none
dcpromo remove domain controller failed RRS feed

  • Question

  • Thi is the error on eventviewers.
    fsmo server il not dc-01 but dc01
    how to fix the problem?



    Ownership of the following FSMO role is set to a server which is deleted or does not exist.

     

    Operations which require contacting a FSMO operation master will fail until this condition is corrected.

     

    FSMO Role: CN=Infrastructure,DC=DomainDnsZones,DC=be-ta,DC=it

    FSMO Server DN: CN=NTDS Settings\0ADEL:89e7d700-1f29-4d7a-8492-2fa9e8b63d15,CN=DC-01\0ADEL:b3039a7d-50b1-482b-bb23-89ab82005847,CN=Servers,CN=Nome-predefinito-primo-sito,CN=Sites,CN=Configuration,DC=be-ta,DC=it

     

    User Action:

     

    1. Determine which server should hold the role in question.

    2. Configuration view may be out of date. If the server in question has been promoted recently, verify that the Configuration partition has replicated from the new server recently. If the server in question has been demoted recently and the role transferred, verify that this server has replicated the partition (containing the latest role ownership) lately.

    3. Determine whether the role is set properly on the FSMO role holder server. If the role is not set, utilize NTDSUTIL.EXE to transfer or seize the role. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.

    4. Verify that replication of the FSMO partition between the FSMO role holder server and this server is occurring successfully.

     

    The following operations may be impacted:

    Schema: You will no longer be able to modify the schema for this forest.

    Domain Naming: You will no longer be able to add or remove domains from this forest.

    PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.

    RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.

    Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed


    Marco
    Monday, January 4, 2010 11:23 AM

Answers

  • Marco,
    run the script listed in http://support.microsoft.com/kb/949257 to transfer the fSMORoleOwner to an existing domain controller...

    hth
    Marcin
    Monday, January 4, 2010 12:17 PM
  • What's the status fo dc01.be-ta.it? Assuming that this is a DC that no longer exists, make sure to clean up all references to it as described in http://support.microsoft.com/kb/555846 and rerun the script afterwards...

    hth
    Marcin

    Monday, January 4, 2010 1:45 PM
  • Can you post the output of
    dsquery * CN=Infrastructure,DC=DomainDnsZones,DC=be-ta,DC=it -attr fSMORoleOwner

    hth
    Marcin
    Monday, January 4, 2010 3:00 PM
  • Microsoft Windows [Version 6.1.7600]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\>dsquery * CN=Infrastructure,DC=DomainDnsZones,DC=be-ta,DC=it -attr
     fSMORoleOwner
      fSMORoleOwner

      CN=NTDS Settings\0ADEL:89e7d700-1f29-4d7a-8492-2fa9e8b63d15,CN=DC-01\0ADEL:b30
    39a7d-50b1-482b-bb23-89ab82005847,CN=Servers,CN=Nome-predefinito-primo-sito,CN=S
    ites,CN=Configuration,DC=be-ta,DC=it

    Il point to the old server dc-01 not to the new one


    Marco
    Monday, January 4, 2010 4:51 PM

All replies

  • Hi,

    Try this : dcpromo /forceremoval
    More details here in this kb http://support.microsoft.com/kb/914032
    Regards from www.windowsadmin.info  [If this answer helps you to resolve the issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. This will help others to find the answers faster]
    Monday, January 4, 2010 11:31 AM
  • Marco,
    run the script listed in http://support.microsoft.com/kb/949257 to transfer the fSMORoleOwner to an existing domain controller...

    hth
    Marcin
    Monday, January 4, 2010 12:17 PM
  • Hi marcin already done.
    The script run succesfuly and seams so doint to the right domain controller dc01.
    but same error on dcpromo.

    i sen more informations
    The operation failed because:

    Active Directory Domain Services could not transfer the remaining data in directory partition DC=DomainDnsZones,DC=be-ta,DC=it to
    Active Directory Domain Controller \\dc01.be-ta.it.

    "The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles."


    Marco
    Monday, January 4, 2010 1:30 PM
  • What's the status fo dc01.be-ta.it? Assuming that this is a DC that no longer exists, make sure to clean up all references to it as described in http://support.microsoft.com/kb/555846 and rerun the script afterwards...

    hth
    Marcin

    Monday, January 4, 2010 1:45 PM
  • DC01 exist and hold fsmo roles dc-01 do not exist anymore.
    Dcdiag ok
    netdom  query fsmo retourn dc01 for all roles on.
    Marco
    Monday, January 4, 2010 2:12 PM
  • Marco,

    If DC01 is up and running and it holds all FSMO roles, why don't you downgrade dc-01 by using /forceremoval key as recommended by ManU PhiliP?

