@Dave Patrick 

This is what I see:

01/31/2020 11:13:16 [ERROR] Failed to find a DC for domain example.com: 1355
01/31/2020 11:13:16 [ERROR] Failed to find a domain controller for example.com: 1355
01/31/2020 11:13:16 [INFO] Error - A domain controller could not be contacted for the domain example.com that contained an account for this computer. Make the computer a member of a workgroup then rejoin the domain before retrying the promotion.
(1355)

I tried to unjoin the domain, but it's all greyed out (maybe because it's a domain controller)

• Dcdiag /v /c /d /e /s:%computername% >c:\dcdiag.log
• repadmin /showrepl >C:\repl.txt
• ipconfig /all > C:\dc1.txt
  
  then put unzipped text files up on OneDrive and share a link.

@Dave Patrick 

Here it is: https://1drv.ms/u/s!Av244T63eJ79inTth7r2ter7iUYi?e=FOVk9g

I have renamed the domain to example on all of them (that's the only change)

Please don't zip the files.

@Dave Patrick 

Sorry, I could have sworn I saw zip them instead of unzip them, this is the new link of the unzipped files.

https://1drv.ms/u/s!Av244T63eJ79ink4975Gor6fOcJz?e=PV52uc

You cannot remove active directory roles gracefully unless the role is recognized and domain is healthy, which right now it is not. A domain controller and all members should have the static ip address of DC listed for DNS and no others such as router or public DNS, so remove the google DNS from connection, then try ipconfig /flushdns, ipconfig /registerdns, restart netlogon service. Then put up new files if problems persist.

@Dave Patrick 

Still not working, these are the new files:

https://1drv.ms/u/s!Av244T63eJ79iwFozzAlE31fXbtI?e=RjYs5g

If you see an "ad.example.com" somewhere is because that's what I want to get rid off my predecessor did it that way and I'm trying to fix that and make it example.local without that "ad" in it.

I tried to demote this server first because it was the second DC, but it never worked, I tried the first one and that one worked like a charm.

Please tell me there is a way so I don't have to re-install this server from scratch.

Thanks.

@Dave Patrick 

The command gave me the 5 Active Directory "roles" (I haven't seen these in years) all pointing to this same server, so I changed the DNS to have its own IP address instead of 127.0.0.1, but still nothing.

What's in system event log since last boot?

@Dave Patrick 

Hello Dave,

Because the first domain controller did let me demote it I was able to create the new forest, so I'm just going to re-install the one not letting me delete it and join the newly created forest as another domain controller for it.

Thanks for all your help.

Yes, always best to start from a fully patched clean installation. I thought you were trying to save something mission critical.

(please don't forget to mark helpful replies)

Just for your information:

Your predecessor actually did it correctly. The forest root domain should consist of a prefix ("ad" in your example) and an internet-registered suffix (example.com in your example).

Using single-label DNS names and/or fake TLDs like "example.local" is not recommended and a bad practice.

You can read about this here:

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/selecting-the-forest-root-domain

Quote from the documentation:

Caution

Do not use single-label DNS names. For more information, see Information about configuring Windows for domains with single-label DNS names (https://go.microsoft.com/fwlink/?LinkId=106631). Also, we do not recommend using unregistered suffixes, such as .local.

---

More about this here:

https://support.microsoft.com/en-us/help/300684/deployment-and-operation-of-active-directory-domains...

You can find a discussion about this including many links to other articles and discussions here:

https://serverfault.com/questions/567775/naming-a-new-active-directory-forest-why-is-split-horizon-d...

@jurgen73