How to remove active directory DS role after failing to demote server?

%3CLINGO-SUB%20id%3D%22lingo-sub-1144039%22%20slang%3D%22en-US%22%3EHow%20to%20remove%20active%20directory%20DS%20role%20after%20failing%20to%20demote%20server%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1144039%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20guys%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20an%20active%20directory%20domain%20services%20server%20role%20installed%20on%20a%20server%20that%20I%20want%20to%20remove%2C%20but%20it%20won't%20let%20me%20remove%20it%20because%20demotion%20fails%2C%20this%20is%20the%20only%20domain%20controller%20in%20a%20domain%20that%20I%20want%20to%20end%2C%20but%20it%20won't%20accept%20it's%20the%20last%20even%20though%20there%20are%20no%20others%2C%20so%20how%20can%20I%20remove%20this%20role%20from%20it%20if%20it%20doesn't%20demote%20itself%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1144039%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EActive%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1144130%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20remove%20active%20directory%20DS%20role%20after%20failing%20to%20demote%20server%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1144130%22%20slang%3D%22en-US%22%3E%3CP%3EWhat's%20in%20the%26nbsp%3B%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23ffffff%3B%20color%3A%20%232a2a2a%3B%20font-family%3A%20inherit%3B%20font-size%3A%2012px%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20bold%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E%25SystemRoot%25%5CDebug%5Cdcpromo.log%20%3C%2FSPAN%3E%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1144212%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20remove%20active%20directory%20DS%20role%20after%20failing%20to%20demote%20server%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1144212%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F51719%22%20target%3D%22_blank%22%3E%40Dave%20Patrick%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20what%20I%20see%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E01%2F31%2F2020%2011%3A13%3A16%20%5BERROR%5D%20Failed%20to%20find%20a%20DC%20for%20domain%20example.com%3A%201355%3CBR%20%2F%3E01%2F31%2F2020%2011%3A13%3A16%20%5BERROR%5D%20Failed%20to%20find%20a%20domain%20controller%20for%20example.com%3A%201355%3CBR%20%2F%3E01%2F31%2F2020%2011%3A13%3A16%20%5BINFO%5D%20Error%20-%20A%20domain%20controller%20could%20not%20be%20contacted%20for%20the%20domain%20example.com%20that%20contained%20an%20account%20for%20this%20computer.%20Make%20the%20computer%20a%20member%20of%20a%20workgroup%20then%20rejoin%20the%20domain%20before%20retrying%20the%20promotion.%3CBR%20%2F%3E(1355)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20tried%20to%20unjoin%20the%20domain%2C%20but%20it's%20all%20greyed%20out%20(maybe%20because%20it's%20a%20domain%20controller)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1144216%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20remove%20active%20directory%20DS%20role%20after%20failing%20to%20demote%20server%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1144216%22%20slang%3D%22en-US%22%3E%3CDIV%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3EPlease%20run%3B%3C%2FFONT%3E%3C%2FDIV%3E%0A%3CUL%3E%0A%3CLI%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3EDcdiag%20%2Fv%20%2Fc%20%2Fd%20%2Fe%20%2Fs%3A%25computername%25%20%26gt%3Bc%3A%5Cdcdiag.log%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3Erepadmin%20%2Fshowrepl%20%26gt%3BC%3A%5Crepl.txt%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3Eipconfig%20%2Fall%20%26gt%3B%20C%3A%5Cdc1.txt%3CBR%20%2F%3E%3CBR%20%2F%3Ethen%20put%20unzipped%20text%20files%20up%20on%20%3CA%20href%3D%22https%3A%2F%2Fonedrive.live.com%2Fabout%2Fen-us%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EOneDrive%3C%2FA%3E%20and%20share%20a%20link.%3C%2FFONT%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CDIV%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%26nbsp%3B%3C%2FFONT%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%26nbsp%3B%3C%2FFONT%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1144403%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20remove%20active%20directory%20DS%20role%20after%20failing%20to%20demote%20server%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1144403%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F51719%22%20target%3D%22_blank%22%3E%40Dave%20Patrick%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHere%20it%20is%3A%20%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fu%2Fs!Av244T63eJ79inTth7r2ter7iUYi%3Fe%3DFOVk9g%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2F1drv.ms%2Fu%2Fs!Av244T63eJ79inTth7r2ter7iUYi%3Fe%3DFOVk9g%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20renamed%20the%20domain%20to%20example%20on%20all%20of%20them%20(that's%20the%20only%20change)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1144631%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20remove%20active%20directory%20DS%20role%20after%20failing%20to%20demote%20server%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1144631%22%20slang%3D%22en-US%22%3E%3CP%3EPlease%20don't%20zip%20the%20files.