removing a bad domain controller from Domain

[Timothy]

A few months ago we established our domain as Griffin.com.

The first domain controller was named DC2 and then we had
a second dell server become a domain controller named dc1.

We set up DNS and had dc2 as primary dns server and dc1 as
a secondary dns controller.

We didnt realize until a few months later that dc1 never
fully joined the domain due to a problematic Nic.

If I look under the systems properties network
identification tap the full computer name is dc1.

The domain name is Griffin.com.

I have replaced the bad nic and reconfigured it with the
correct settings.

I have tried to run DCPromo to demote this server so that
I could reformat and rebuild this server correctly. But I
get the following error message:

The Operation Failed because:

The Directory Service failed to replicate off changes made
locally.

"the DSA operation is unable to proced because of a DNS
lookup failure"

I have changed the Primary DNS server in the NIC
properties to the ip address of dc1 and still got the same
errors.

If I go into DNS it will pass both the simple and
recursive query tests.

If anyone can help me with this problem please let me know
or if you need more information please post below

 

[Cary Shultz [A.D. MVP]]

Timothy,

How long ago was this?

Take a look at the event logs. There should be a whole slew of errors and
warnings. What do they say?

Take a look at your DNS MMC. You stated that DC02 is the primary DNS Server
and the DC01 is the secondary DC. So, this indicates to me that are not
using DDNS ( aka Active Directory Integrated DNS ). Or are you and just
using the 'incorrect' terminology? And no worries if you are using the
incorrect terminology. There are so many dang terms and abbreviations that
it is really difficult sometimes ;-).

Do you have all four sub-folders in the FLZ? Opps! There was another one.
Sorry! In the Forward Lookup Zone. Those four sub_folders would be the
_msdcs, _sites, _tcp and _udp.

You did the two tests from within the DNS MMC. How about if you try to ping
the problem DC from any other machine? Try via IP Address, via NetBIOS Name
( simply it name, so 'DC01' in this case ) and via DNS Name ( aka FQDN, or
Fully Qualified Domain Name, 'DC01.yourdomain.com' in your case ).

I would also try a simple 'nslookup yourdomain.com'. What does that do?
And are you familiar with DNSLint? This is a nice DNS tool. You can
download it from the following link:

http://support.microsoft.com/default.aspx?scid=kb;en-us;321045&Product=win2000

These two links might be useful as well:

http://support.microsoft.com/default.aspx?scid=kb;en-us;330105&Product=win2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;321046&Product=win2000

I would also install the Support Tools and run dcdiag /v and netdiag /v on
all of your WIN2000 Servers. This will show us what is going on where.
There are some other really neat tools that become available when you
install the Support Tools. nltest, netdom, repadmin, replmon and ldp are
just a few. The Support Tools can be found in two places: on the WIN2000
Server CD in the Support | Tools folder and on the WIN2000 Service Pack CD
in the Support | Tools folder. I would go with the Service Pack...

Now, all of this is fine and good as far as troubleshooting your problem DC
( as well as your AD ). If you do not care about all of this ( I would,
however ) and simply want to DCPROMO this bad boy, then take a look at the
following:

http://support.microsoft.com/default.aspx?scid=kb;en-us;332199&Product=win2000

If you choose to go this route make sure that you look at the bottom of the
article and follow those three articles ( on cleaning the metadata, the FRS
and the FSMO roles ).

HTH,

Cary