none
DCPROMO FAILS -The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.

    Question

  • Hi Experts,                           

    We have 4 AD sites and working properly. Due to some requirement we need to decommission DCs in one site.  We are trying to demote DC roles in 2 servers but they are throwing attached errors.

     

    I tried to follow given link and changed the orphan entry as mentioned. But still this error persists. Replication and communication is properly happening in all sites.

     

    http://www.zerohoursleep.com/2011/07/dcpromo-out-fails-with-the-directory-service-is-missing-mandatory-configuration-information-and-is-unable-to-determine-the-ownership-of-floating-single-master-operation-roles/

     

     

    When I tried to fire dsquery * CN=Infrastructure,DC=ForestDnsZones,DC=xxx,DC=net -attr fSMORoleOwner

     

    I got below mentioned result which shows that there is some orphan entry. DC01 doesn’t exists in our network more.

     

    CN=NTDS Settings\0ADEL:413b675f-3da2-4c09-b801-6358e839268f,CN=DC01\0ADEL:de8559b2-255b-4603-8f07-608df9e61a73,CN=Servers,CN=GVA,CN=Sites,CN=Configuration,DC=XXX,DC=net 

     

    I changed the entry according to link.

    CN=NTDS Settings,CN=EUDC2,CN=Servers,CN=AUS,CN=Sites,CN=Configuration,DC=XXX,DC=net 

     

     

    Event Log Errors-01

     

    The operations master roles held by this directory server could not transfer to the following remote directory server.

     

    Remote directory server:

    \\EUDC2.xxx.net

     

    This is preventing removal of this directory server.

     

    User Action

    Investigate why the remote directory server might be unable to accept the operations master roles, or manually transfer all the roles that are held by this directory server to the remote directory server. Then, try to remove this directory server again.

     

    Additional Data

    Error value:

    5005 The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.

    Extended error value:

    0

    Internal ID:

    52498735

    Event Log Errors-02

     

    Ownership of the following FSMO role is set to a server which is deleted or does not exist.

     

    Operations which require contacting a FSMO operation master will fail until this condition is corrected.

     

    FSMO Role: CN=Infrastructure,DC=DomainDnsZones,DC=xxx,DC=net

    FSMO Server DN: CN=NTDS Settings\0ADEL:413b675f-3da2-4c09-b801-6358e839268f,CN=DC01\0ADEL:de8559b2-255b-4603-8f07-608df9e61a73,CN=Servers,CN=USA,CN=Sites,CN=Configuration,DC=XXX,DC=net

     

    User Action:

     

    1. Determine which server should hold the role in question.

    2. Configuration view may be out of date. If the server in question has been promoted recently, verify that the Configuration partition has replicated from the new server recently.  If the server in question has been demoted recently and the role transferred, verify that this server has replicated the partition (containing the latest role ownership) lately.

    3. Determine whether the role is set properly on the FSMO role holder server. If the role is not set, utilize NTDSUTIL.EXE to transfer or seize the role. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.

    4. Verify that replication of the FSMO partition between the FSMO role holder server and this server is occurring successfully.

     

    The following operations may be impacted:

    Schema: You will no longer be able to modify the schema for this forest.

    Domain Naming: You will no longer be able to add or remove domains from this forest.

    PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.

    RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.

    Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.

     

    Any Suggestion apart from that Link pls?


     


    Regards Suman B. Singh
    Thursday, November 17, 2011 7:39 AM

Answers

All replies