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1144652%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20remove%20active%20directory%20DS%20role%20after%20failing%20to%20demote%20server%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1144652%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F51719%22%20target%3D%22_blank%22%3E%40Dave%20Patrick%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESorry%2C%20I%20could%20have%20sworn%20I%20saw%20zip%20them%20instead%20of%20unzip%20them%2C%20this%20is%20the%20new%20link%20of%20the%20unzipped%20files.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fu%2Fs!Av244T63eJ79ink4975Gor6fOcJz%3Fe%3DPV52uc%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2F1drv.ms%2Fu%2Fs!Av244T63eJ79ink4975Gor6fOcJz%3Fe%3DPV52uc%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1144672%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20remove%20active%20directory%20DS%20role%20after%20failing%20to%20demote%20server%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1144672%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20cannot%20remove%20active%20directory%20roles%20gracefully%20unless%20the%20role%20is%20recognized%20and%20domain%20is%20healthy%2C%20which%20right%20now%20it%20is%20not.%20A%20domain%20controller%20and%20all%20members%20should%20have%20the%20static%20ip%20address%20of%20DC%20listed%20for%20DNS%20and%20no%20others%20such%20as%20router%20or%20public%20DNS%2C%20so%20remove%20the%20google%20DNS%20from%20connection%2C%20then%20try%20%3CSTRONG%3Eipconfig%20%2Fflushdns%2C%20ipconfig%20%2Fregisterdns%3C%2FSTRONG%3E%2C%20restart%20netlogon%20service.%20Then%20put%20up%20new%20files%20if%20problems%20persist.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1144750%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20remove%20active%20directory%20DS%20role%20after%20failing%20to%20demote%20server%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1144750%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F51719%22%20target%3D%22_blank%22%3E%40Dave%20Patrick%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EStill%20not%20working%2C%20these%20are%20the%20new%20files%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fu%2Fs!Av244T63eJ79iwFozzAlE31fXbtI%3Fe%3DRjYs5g%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2F1drv.ms%2Fu%2Fs!Av244T63eJ79iwFozzAlE31fXbtI%3Fe%3DRjYs5g%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20see%20an%20%22ad.example.com%22%20somewhere%20is%20because%20that's%20what%20I%20want%20to%20get%20rid%20off%20my%20predecessor%20did%20it%20that%20way%20and%20I'm%20trying%20to%20fix%20that%20and%20make%20it%20example.local%20without%20that%20%22ad%22%20in%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20tried%20to%20demote%20this%20server%20first%20because%20it%20was%20the%20second%20DC%2C%20but%20it%20never%20worked%2C%20I%20tried%20the%20first%20one%20and%20that%20one%20worked%20like%20a%20charm.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20tell%20me%20there%20is%20a%20way%20so%20I%20don't%20have%20to%20re-install%20this%20server%20from%20scratch.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1144784%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20remove%20active%20directory%20DS%20role%20after%20failing%20to%20demote%20server%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1144784%22%20slang%3D%22en-US%22%3E%3CDIV%3E%3CEM%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3Eserver%20holding%20the%20PDC%20role%20is%20down%3C%2FFONT%3E%3C%2FEM%3E%3C%2FDIV%3E%0A%3CDIV%3EI'd%20check%3B%3C%2FDIV%3E%0A%3CDIV%3E%3CSTRONG%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3Enetdom%20%2Fquery%20fsmo%3C%2FFONT%3E%3C%2FSTRONG%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3Eif%20this%20server%20does%20not%20hold%20the%20roles%20then%20you%20can%20seize%20roles%3C%2FFONT%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F255504%2Fusing-ntdsutil-exe-to-transfer-or-seize-fsmo-roles-to-a-domain-control%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F255504%2Fusing-ntdsutil-exe-to-transfer-or-seize-fsmo-roles-to-a-domain-control%3C%2FFONT%3E%3C%2FA%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%3CEM%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3Eall%20DNS%20servers%20are%20invalid%3C%2FFONT%3E%3C%2FEM%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3EDC%20should%20also%20have%20own%20static%20address%20(192.168.137.3)%20listed%20on%20connection%20properties%3C%2FFONT%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%26nbsp%3B%26nbsp%3B%3C%2FFONT%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%26nbsp%3Bagain%2C%20put%20up%20some%20new%20files%20if%20there%20is%20progress.%3C%2FFONT%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%26nbsp%3B%3C%2FFONT%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%26nbsp%3B%3C%2FFONT%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1144798%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20remove%20active%20directory%20DS%20role%20after%20failing%20to%20demote%20server%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1144798%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F51719%22%20target%3D%22_blank%22%3E%40Dave%20Patrick%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20command%20gave%20me%20the%205%20Active%20Directory%20%22roles%22%20(I%20haven't%20seen%20these%20in%20years)%20all%20pointing%20to%20this%20same%20server%2C%20so%20I%20changed%20the%20DNS%20to%20have%20its%20own%20IP%20address%20instead%20of%20127.0.0.1%2C%20but%20still%20nothing.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1144804%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20remove%20active%20directory%20DS%20role%20after%20failing%20to%20demote%20server%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1144804%22%20slang%3D%22en-US%22%3E%3CP%3EWhat's%20in%20system%20event%20log%20since%20last%20boot%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1149085%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20remove%20active%20directory%20DS%20role%20after%20failing%20to%20demote%20server%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1149085%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F51719%22%20target%3D%22_blank%22%3E%40Dave%20Patrick%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHello%20Dave%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBecause%20the%20first%20domain%20controller%20did%20let%20me%20demote%20it%20I%20was%20able%20to%20create%20the%20new%20forest%2C%20so%20I'm%20just%20going%20to%20re-install%20the%20one%20not%20letting%20me%20delete%20it%20and%20join%20the%20newly%20created%20forest%20as%20another%20domain%20controller%20for%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20all%20your%20help.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1149093%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20remove%20active%20directory%20DS%20role%20after%20failing%20to%20demote%20server%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1149093%22%20slang%3D%22en-US%22%3E%3CP%3EYes%2C%20always%20best%20to%20start%20from%20a%20fully%20patched%20clean%20installation.%20I%20thought%20you%20were%20trying%20to%20save%20something%20mission%20critical.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E(please%20don't%20forget%20to%20mark%20helpful%20replies)%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1149822%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20remove%20active%20directory%20DS%20role%20after%20failing%20to%20demote%20server%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1149822%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20for%20your%20information%3A%3C%2FP%3E%3CP%3EYour%20predecessor%20actually%20did%20it%20correctly.%20The%20forest%20root%20domain%20should%20consist%20of%20a%20prefix%20(%22ad%22%20in%20your%20example)%20and%20an%20internet-registered%20suffix%20(example.com%20in%20your%20example).%3C%2FP%3E%3CP%3EUsing%20single-label%20DNS%20names%20and%2For%20fake%20TLDs%20like%20%22example.local%22%20is%20not%20recommended%20and%20a%20bad%20practice.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20can%20read%20about%20this%20here%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fad-ds%2Fplan%2Fselecting-the-forest-root-domain%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fad-ds%2Fplan%2Fselecting-the-forest-root-domain%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EQuote%20from%20the%20documentation%3A%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%20class%3D%22alert-title%22%3ECaution%3C%2FP%3E%3CP%3EDo%20not%20use%20single-label%20DNS%20names.%20For%20more%20information%2C%20see%20Information%20about%20configuring%20Windows%20for%20domains%20with%20single-label%20DNS%20names%20(%3CA%20href%3D%22https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D106631%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D106631%3C%2FA%3E).%20Also%2C%20we%20do%20not%20recommend%20using%20unregistered%20suffixes%2C%20such%20as%20.local.%3C%2FP%3E%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%3CP%3EMore%20about%20this%20here%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F300684%2Fdeployment-and-operation-of-active-directory-domains-that-are-configur%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F300684%2Fdeployment-and-operation-of-active-directory-domains-that-are-configur%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20can%20find%20a%20discussion%20about%20this%20including%20many%20links%20to%20other%20articles%20and%20discussions%20here%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fserverfault.com%2Fquestions%2F567775%2Fnaming-a-new-active-directory-forest-why-is-split-horizon-dns-not-recommended%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fserverfault.com%2Fquestions%2F567775%2Fnaming-a-new-active-directory-forest-why-is-split-horizon-dns-not-recommended%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F540310%22%20target%3D%22_blank%22%3E%40jurgen73%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hey guys,

