Forum Discussion
Windows 2022 server to Windows 2025 Active directory migration
Hi
In the lab I had 2 servers dc1 which is Windows 2022 and dc2 which was 2025 server. I transferred all roles from 2022 and this was working perfect but then I made one mistake by demoting dc1 2022 using GUI server and looks like that took out whole domain dc2 2025 has all the roles however when I try to open Active directory users and computers this is what i get
Naming information cannot be locateed because the specified domain either doesnt exist or couldnt be contacted
This is when I try to open Active directory users and computers. Interestingly enough in my workspace I just shut down domain controller that i want to decomission and then cleanup metadata but in this instance i wanted to try demote domain controller and this is the process that took domain out
Now I dont have backup all I have ntds dit file and I am not sure whether it is possible to restore domain with just this file dc2 is still domain controller but even netdom query fsmo says no domain controllers
1 Reply
That situation means your Active Directory metadata was removed during the GUI demotion of DC1, leaving DC2 (the 2025 domain controller) orphaned with no valid domain reference. Since netdom query fsmo returns nothing, the domain context itself is effectively gone — DC2 holds the database, but AD can’t mount it correctly because replication metadata and naming contexts were deleted when DC1 was demoted.
Here’s how to handle this step by step
What actually happened
When you demote the last domain controller in a domain, even if another DC is online, the demotion wizard removes the domain naming context and forest metadata if it believes it is the last DC.
Because DC2’s replication partnership wasn’t reachable or properly recognized, DC1 removed the entire domain structure.
Now DC2 still has an NTDS.DIT file with AD data, but the domain partition is detached from the directory service.Check the current state
On DC2, open an elevated PowerShell prompt and run:
dcdiag /v
repadmin /replsummary
repadmin /showrepl
netdom query fsmo
You’ll likely see errors like “naming context missing” or “directory service not available.”If Active Directory Users and Computers (dsa.msc) can’t connect and shows “Naming information cannot be located,” it confirms the domain context is missing.
Recovery options
You have three possible paths, depending on what you need and what you have:
Option A – Restore from backup (best practice)
If you had a system state or full backup of DC1 or DC2 before the demotion:
Perform an Authoritative Restore of the domain using that backup.
This reintroduces domain partitions and FSMO role data.
Option B – Attempt to mount NTDS.DIT to extract objects
If no backup exists, you can recover data manually from the existing NTDS.DIT:
Copy the C:\Windows\NTDS\ntds.dit file to a lab system (do not work on the production DC).
Use ntdsutil or PowerShell AD DB Recovery Tools like esedbexport or ADExplorer (Sysinternals) to view and export users, groups, and OUs.
Build a new AD forest (fresh 2025 install) and re-import the necessary accounts manually.
Option C – Rebuild the domain cleanly
If the environment is small or lab-based:
Promote a new 2025 server as a new forest root domain.
Recreate users, GPOs, DHCP, CA, etc.
Decommission the broken DC2 after exporting logs or NTDS data if needed.
Lessons learned / future protection
Always ensure replication works (repadmin /showrepl) before demoting any DC.
Never use the GUI demotion on a domain controller unless you’re sure another DC is visible and healthy.
Keep system state backups on all DCs before performing FSMO transfers or demotions.
Summary
Your domain was deleted when the GUI demotion assumed it was the last DC.
Since there’s no working replication or backup, DC2’s AD database can’t re-register as a valid domain controller.
You can:Restore from backup (if available), or
Extract data from NTDS.DIT and recreate the domain, since AD metadata can’t be rebuilt automatically.
