[Samba] Unable to demote DC. You are the last server in the domain

[mark.petersen at markofall.com]

I have a domain with 2 domain controllers. They were both running 4.17.10.


I needed to upgrade the operating system on the computers so I did the following:

* Added a 3rd domain controller with samba 4.18.5

* Demoted 1 of the 4.17 computers and cleaned all remnants via Windows AD Users & Computers, AD Sites and Services, and DNS Manager.

* I did a wipe and installation of Debian 12, installed Samba 4.18.6 and joined the domain.

* After tranfering the FSMO roles to the new Debian 12 / Samba 4.18.6, I did the same demote, wipe, install of Debian 12, install of Samba 4.18.6 and join on the remaining 4.17 DC.

All seems good with the domain. DRS shows all good. samba-tool dbcheck & --cross-ncs show no errors. All the DC's show up correctly in the Windows tools ( AD Users & Computers, AD Sites and Services, and DNS Manager).

Now I want to demote and remove the 3rd DC from the domain, but when I attempt to demote it I'm getting this:

root at fddc12:~# samba-tool domain demote -Uadministrator
ERROR: You are the last server in the domain

What should I check before I use the --remove-other-dead-server=FDDC12 option?