Cannot demote DC

[Douglas M. Munro]

A client created a third domain controller in his
environment (all three are dns servers and active
directory integrated) but used a full computer name which
was different from his domain name. In this case, it was
server3.xyz.com where his domain name is abc.com. I was
able to reg hack the full computer name but am still
unable to demote it as I get a dns lookup failure
message. I have it pointing to itself for dns resolution
and had to manually go in and change the resource records
to the correct domain name. Any thoughts?

DMM

 

[\Richard McCall [MSFT]\]

This can happen if the properties under My Computer for Change DNS suffix
when domain membership changes. The script that will update the computers
full name to reflect the current DNS ad domain. However if you continue to
have replication problem and want to depromot the server down then here are
some articles that will assist.

<START COPY OF SCRIPT>

'*************************************************************
'* FixDomainSuffix.vbs
'* Created by: JSeifert
'*************************************************************

Const ADS_PROPERTY_CLEAR = 1

Answer = MsgBox("This script will change the Domain Suffix of this computer"
& vbCrLf &_
"to equal the AD Domain name that this DC is a member of."
& vbCrLf &_
"This script can only be run on a Windows 2000 DC by an"
& vbCrLf &_
"Administrator of the Domain. You must reboot this
computer" & vbCrLf &_
"after the script completes."
& vbCrLf &_

vbCrLf &_
"Choose ""OK"" to continue ""Cancel"" to stop processing the
script", vbOKCancel, _
"Change DNS Suffix to match AD Domain")

If Answer = vbCancel Then WScript.Quit

Set Cont = GetObject("LDAP://localhost")
strTemp = Cont.distinguishedName
strTemp = Mid(strTemp, 4, Len(strTemp))

Set regEx = New RegExp
regEx.Global = True
regEx.IgnoreCase = True
regEx.Pattern = ",DC="
strTemp = regEx.Replace(strTemp, ".")

Set WshShell = CreateObject("WScript.Shell")
WshShell.RegWrite
"HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain", strTemp,
"REG_SZ"
WshShell.RegWrite
"HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NV Domain",
strTemp, "REG_SZ"
WshShell.RegWrite
"HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SyncDomainWithMembe
rship", 1, "REG_DWORD"

Set Cont = GetObject("LDAP://localhost/RootDSE")
Set Cont = GetObject("LDAP://"&Cont.serverName)
Set Cont = GetObject("LDAP://"&Cont.serverReference)
Cont.PutEx ADS_PROPERTY_CLEAR, "dNSHostName", vbNull
Cont.PutEx ADS_PROPERTY_CLEAR, "servicePrincipalName", vbNull
Cont.SetInfo

Answer = MsgBox("The computer needs to be rebooted for the changes to take
effect. Would you like the DC to be rebooted now?", _
vbYesNo, "Reboot now?")
If Answer = vbYes Then
Set OpSysSet = GetObject("winmgmts:{(Shutdown)}").ExecQuery("select *
from Win32_OperatingSystem where Primary=true")
For Each OpSys In OpSysSet
OpSys.Reboot()
Next
End If
<END COPY OF SCRIPT>


332199 Using the DCPROMO /FORCEREMOVAL Command to Force the Demotion of
Active
http://support.microsoft.com/?id=332199
216498 HOW TO: Remove Data in Active Directory After an Unsuccessful Domain
http://support.microsoft.com/?id=216498