Jan 31 2020 08:26 AM
Jan 31 2020 08:26 AM
I have an active directory domain services server role installed on a server that I want to remove, but it won't let me remove it because demotion fails, this is the only domain controller in a domain that I want to end, but it won't accept it's the last even though there are no others, so how can I remove this role from it if it doesn't demote itself?
Jan 31 2020 08:54 AM
This is what I see:
01/31/2020 11:13:16 [ERROR] Failed to find a DC for domain example.com: 1355
01/31/2020 11:13:16 [ERROR] Failed to find a domain controller for example.com: 1355
01/31/2020 11:13:16 [INFO] Error - A domain controller could not be contacted for the domain example.com that contained an account for this computer. Make the computer a member of a workgroup then rejoin the domain before retrying the promotion.
I tried to unjoin the domain, but it's all greyed out (maybe because it's a domain controller)
Jan 31 2020 08:56 AM
Jan 31 2020 10:17 AM
I have renamed the domain to example on all of them (that's the only change)
Jan 31 2020 11:58 AM
Sorry, I could have sworn I saw zip them instead of unzip them, this is the new link of the unzipped files.
Jan 31 2020 12:06 PM
You cannot remove active directory roles gracefully unless the role is recognized and domain is healthy, which right now it is not. A domain controller and all members should have the static ip address of DC listed for DNS and no others such as router or public DNS, so remove the google DNS from connection, then try ipconfig /flushdns, ipconfig /registerdns, restart netlogon service. Then put up new files if problems persist.
Jan 31 2020 01:19 PM
Still not working, these are the new files:
If you see an "ad.example.com" somewhere is because that's what I want to get rid off my predecessor did it that way and I'm trying to fix that and make it example.local without that "ad" in it.
I tried to demote this server first because it was the second DC, but it never worked, I tried the first one and that one worked like a charm.
Please tell me there is a way so I don't have to re-install this server from scratch.
Jan 31 2020 01:36 PM - edited Jan 31 2020 01:39 PM
Jan 31 2020 01:44 PM
The command gave me the 5 Active Directory "roles" (I haven't seen these in years) all pointing to this same server, so I changed the DNS to have its own IP address instead of 127.0.0.1, but still nothing.
Feb 03 2020 02:56 PM
Because the first domain controller did let me demote it I was able to create the new forest, so I'm just going to re-install the one not letting me delete it and join the newly created forest as another domain controller for it.
Thanks for all your help.
Feb 03 2020 03:03 PM
Yes, always best to start from a fully patched clean installation. I thought you were trying to save something mission critical.
(please don't forget to mark helpful replies)
Feb 04 2020 03:04 AM - edited Feb 04 2020 03:12 AM
Just for your information:
Your predecessor actually did it correctly. The forest root domain should consist of a prefix ("ad" in your example) and an internet-registered suffix (example.com in your example).
Using single-label DNS names and/or fake TLDs like "example.local" is not recommended and a bad practice.
You can read about this here:
Quote from the documentation:
Do not use single-label DNS names. For more information, see Information about configuring Windows for domains with single-label DNS names (https://go.microsoft.com/fwlink/?LinkId=106631). Also, we do not recommend using unregistered suffixes, such as .local.
More about this here:
You can find a discussion about this including many links to other articles and discussions here: