Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZ

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

I'm not sure how much havok switching to non-AD DNS would cause, this domain
has nearly 2000 DNS entries.

As for the KB Article, that's what I used before, I mentioned below that the
servers aren't showing up in the NTDSUTIL when I connect to the domain and do
the list servers. It's a situation where I see things wrong, but all roads
to fix them have a block at the end.

Since DomainController3 is showing up as the Infrastructure Master in ADUC,
but NOT in the DC=Infrastructure Master setting in ADSIEDIT, would it hurt
anything to attempt to seize the role from DomainController3? Another
option, do you think transferring the role to another Domain Controller would
clear up the issues in this environment? The goal here is to be able to get
the fSMORoleOwner correct in the "CN=Infrastructure" object



"Marcin" wrote:

Have you considered performing DNS cleanup by switching it to non-AD
integrated format, removing the default application partitions using
ntdsutil, and reverting back to the orginal configuration afterwards?
As far as metadata cleanup is concerned, follow the MS KB article that Paul
has provided in his response (http://support.microsoft.com/kb/216498), which
includes a reference to the item you mentioned below...

hth
Marcin

"dimsdale_007" <dimsdale007@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:63A6A514-92EC-4083-9DA7-17A4D5853CC6@xxxxxxxxxxxxxxxx
From ADSIEDIT, if I connect to DomainDNSZones or ForestDNSZones, then
expand
down and click on DC=DomainDNSZones, DC=CompanyName,DC=com, then open up
CN=Infrastructure, then find fSMORoleOwner, is displays "CN=NTDS
Settings\0ADEL:9e2f14ec-9e95-4f07-bf7c-1a862a4ed8d6,CN=OLDSERVERNAME\0ADEL:27e107a1-3085-4e72-a7bc-80f05e4769ca,CN=Servers,CN=Default,CN=Sites,CN=Configuration,DC=Company_Name,DC=com"

When I try to replace it with the correct value of "CN=NTDS
Settings,CN=DomainController3,CN=Servers,CN=Default,CN=Sites,CN=Configuration,DC=Company_Name,DC=com"
I get the "The role owner attribute could not be read" message.

I haven't tried to seize the role yet, the reason is if I look at the
Operations Masters for the domain in ADUC, and click on the Infrastructure
tab, it's showing DomainController3 as the Infrastructure Master. Also in
ADSIEDIT, if I expand Domain, then click on DC=Company_Name,DC=com, and
open
up the CN=Infrastructure properties, the fSMORoleOwner in that particular
location shows the correct key "CN=NTDS
Settings,CN=DomainController3,CN=Servers,CN=Default,CN=Sites,CN=Configuration,DC=Company_Name,DC=com",
which is strange.

Also one more thing to note as a problem I ran frsdiag, and there are
other
servers showing up that shouldn't be. Basically, under ADSIEDIT, I expand
Domain, then DC=Company_Name,DC=com, then CN=System, then CN=File
Replication
Service, then CN=Domain System Volume (SYSVOL share), there's 6 servers
showing there that do no exist anymore. Is it OK to delete these out from
ADSIEDIT or is there another way it should be handled? I'm not sure why
none
of these servers are showing up when i try to do metedata cleanup.

Thanks,

"Marcin" wrote:

Can you clarify what you mean by "DomainDNSZones & ForestDNSZones are
incorrect, and displays the GUID of an older server"?
Also note that "seizing" of Opreation Master roles does not happen
automatically - as a matter of fact, as long as the previous
Infrastructure
Master role has been decommissioned prior to the role transfer, seizing
the
role would be the proper way to proceed. Btw - have you attempted to
seize
the role using the procedure described in
http://support.microsoft.com/kb/255504 (you can actually attempt to run
it
while connected to DomainController3)?

hth
Marcin

"dimsdale_007" <dimsdale007@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EB38DF7C-E32A-43BF-A553-9CB781A58CFD@xxxxxxxxxxxxxxxx
I've ran around and around, google'd until my eyes are bleeding, I
really
hope someone here can help.

Basically this forum
"http://www.mombu.com/microsoft/mom-general-discussion/t-mom-2005-alert-and-event-562604.html";
pretty much shows my issue in detail. But like the last person who
posted
on
the forum, I too keep getting the message "The role owner attribute
could
not
be read." when i try to change the fSMORoleOwner attribute using
ADSIEDIT.

In case you don't want to read the forum, basically, the FSMORoleOwner
is
showing "CN=NTDS
Settings\0ADEL:9e2f14ec-9e95-4f07-bf7c-1a862a4ed8d6,CN=OLDSERVERNAME\0ADEL:27e107a1-3085-4e72-a7bc-80f05e4769ca,CN=Servers,CN=Default,CN=Sites,CN=Configuration,DC=Company_Name,DC=com"

I'm getting MOM alerts "The script 'AD Replication Monitoring'
encountered
a
runtime error. Failed to obtain the InfrastructureMaster using a well
known
GUID.
The error returned was: 'Failed to get the 'fSMORoleOwner' attribute
from
the object
'LDAP://DomainController1.company.com/<WKGUID=2fbac1870ade11d297c400c04fd8d5cd,DC=DomainDnsZones,DC=Company_Name,DC=com>'.
The error returned was: 'There is no such object on the server.'
(0x80072030)' (0x80072030)"

When I look in ADUC, it shows that DomainController3 is the
Infrastructure
Master, but the DomainDNSZones & ForestDNSZones are incorrect, and
displays
the GUID of an older server. I'm assumnig someone before me just took
the
old Infrastructure Master offline, decommissioned it, DC3 seized the
role,
now AD is boogered up.

Does anyone have any ideas?






.

Relevant Pages

  • Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZ
    ... Operations Masters for the domain in ADUC, and click on the Infrastructure ... it's showing DomainController3 as the Infrastructure Master. ... servers showing up that shouldn't be. ... Also note that "seizing" of Opreation Master roles does not happen ...
    (microsoft.public.windows.server.active_directory)
  • Re: Active Directory FSMO, GC and Exchange Proper Setup
    ... If all the servers in the domain are global catalog then there is no need to ... Infrastructure Role Should not be on a GC server. ... Domain Naming Master ... All my app servers, exchange servers and users reside on DomainB. ...
    (microsoft.public.windows.server.active_directory)
  • Chuck, Help! File sharing network issue
    ... Master browser name is: KENSGATEWAY ... backup servers retrieved from master KENSGATEWAY ... Checking \\CAROLYNCOMPUTER...Unable to open Service Control Manager database ...
    (microsoft.public.windowsxp.network_web)
  • Re: Access to computer in network denied
    ... > Master browser name is: ... > 1 backup servers retrieved from master OFFICE ... > There are 2 servers in domain MSHOME on transport ...
    (microsoft.public.windowsxp.network_web)
  • Re: Cant see computer in Network Places
    ... I checked each computer of the eight that are servers they are ... Master browser name is: KEVINSVAIO ... There are 8 servers in domain HOME on transport ...
    (microsoft.public.windowsxp.network_web)