 

I have an active directory domain services server role installed on a server that I want to remove, but it won't let me remove it because demotion fails, this is the only domain controller in a domain that I want to end, but it won't accept it's the last even though there are no others, so how can I remove this role from it if it doesn't demote itself?

 

Thanks.

14 Replies
Highlighted

What's in the %SystemRoot%\Debug\dcpromo.log ?

 

 

Highlighted

@Dave Patrick 

 

This is what I see:

 

01/31/2020 11:13:16 [ERROR] Failed to find a DC for domain example.com: 1355
01/31/2020 11:13:16 [ERROR] Failed to find a domain controller for example.com: 1355
01/31/2020 11:13:16 [INFO] Error - A domain controller could not be contacted for the domain example.com that contained an account for this computer. Make the computer a member of a workgroup then rejoin the domain before retrying the promotion.
(1355)

 

I tried to unjoin the domain, but it's all greyed out (maybe because it's a domain controller)

Highlighted
Please run;
  • Dcdiag /v /c /d /e /s:%computername% >c:\dcdiag.log
  • repadmin /showrepl >C:\repl.txt
  • ipconfig /all > C:\dc1.txt

    then put unzipped text files up on OneDrive and share a link.
 
 
 
Highlighted

@Dave Patrick 

 

Here it is: https://1drv.ms/u/s!Av244T63eJ79inTth7r2ter7iUYi?e=FOVk9g

 

I have renamed the domain to example on all of them (that's the only change)

Highlighted

Please don't zip the files.

 

 

Highlighted

@Dave Patrick 

 

Sorry, I could have sworn I saw zip them instead of unzip them, this is the new link of the unzipped files.

 

https://1drv.ms/u/s!Av244T63eJ79ink4975Gor6fOcJz?e=PV52uc

Highlighted

You cannot remove active directory roles gracefully unless the role is recognized and domain is healthy, which right now it is not. A domain controller and all members should have the static ip address of DC listed for DNS and no others such as router or public DNS, so remove the google DNS from connection, then try ipconfig /flushdns, ipconfig /registerdns, restart netlogon service. Then put up new files if problems persist.

 

 

 

Highlighted

@Dave Patrick 

 

Still not working, these are the new files:

 

https://1drv.ms/u/s!Av244T63eJ79iwFozzAlE31fXbtI?e=RjYs5g

 

If you see an "ad.example.com" somewhere is because that's what I want to get rid off my predecessor did it that way and I'm trying to fix that and make it example.local without that "ad" in it.

 

I tried to demote this server first because it was the second DC, but it never worked, I tried the first one and that one worked like a charm.

 

Please tell me there is a way so I don't have to re-install this server from scratch.

 

Thanks.

 

Highlighted
server holding the PDC role is down
I'd check;
netdom /query fsmo
if this server does not hold the roles then you can seize roles
 
all DNS servers are invalid
DC should also have own static address (192.168.137.3) listed on connection properties
  
 again, put up some new files if there is progress.
 
 
 
Highlighted

@Dave Patrick 

 

The command gave me the 5 Active Directory "roles" (I haven't seen these in years) all pointing to this same server, so I changed the DNS to have its own IP address instead of 127.0.0.1, but still nothing.

Highlighted

What's in system event log since last boot?

 

 

Highlighted

@Dave Patrick 

Hello Dave,

 

Because the first domain controller did let me demote it I was able to create the new forest, so I'm just going to re-install the one not letting me delete it and join the newly created forest as another domain controller for it.

 

Thanks for all your help.

Highlighted

Yes, always best to start from a fully patched clean installation. I thought you were trying to save something mission critical.

 

(please don't forget to mark helpful replies)

 

 

Highlighted

Just for your information:

Your predecessor actually did it correctly. The forest root domain should consist of a prefix ("ad" in your example) and an internet-registered suffix (example.com in your example).

Using single-label DNS names and/or fake TLDs like "example.local" is not recommended and a bad practice.

 

You can read about this here:

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/selecting-the-forest-root-domain

 

Quote from the documentation:

Caution

Do not use single-label DNS names. For more information, see Information about configuring Windows for domains with single-label DNS names (https://go.microsoft.com/fwlink/?LinkId=106631). Also, we do not recommend using unregistered suffixes, such as .local.


More about this here:

https://support.microsoft.com/en-us/help/300684/deployment-and-operation-of-active-directory-domains...

 

You can find a discussion about this including many links to other articles and discussions here:

https://serverfault.com/questions/567775/naming-a-new-active-directory-forest-why-is-split-horizon-d...

 

@jurgen73