|
The best way would be to use the MMC. If you try with DCPROMO it should work, but failure can leave the system in an odd state occasionally. I prefer to perform such sensitive actions in smaller steps so that I can review the results.
If the MMC fails, you can also try the NTDSUTIL.exe from the Support Tools. You will need to understand that this tool is primarily used to 'seize' the FSMO roles. This is done when the previous FSMO owner is no longer available. If you do this, the old FSMO machine can NEVER be on the network again. You will need to format the old FSMO machine and reinstall it -- perhaps a little extreme, but better safe then sorry.
Now that you have the methods, let's address your specific issue. You have two servers that are DCs in the same domain. You want to demote server1 so that it does not participate as an FSMO server or DC. However, you are getting the error you mentioned. First, you should look in the event logs -- especially the SYSTEM, DNS, File Replication and Directory Services Event logs. The synchronization of the domains is probably incomplete for some reason. Often this is due to connectivity problems with the network, or more often (especially in test environments) an incorrect DNS configuration, which is why you should examine the DNS event logs. Checking the File Replication log will give you an idea if the Active Directory setup on server2 is actually complete. Until it is complete, the FRS and Directory Services logs will indicate issues with the completion of SYSVOL and synchronization activities. Correct these issues first and then try to use the MMC to transfer the roles.
Editor's Note: Find more useful information in these Best Web Link categories: Active Directory Replication, Group Policy and DNS. You may also want to browse through our collection of Active Directory white papers.
*Sign up for our free weekly Active Directory tips to have expert tips and advice about managing Active Directory delivered right to your inbox.
|
