Hi all,

Recently under duress, I P2V'd a domain controller.  It was my first time doing it and wasn't aware of the potential issues of doing so, and while the end result looks like a virtual version of the original and quacks like it, it also has a number of big issues.  Most pertinently, it thinks it is still a DC, even though the domain doesn't; the original physical box was renamed with the suffix "old" and it is still listed as a domain controller and name server (for DNS).

The problem seems to be that the virtual machine believes, for AD purposes, that it IS the old server; running dcpromo he reports on himself using the hostname of the physical box.  This seems to have resulted in the computer object disappearing from AD, leaving only the old one.

All very problematic, and I think the way forward is to unjoin and rejoin the domain again.  In don't want it to have the roles it thinks it has, so the fact that it's not really a DC anymore is not an issue - my only problem is I've never been in a situation before where I needed to demote a server that thinks it's a DC when it isn't.  Since I assume it will make some query to the domain and probably fail if I try to do this, I'm concerned about the effect this might have on the domain, rather than the server.

Since the old physical server still needs to go through a demotion anyway, would it be enough to simply remove the AD and DNS roles from the virtual machine?  I need to be in a position where I can unjoin and log on with a local account, basically.

Has anyone had such experience?

Hi

 First of all i have never prefer to migrate a DC P2V,I always prefer clean OS installation like this scenario.So on your situation,

- First check which is the fsmo roles holder,run "netdom query fsmo"

- Then install clean server OS,and add this server as an Additional DOmain Controller

- Then transfer&seize fsmo roles to this ADC,

- Finaly demote issued DC from domain.(i think you want to demote physical)

check this for seize fsmo roles

https://support.microsoft.com/en-us/kb/255504

Note: I always prefer that all fsmo roles holds on a physical server.

Hi Burak,

I've just performed the demotion of the physical DC and it all went well.  We have more than enough existing DCs so I don't need to promote another one... just need to kill the existing!

I've just tried to dcpromo the virtual machine now and it fails with the following error:

The wizard cannot access the list of domain controllers in the forest.  The error is: the interface is unknown

I suppose this is because a computer object for this server doesn't exist on the domain and, therefore, it is not really joined to the domain... but that's a problem because he thinks he is!

Is there any way to demote/remove the AD role from the VM while this situation carries on?

Robert

Hi

 You will do a metadata cleanup for remove this DC from domain,

check out this

https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx?f=255&mspperror=-2147217396

Hi Burak,

Thanks for this - I didn't think I would have to do this, because the only DC which had a correct bind to the domain was one which I could demote cleanly; for some reason though it has left behind an AD computer object and an entry in AD Sites & Services, so I will definitely clean those up using the methods in the article, thanks.

As it turned out, I did a force demote on the broken VM and after a bit of effort and a few attempts to join, unjoin and join again, it is now successfully on the domain as a member server.

Robert

• Marked as answer by kidtrebor a few seconds ago