Tagged: dcpromo 2008r2 fsmo
Dominus1701MemberNov 21, 2019 at 2:03 pm #624968
I’m trying to remove a 2008 R2 Domain Controller from my domain. I run through DCPROMO and it fails saying:
The operation failed because:
Active Directory Domain Services could not transfer the remaining data in directory partition DC=DomainDnsZones,DC=[domain],DC=local to
Active Directory Domain Controller \\red.[domain].local.
“The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.”
Looking at the event logs I get this bit of information:
EVENT ID: 2091
Ownership of the following FSMO role is set to a server which is deleted or does not exist.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: CN=Infrastructure,DC=DomainDnsZones,DC=[domain],DC=local
FSMO Server DN: CN=NTDS Settings\0ADEL:0484546d-5c60-4f08-9cfa-fa79b970d626,CN=CRIMSON\0ADEL:fbeda01d-bcde-4c8f-81f3-4da3e26e9044,CN=Servers,CN=Lexington,CN=Sites,CN=Configuration,DC=[domain],DC=local
“CRIMSON” is a very old Domain Controller that failed like 7 years ago. I did have to seize the FSMO roles when that happened – all of which are now being handled by a server called “RED”. I performed metadata cleanup (via NTDSUTIL) at that time too.
As you can see, the FMSO roles are being handled properly:
PS C:\Windows\system32> netdom query fsmo
Schema master red.[domain].local
Domain naming master red.[domain].local
RID pool manager red.[domain].local
Infrastructure master red.[domain].local
The command completed successfully.
The domain has been functioning properly since that time with NO issues at all. I’ve even added two additional domain controllers and added/removed countless member servers and workstations in that time.
Searching Google, I’ve checked things like bogus DNS records, seized the FSMO roles again (to the same server, so they actually “transferred” without issue), forced replication among my three DCs, and searched for things with ASDI Edit. Nothing I’ve tried is allowing me to see where remnants of CRIMSON are lingering in the Active Directory, so I can’t “clean” it out.
I’ve been tempted to use NTDSUTIL to “remove selected server….” with the DN supplied in the event logs, but I’m not wanting to nuke my Active Directory. So I’m here asking for other thigs look for and try so I can remove this machine and move on.
You must be logged in to reply to this topic.