    MCT
    Oct 30, 2025

    Active Directory stores the DNS servers hosting a zone in the msDNS-ServerName attribute of the dnsZone object. If XYDC01 is the last registered server for this zone, you’ll receive a warning during demotion. Even if the zone physically exists on other DCs, you’ll encounter this error if it’s not reflected in the metadata.

     

    To check which servers are hosting the zone on XYDC01, run:

    Get-DnsServerZone -Name "enterpriseregistration.jens.be" | Select-Object -ExpandProperty ZoneType

     

    Alternatively, use ADSI Edit and navigate to:

    CN=MicrosoftDNS,DC=ForestDnsZones,DC=jens,DC=be

    If the msDNS-ServerName attribute of the enterpriseregistration.jens.be object only lists XYDC01, it means the other DCs are not visible in the metadata.

     

    Make the zone visible on other DCs

    On a DC other than XYDC01, remove and re-add the zone to refresh the metadata:

    Remove-DnsServerZone -Name "enterpriseregistration.jens.be"

Add-DnsServerPrimaryZone -Name "enterpriseregistration.jens.be" -ReplicationScope Forest

    This does not recreate the zone. It simply updates the metadata, since the zone is Active Directory-integrated.

    • jensstevens's avatar
      jensstevens
      Copper Contributor
      Oct 31, 2025
      • To check which servers are hosting the zone on XYDC01,
        I have done this on each DC of each Site and every DC says Primary
      • Alternatively, use ADSI EditI was unable to located "CN=MicrosoftDNS,DC=ForestDnsZones,DC=jens,DC=be"
        had to use powershell to find it.
        enterpriseregistration.jens.be    DC=enterpriseregistration.jens.be,CN=MicrosoftDNS,DC=ForestDnsZones,DC=jens,DC=local
      • Remove has been done. It did remove it from all the other DNS's in other sites.
        Luckily I took an print screen and manually added it back. Tested DNS resolving and it still works.

      As this may helped me it doesn't pin point the issue that it thinks it's the only DNS with this zone. 

Resources