Forum Discussion

Sergio_Raposo's avatar
Sergio_Raposo
Copper Contributor
Jul 30, 2023

Problem changing PDC

Hello,

I have an environment with 3 DC's where I want to remove 1 DC. I manage to transfer all roles but whenever I disconnect the DC I want to remove I lose access to the AD and authentication starts to fail. If you use the netdom query fsmo command, the roles appear on the correct DCs, but if you run the nltest /dsgetdc:mydomain.local command, it points to the DC I want to remove, as well as if you run the command Get-ADDomainController -domainname edoc.local -Discover -Service PrimaryDC I start having errors if the PDC role is not on the DC I want to remove. I don't see any problems with the DNS Server.

It seems that the reference to the PDC is always pointing to the DC I want to remove.

Best regards,
Sérgio Raposo
    • Sergio_Raposo's avatar
      Sergio_Raposo
      Copper Contributor

      Dave Patrick I already did that and the roles are in the DC's to where i moved them and it seams that everything is alright. But every time i query the domain (ping -a <domain>) the IP that i receive is from the DC that i want the remove and when I use netdom query fsmo it point the PDC is the new server. Another thing is that when the roles are in the new server's if i shutdown the DC I want to remove i lost the Active Directory. To regain access again i have to start the old DC. I have done transfer the role without problem, i have seized the role but nothing worked.

      • Dave Patrick's avatar
        Dave Patrick
        MVP

        if i shutdown the DC I want to remove i lost the Active Directory. 

        How are you verifying this? Might also check the DHCP server hands out the addresses of healthy domain controllers.     

           

         

Resources