    What I would do in your situation, I would power down the dc-01 and see if DC01 is working fine and is serving all client requests properly. If everything is fine, I would just /forceremoval the dc-01.

    Or, if you are still having any problem, just SEIZE the roles and delete all references to dc-01 using NTDSUTIL as recommended by Marchin.

    Here is a good guide on seizing the roles:

    http://www.petri.co.il/seizing_fsmo_roles.htm



    сила в справедливости
    Monday, January 4, 2010 2:29 PM
  • This is the situation.

    dc-01 do not exist anymore. dcpromo demote ok.
    dc01 is a gc and hold all fsmo role.
    test in a second domain controller.
    I run dcpromo on test to demote and errors occured.

    already done metafata cleanup dor dc-01
    already done seize role on dc01

    error always the same
    Marco
    Monday, January 4, 2010 2:55 PM
  • Can you post the output of
    dsquery * CN=Infrastructure,DC=DomainDnsZones,DC=be-ta,DC=it -attr fSMORoleOwner

    hth
    Marcin
    Monday, January 4, 2010 3:00 PM
  • Microsoft Windows [Version 6.1.7600]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\>dsquery * CN=Infrastructure,DC=DomainDnsZones,DC=be-ta,DC=it -attr
     fSMORoleOwner
      fSMORoleOwner

      CN=NTDS Settings\0ADEL:89e7d700-1f29-4d7a-8492-2fa9e8b63d15,CN=DC-01\0ADEL:b30
    39a7d-50b1-482b-bb23-89ab82005847,CN=Servers,CN=Nome-predefinito-primo-sito,CN=S
    ites,CN=Configuration,DC=be-ta,DC=it

    Il point to the old server dc-01 not to the new one


    Marco
    Monday, January 4, 2010 4:51 PM
  • Proble fixed.
    I run fsmo script for foresdnszone and it fix it. 
    Thank's 
    Marco 
    Marco
    Monday, January 4, 2010 4:59 PM
  • You mentioned "fsmo script for forestdnszone". Can you be more specific? Where did you find it? I am having your same problem.

    Thanks,

    Raymond

    Thursday, April 5, 2012 5:32 PM
  • FYI to everyone out there.

    i had the exact same error about not being able to transfer the remaining data and it was not caused by any of the above.  The whole problem was that I didn't have the domaindnszone and forestdnszone DNS SRV records in my DNS.  The FSMO was properly set to the only would-be remaining DC and I still couldn't remove the secondary DC.  Only after turning on allow dynamic updates on the DNS zone for the domain did the SRV records finally recreate (after rebooting both DC's mind you), and then the dcpromo demotion would complete.

    I searched high and low for this and found no one with the same EXACT problem - just the same symptoms.  It wasn't until I saw someone somewhere say something about having a dns partition IN DNS and then I started thinking, hmmm, I wonder if there is supposed to be some SRV records to denote which servers carry copies of the partitions.  VOILA!

    Anywho....

    • Proposed as answer by ToddZillaGR Monday, March 10, 2014 3:04 PM
    Thursday, March 14, 2013 2:38 AM
  • Hi,

    The script don´t work for me... I have to do this:

    http://www.more2know.nl/tag/fsmoroleowner/

    After that I run dcpromo and remove a DC.

    Monday, April 29, 2013 7:48 PM
  • It Works.

    Tks


    Rodrigo Pereira Pires Microsoft Certified Trainer Network Masters

    Friday, August 2, 2013 5:52 PM
  • i dont see anything point for a server name in this script so do i have to change anything in this script to suite my Domain?


    Wednesday, September 11, 2013 1:23 PM
  • You mentioned "fsmo script for forestdnszone". Can you be more specific? Where did you find it? I am having your same problem.

    Thanks,

    Raymond

    I know it's a little late, but I just had the same problem and this is how i fixed it:

    Run at an elevated command prompt, on the DC you want to maintain:

    cscript fix_fsmo.vbs DC=DomainDnsZones,DC=gpb,DC=local

    and then

    cscript fix_fsmo.vbs DC=ForestDnsZones,DC=gpb,DC=local

    using the script fix_fsmo from http://support.microsoft.com/kb/949257/en-us

    For the record, I believe Marco's post meant the second command I used.

    Wednesday, November 13, 2013 12:41 PM
  • i dont see anything point for a server name in this script so do i have to change anything in this script to suite my Domain?


    There's no need to change the script. Just run it on the DC that you want to receive the domain/forest fsmo ownership roles.
    Wednesday, November 13, 2013 1:22 PM