Re: Error convert applying security template
From: Tim Hines [MSFT] (timhines_at_online.microsoft.com)
Date: 08/13/04
- Next message: Tim Hines [MSFT]: "Re: where can i get .msi packages?"
- Previous message: Mark N.: "Re: Native mode? How can you tell?"
- In reply to: Resonate: "Error convert applying security template"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 13 Aug 2004 10:59:15 -0400
If you want to demote the DC you can perform a forceful demotion. The
following KB explains how.
332199 Using the DCPROMO /FORCEREMOVAL Command to Force the Demotion of
Active
http://support.microsoft.com/?id=332199
Be sure to perform a metadata cleanup after doing this and make sure that
the changes replicate out before reintroducing the DC to the domain
216498 How To Remove Data in Active Directory After an Unsuccessful Domain
http://support.microsoft.com/?id=216498
If you prefer to troubleshoot the issue then I'm sure that you can obtain
assistance from the group.
-- -- Tim Hines, MCSE, MCSA Windows 2000 Directory Services ===================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ===================================================== This posting is provided "AS IS" with no warranties, and confers no rights. "Resonate" <resonate@jolt.co.uk> wrote in message news:J0TSc.628$q16.491@newsfe1-gui.ntli.net... > Following the advice of KB Q305837. I tried to apply the > security template as follows. > > secedit /configure /cfg basicdc.inf /db basicdc.sdb /log > basicdc.log /verbose > > The reply was: > > The data is invalid, the task completed with error. See > log file. > > The log stated: > > Error 13: The data is invalid. > Error convert %DSDIT%. > Error 13: The data is invalid. > Error convertting section File Security. > ----Configuration engine is initialized with error.---- > > ----Un-initialize configuration engine... > > All this occored when i screwed around with the C: file permissions to try > and lock down security. It seems I have screwed the SYSVOL security etc and > I belive this template replaces the file permissions. As I couldnt do it I > decided to try and demote the DC and re add it to the domain but it wont > even let me do that. > > I am not getting all them errors in that KB only these > > Event Type: Error > Event Source: NTDS General > Event Category: Global Catalog > Event ID: 1126 > User: Everyone > Description: Unable to establish connection with global catalog. > > Event Type: Warning > Event Source: NTDS General > Event Category: Global Catalog > Event ID: 1655 > Description: The attempt to communicate with global catalog > \\computername.SoftwareManager.TheSoftwareManager.com failed with the > following status: > > Access is denied. > > The operation in progress might be unable to continue. The directory service > will use the locator to try to find an available global catalog server for > the next operation that requires one. > > In my infinate wisdom i manually removed Everyone from the whole of C: on > this DC as a security measure lol. > > I have since before your recommendation to the contrary forced down > everyone>full control on the whole of C drive in a hope to get replication > going again but no joy. > > > I would be happy to demote the DC and start again but it simply wont let me. > > Error The Directory Service was unable to transfer the domain wide FSMO > roles to another domain controller in the domain. > > Can anyone help please! My DC's are not replicating :( > > > > > >
- Next message: Tim Hines [MSFT]: "Re: where can i get .msi packages?"
- Previous message: Mark N.: "Re: Native mode? How can you tell?"
- In reply to: Resonate: "Error convert applying security template"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
