I’ve been on a roll upgrading our equipment and decommissioning old servers. Most demotions and decommissions finish without an issue, which is great. I happened to be late to the game at one of our sites that closed before I was able to come onsite for the decommission. I ended up bringing the servers back with me and they sat in a warehouse for about a month until I had time to setup a test network with a VPN back to our main site to properly demote the domain controllers.
I started the servers up and verified I was able to connect to the main site via VPN and the servers were talking to one another. I began the DCPromo process and was soon greeted with this error:
The operation failed because:
Active Directory could not transfer the remaining data in directory partition CN=Schema,CN=Configuration,DC=domain,DC=com to domain controller DC5.Domain.com.
“Logon Failure: The target account name is incorrect.”
I was just going to go with a quick and dirty forceful removal from AD, but decided to do a little digging and found a simple solution. By disabling the Kerberos Key Distribution Center service and rebooting the server, I was able to restart DCPromo and properly demote the DCs without any further issue.