Hi, I have set up two AD DCs (both running Samba 4.1). This is my setup: dc1.mydomain.lan: The first DC (used for domain provision) dc2.mydomain.lan: Promoted to AD DC after domain setup I promoted dc2 using this command: samba-tool domain join mydomain.lan DC -Uadministrator --realm=mydomain.lan While the promotion worked without any issues I now want to demote dc2 again. This is what I did: [root at dc2 ~]# samba-tool domain demote -U administrator Using dc1.mydomain.lan as partner server for the demotion Password for [MYDOMAIN\administrator]: Desactivating inbound replication Asking partner server dc1.mydomain.lan to synchronize from us Error while demoting, re-enabling inbound replication ERROR(<class 'samba.drs_utils.drsException'>): Error while sending a DsReplicaSync for partion CN=Schema,CN=Configuration,DC=mydomain,DC=lan - drsException: DsReplicaSync failed (31, 'WERR_GENERAL_FAILURE') File "/usr/lib/python2.7/site-packages/samba/netcmd/domain.py", line 647, in run sendDsReplicaSync(drsuapiBind, drsuapi_handle, ntds_guid, str(part), drsuapi.DRSUAPI_DRS_WRIT_REP) File "/usr/lib/python2.7/site-packages/samba/drs_utils.py", line 83, in sendDsReplicaSync raise drsException("DsReplicaSync failed %s" % estr) Am I doing anything wrong or is this a bug? Thanks, Frederik