Issues with LDAP after demoting a domain controller


I demoted my primary domain controller today after transferring my FSMO roles. I’ve since added another domain controller to my forest. Before demoting, I changed my LDAPS connection to another DC in my forest. After I did this, I tested authentication. It worked fine. I then went ahead with the demotion, but authentication is not working.

I’m attempting a new admin setup, but when I configure it, the option to Test settings, keeps failing.

Hi Chris - sorry to hear about this. Do the log files (and/or standard-out) include any reference to the authentication error?

cc: @speedy

Thanks, I eventually got it working. I figured out that my DN Admin settings were not the right syntax. However, I’m confused as to why my test worked on a new server before I shut down the old server. This obviously gave me a false sense of security. Any idea why this might have happened and what I need to do if I change the domain controller again? I’m confused as to why anything would be different and I couldn’t login after if all I did was change the server name. I eventually ended up using the server name I originally tried to switch to.

yeah…that’s interesting. It should have just “worked” if you were only updating the DC info.

I am using 4.7.5. I realize this is not the latest version, but is this a bug or something? I’m confused how my test worked.

On the same lines, is there a way to set a backup server? I have this backup server on other LDAPS setups I have in my environment which would have helped in this situation. Is that a feature that could be added? I don’t see a way to do so.

yes, you can do something like dc1, dc2.

Oh great. Is it better to change it in System Properties - or Server Settings - Profile Settings?

either is fine.

Perfect. I’ve made the change. I didn’t see this documented anywhere, so I appreciate the clarification.