Alfred's New Ramblings

Promoting Domain Controllers

Domain controllers for Windows rely on the DNS to work and find each other through SRV records. If the DNS is not available, the domain controllers don’t work very well.

For a member server, the DNS settings are typically any of the domain controllers. For Domain controllers, the DNS server should be set to its opposite partner as primary and itself as secondary.

If you don’t do this, you will find that when performing DCPROMO, the domain controller will not replicate properly and the rest of the domain will not be able to recognize it. In the end, you may not be able to log in and the end result is to force a demotion using DCPROMO /forceremoval.

Forceremoval method is preferred because it saves you the trouble of explaining to the Enterprise Administrator why you want to perform an AD cleanup

Checklist for Domain controllers is here

Leave a Reply

Your email address will not be published.