none
Set-ADDomainMode - ResourceUnavailable

    Question

  • Context: I'm making an effort to learn how to perform various operations with Powershell.

    This is a test network.

    Two domain controllers:

    DC2 - Windows 2008 R2

    DC5 - Windows 2012

    ++++++++++++++

    Problem: when I attempt to increase the domain functional level using what I believe is the correct PS cmdlet, I obtain the following error (note: cmdlets run on Windows 2012 server):

    PS C:\> Get-ADDomain | Set-ADDomainMode -DomainMode Windows2008Domain

    Confirm [snip] y

    Set-ADDomainMode : A referral was returned from the server
    At line:1 char:16
    + Get-ADDomain | Set-ADDomainMode -DomainMode Windows2008Domain
    +                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ResourceUnavailable: (DC=mynet,DC=lan:ADDomain) [Set-ADDomainMode], ADReferralException
        + FullyQualifiedErrorId : ActiveDirectoryServer:8235,Microsoft.ActiveDirectory.Management.Commands.SetADDomainMode

    ++++++++++++++++++++++++++++++++++

    Yet the Get-ADDomain cmdlet does return the name of the domain (tried various methods here):

    PS C:\> (Get-ADDomain).name
    mynet
    PS C:\>

    *

    PS C:\> Get-ADDomain | fl name,domainmode

    name       : mynet
    domainmode : Windows2003Domain

    ++++++++++++

    I'm logged in as the default domain administrator.

    D2 (the W2K8R2 DC) holds the FSMO roles.

    I opened PS with run as administrator.

    After startup (since there are sometimes transient "waking up" errors), I forced replication between domain controllers and even stopped and started the netlogon service on DC5.

    repadmin /showrepl shows successful replication for all five partitions.

    DNS servers on DC5 are:

    10.0.0.12 (DC2)

    10.0.0.15 (DC5)

    ++++++++++++

    I can raise the DFL using the GUI without a problem (on the Windows 2012 server):

    Indeed, the DFL is raised to Windows 2008.

    I then attempted to raise the DFL to Windows 2008 R2 using the same cmdlet (just in case some transient problem solved itself in the meantime - which allowed me to succeed with the GUI). Same result: ResourceUnavailable.

    I tried this once before as well, left it aside for a couple weeks, thought maybe I was just missing something. I had the exact same results. Raising DFL and FFL with the GUI (either ADUC, ADDT, ADAC) is successful.

    I still cannot raise the DFL with Powershell.

    Can anyone see what is wrong?


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.





    Sunday, February 02, 2014 2:37 AM

Answers

  • I was able to duplicate this error by purposely targeting a DC other than the PDC.  When I targeted the PDC, the command worked.

    Next time, try this:

    $PDC = (get-addomain).pdcemulator
    set-addomainmode <domain> -domainmode <newmode> -server $PDC


    Chris Ream

    - If you have found my post to be helpful, or the answer, please mark it appropriately.  Thank you.

    Sunday, February 02, 2014 5:02 AM
  • Exactly. The PDCe must be targeted. This seems to be implied in the second example here (bottom of page):

    http://technet.microsoft.com/en-us/library/ee617230.aspx


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    Tuesday, February 04, 2014 1:32 AM

All replies

  • I tried all these combinations:

    Set-ADDomainMode mynet -DomainMode Windows2008R2Domain

    Set-ADDomainMode mynet.lan -DomainMode Windows2008R2Domain

    Set-ADDomainMode "mynet" -DomainMode Windows2008R2Domain

    Set-ADDomainMode "mynet.lan" -DomainMode Windows2008R2Domain

    Set-ADDomainMode -identity mynet -DomainMode Windows2008R2Domain

    Even after raising the DFL from W2K3 to W2K8 with the GUI, it still fails with PS.

    Here's proof I was able to raise the DFL with the GUI (so there should not be an underlying Active Directory problem that is preventing the operation):


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.


    Sunday, February 02, 2014 2:48 AM
  • I was able to duplicate this error by purposely targeting a DC other than the PDC.  When I targeted the PDC, the command worked.

    Next time, try this:

    $PDC = (get-addomain).pdcemulator
    set-addomainmode <domain> -domainmode <newmode> -server $PDC


    Chris Ream

    - If you have found my post to be helpful, or the answer, please mark it appropriately.  Thank you.

    Sunday, February 02, 2014 5:02 AM
  • Thanks Christopher: I'll try your solution tonight and report back.

    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    Monday, February 03, 2014 6:58 PM
  • Exactly. The PDCe must be targeted. This seems to be implied in the second example here (bottom of page):

    http://technet.microsoft.com/en-us/library/ee617230.aspx


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    Tuesday, February 04, 2014 1:32 AM