hi all I have inherited another environment which has the following:
I have a two domain controllers "DC01" is the FSMO role holder and "DC02" is the the additional domain controller
I have a call manager that is integrated with the domain for creating users .
DC02 can not replicate from DC01 and DC01 can not replicate from dc02 too since 4-5-2017
so I decided to demote DC02 the addditional domain controller based on the following factors:
1-DC02 has usn higher than DC01
Default-First-Site-Name\DC02 @ USN 151958 @ Time 2017-04-05 12:02:13
2-DC01 has usn higher than DC02 from its perspective
Caching GUIDs...
Default-First-Site-Name\DC01 @ USN 94638 @ Time 2017-04-05 12:09:09
Default-First-Site-Name\DC02 @ USN 703102 @ Time 2018-09-16 15:23:30
3-i can't access users in DC02 using power shell as shown below
I searched for a document that explain how to demote a domain controller and clening up meta data in windows 2012 R2 as shown below
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/demoting-domain-controllers-and-domains--level-200-
is there any concerns I should put into considerations while doing that demotion
please advise
attached below the replication info
Default-First-Site-Name\DC01DSA Options: IS_GC
Site Options: (none)
DSA object GUID: a7d645fb-5500-4950-aeb7-9f205d72a3ce
DSA invocationID: a7d645fb-5500-4950-aeb7-9f205d72a3ce
==== INBOUND NEIGHBORS ======================================
DC=domain,DC=local
Default-First-Site-Name\DC02 via RPC
DSA object GUID: a502777f-21a4-49a7-abf1-d04831266a3a
Last attempt @ 2018-09-16 15:55:13 failed, result 8614 (0x21a6):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
11477 consecutive failure(s).
Last success @ 2017-04-05 12:02:13.
CN=Configuration,DC=domain,DC=local
Default-First-Site-Name\DC02 via RPC
DSA object GUID: a502777f-21a4-49a7-abf1-d04831266a3a
Last attempt @ 2018-09-16 15:55:13 failed, result 8614 (0x21a6):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
11314 consecutive failure(s).
Last success @ 2017-04-05 11:49:17.
CN=Schema,CN=Configuration,DC=domain,DC=local
Default-First-Site-Name\DC02 via RPC
DSA object GUID: a502777f-21a4-49a7-abf1-d04831266a3a
Last attempt @ 2018-09-16 15:55:13 failed, result 8614 (0x21a6):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
11314 consecutive failure(s).
Last success @ 2017-04-05 11:49:17.
DC=DomainDnsZones,DC=domain,DC=local
Default-First-Site-Name\DC02 via RPC
DSA object GUID: a502777f-21a4-49a7-abf1-d04831266a3a
Last attempt @ 2018-09-16 15:55:13 failed, result 8614 (0x21a6):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
11320 consecutive failure(s).
Last success @ 2017-04-05 11:49:17.
DC=ForestDnsZones,DC=domain,DC=local
Default-First-Site-Name\DC02 via RPC
DSA object GUID: a502777f-21a4-49a7-abf1-d04831266a3a
Last attempt @ 2018-09-16 15:55:13 failed, result 8614 (0x21a6):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
11314 consecutive failure(s).
Last success @ 2017-04-05 11:49:17.
Source: Default-First-Site-Name\DC02
******* 11477 CONSECUTIVE FAILURES since 2017-04-05 12:02:13
Last error: 8614 (0x21a6):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
Default-First-Site-Name\DC02
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: a502777f-21a4-49a7-abf1-d04831266a3a
DSA invocationID: fa9f8070-25ac-4352-b2b4-d817db55848e
==== INBOUND NEIGHBORS ======================================
DC=domain,DC=local
Default-First-Site-Name\DC01 via RPC
DSA object GUID: a7d645fb-5500-4950-aeb7-9f205d72a3ce
Last attempt @ 2018-09-16 15:15:17 failed, result -2146893022 (0x80090322):
The target principal name is incorrect.
34517 consecutive failure(s).
Last success @ 2017-04-05 12:09:14.
CN=Configuration,DC=domain,DC=local
Default-First-Site-Name\DC01 via RPC
DSA object GUID: a7d645fb-5500-4950-aeb7-9f205d72a3ce
Last attempt @ 2018-09-16 14:47:17 failed, result -2146893022 (0x80090322):
The target principal name is incorrect.
6610 consecutive failure(s).
Last success @ 2017-04-05 11:50:22.
CN=Schema,CN=Configuration,DC=domain,DC=local
Default-First-Site-Name\DC01 via RPC
DSA object GUID: a7d645fb-5500-4950-aeb7-9f205d72a3ce
Last attempt @ 2018-09-16 14:47:17 failed, result -2146893022 (0x80090322):
The target principal name is incorrect.
6609 consecutive failure(s).
Last success @ 2017-04-05 11:50:22.
DC=DomainDnsZones,DC=domain,DC=local
Default-First-Site-Name\DC01 via RPC
DSA object GUID: a7d645fb-5500-4950-aeb7-9f205d72a3ce
Last attempt @ 2018-09-16 15:10:44 failed, result -2146893022 (0x80090322):
The target principal name is incorrect.
13160 consecutive failure(s).
Last success @ 2017-04-05 11:50:22.
DC=ForestDnsZones,DC=domain,DC=local
Default-First-Site-Name\DC01 via RPC
DSA object GUID: a7d645fb-5500-4950-aeb7-9f205d72a3ce
Last attempt @ 2018-09-16 14:47:17 failed, result 1256 (0x4e8):
The remote system is not available. For information about network troubleshooting, see Windows Help.
6632 consecutive failure(s).
Last success @ 2017-04-05 11:50:22.
Source: Default-First-Site-Name\DC01
******* 34514 CONSECUTIVE FAILURES since 2017-04-05 12:09:14
Last error: -2146893022 (0x80090322):
The target principal name is incorrect.