Re: Adprep /rodcprep error message

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Jorge,

we have done all that below, server was in a static pool and all cleaned out
of DNS and scavenging is on......................and yet it still thinks its
there?

cheers
AM

"Jorge de Almeida Pinto [MVP - DS]" wrote:

this is what I expected...

even if you clean out the metadata the FSMO still need to be seized if the
DC for which you are cleaning the metadata has died like that
DNS entries need to be cleaned manually as stated by the KB article that
describes metadata cleanup. Because of stale DNS records I strongly suggest
to implement DNS Scavenging/Aging

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"AM" <AM@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4EC2602C-B1DA-43E5-A976-E9DE97B7C453@xxxxxxxxxxxxxxxx
Jorge,

will try all this thank you..

teh old DC just died all of a sudden, it was just a DC/GC at branch office
it did not hold any FSMO roles, so we are lost as to why its still showing
up, after it died it was manually taken out via metadata so it shoudl eb
gone.
any idea as to why the AD/DNS still thinsk its there?

cheers
AM

"Jorge de Almeida Pinto [MVP - DS]" wrote:

write the DN of the NTDS Settings object representing the DC that should
be
the infrastructure master of the app NC. In other words, copy the value
of
the infrastructure master of the domain NC to the app NC ASSUMING the DC
holding the domain infrastructure master also has a copy of that app NC,
meaning it also replicates to the DC, which then again means DNS must be
installed on that DC.

How to do it?

Use ADSIEDT.MSC or LDP


!!!!EXAMPLE!!!
fSMORoleOwner: CN=NTDS
Settings,CN=RFSRWDC2,CN=Servers,CN=DTCNTR01,CN=Sites,CN=Configuration,DC=ADCORP,DC=LAB


by the way, how was the old DC removed?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"AM" <AM@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CFF4F258-1917-4042-9AA0-68A0E483C211@xxxxxxxxxxxxxxxx
Hay Jorge,

what you are saying makes sense, but how do we 1. change it to be
looking
at
correct server and 2. check its not anywhere else?

cheers
AM

"Jorge de Almeida Pinto [MVP - DS]" wrote:

each domain and application partition has an infrastructure master
FSMO.
the
one you see in ADUC is for the domain NC and not for the DNS
application
NC

by the way NC = partition

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services
#

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test ANY suggestion in a test environment before
implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"AM" <AM@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:889B311F-867D-4F46-8E6E-DF39C5D85CAD@xxxxxxxxxxxxxxxx
Update!! we ahve found the issue, but now ahve more questions.
after running the
ldifde -f Infra_DomainDNSZones.ldf -d
"CN=Infrastructure,DC=DomainDnsZones,DC=contoso,DC=com" -l
fSMORoleOwner....command we see the Infrastructure FSMO role is
pointing
to a
very old 2003 server that died years ago. but under Active Directory
Users
and computer in the operations master Tab it tells us the current
server
is
the operations master...............why is this so?
anyone any ideas? we checked all this before we rang any Adprep
commands

cheers
AM


"AM" wrote:

when we run the Adprep /rodcprep on our 2003 server with all the
FMSO
roles,
we get an error, which the answer to fixc this is in here..
http://support.microsoft.com/kb/949257
but before we run any scripts on our AD we would like to know how
do
we
find
this rogue partition and how do we check the fSMORoleOwner
attributes
it
has
now

cheers
AM




.

Relevant Pages

  • Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZ
    ... any issues with the way DNS is configured either. ... Servers in the configs, etc. DC2 is also a DNS server, it's doesn't throw ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... Always test ANY suggestion in a test environment before implementing! ...
    (microsoft.public.windows.server.active_directory)
  • Re: 2k8 AD from 2k AD
    ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... Always test ANY suggestion in a test environment before implementing! ... ADPREP /DOMAINPREP /GPPREP ... > I'm going to add a W2K8 server to join the domain as a member server ...
    (microsoft.public.windows.server.active_directory)
  • Re: Adprep /rodcprep error message
    ... Server extended error code: 0x0, ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... Always test ANY suggestion in a test environment before implementing! ...
    (microsoft.public.windows.server.active_directory)
  • Re: Adprep /rodcprep error message
    ... the infrastructure master of the domain NC to the app NC ASSUMING the DC ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... Always test ANY suggestion in a test environment before implementing! ... very old 2003 server that died years ago. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Adprep /rodcprep error message
    ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... Always test ANY suggestion in a test environment before implementing! ... even if you clean out the metadata the FSMO still need to be seized if the ... Because of stale DNS records I strongly suggest ...
    (microsoft.public.windows.server.active_directory)