Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZ

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

if you do a :

NETDOM QUERY FSMO

do all the DCs listed still exist in your environment?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"dimsdale_007" <dimsdale007@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:DF6CDD8B-A0DD-4CE6-BAE7-28DCFB3E66AD@xxxxxxxxxxxxxxxx
This didn't work either. The script comes back with "(20, 5) (null): The
specified domain either does not exist or could not be contacted."

So I ran netdom query /domain /verify and 1 of the 6 domain controllers
which currently holds the RID & PDC roles comes up with this for status
"ERROR! (the specified domain either does not exist or could not be
contacted.) The other 5 DC's pull back the domain status correctly.

I also tried to seize the role, and an error came back saying role seizure
not necessary.

Any other ideas?

"Jorge de Almeida Pinto [MVP - DS]" wrote:

glad to help out

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"dimsdale_007" <dimsdale007@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:771E3D87-FDAD-47E8-BAA6-06499B696B88@xxxxxxxxxxxxxxxx
> Just a reference in my original problem statement, ADSIEDIT gave me an
> error
> "The role owner attribute could not be read.".
>
> I had to put in a change management ticket before I could make the > change,
> I
> will try the script 1st, if that fails I'll try to seize the role on > DC3,
> if
> both fail, I'll try to seize/transfer the role to DC4. If it works
> tonight,
> I'll give you guys an update.
>
> Thanks for the help from everyone BTW!!
>
> "Jorge de Almeida Pinto [MVP - DS]" wrote:
>
>> just get the DN of the NTDS Settings object of the CURRENT INFRA FSMO >> for
>> the AD domain and specify that as the INFRA FSMO for both >> DOmainDNSZones
>> and
>> ForestDNSZones. Use either LDP or ADsiedit
>>
>> OR....
>>
>> use the script specified in: http://support.microsoft.com/kb/949257
>>
>>
>> -- >>
>> Cheers,
>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>
>> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services >> #
>>
>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>> ------------------------------------------------------------------------------------------
>> * This posting is provided "AS IS" with no warranties and confers no
>> rights!
>> * Always test ANY suggestion in a test environment before >> implementing!
>> ------------------------------------------------------------------------------------------
>> #################################################
>> #################################################
>> ------------------------------------------------------------------------------------------
>>
>> "dimsdale_007" <dimsdale007@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in >> message
>> news:EB38DF7C-E32A-43BF-A553-9CB781A58CFD@xxxxxxxxxxxxxxxx
>> > I've ran around and around, google'd until my eyes are bleeding, I
>> > really
>> > hope someone here can help.
>> >
>> > Basically this forum
>> > "http://www.mombu.com/microsoft/mom-general-discussion/t-mom-2005-alert-and-event-562604.html";
>> > pretty much shows my issue in detail. But like the last person who
>> > posted
>> > on
>> > the forum, I too keep getting the message "The role owner attribute
>> > could
>> > not
>> > be read." when i try to change the fSMORoleOwner attribute using
>> > ADSIEDIT.
>> >
>> > In case you don't want to read the forum, basically, the >> > FSMORoleOwner
>> > is
>> > showing "CN=NTDS
>> > Settings\0ADEL:9e2f14ec-9e95-4f07-bf7c-1a862a4ed8d6,CN=OLDSERVERNAME\0ADEL:27e107a1-3085-4e72-a7bc-80f05e4769ca,CN=Servers,CN=Default,CN=Sites,CN=Configuration,DC=Company_Name,DC=com"
>> >
>> > I'm getting MOM alerts "The script 'AD Replication Monitoring'
>> > encountered
>> > a
>> > runtime error. Failed to obtain the InfrastructureMaster using a >> > well
>> > known
>> > GUID.
>> > The error returned was: 'Failed to get the 'fSMORoleOwner' attribute
>> > from
>> > the object
>> > 'LDAP://DomainController1.company.com/<WKGUID=2fbac1870ade11d297c400c04fd8d5cd,DC=DomainDnsZones,DC=Company_Name,DC=com>'.
>> > The error returned was: 'There is no such object on the server.'
>> > (0x80072030)' (0x80072030)"
>> >
>> > When I look in ADUC, it shows that DomainController3 is the
>> > Infrastructure
>> > Master, but the DomainDNSZones & ForestDNSZones are incorrect, and
>> > displays
>> > the GUID of an older server. I'm assumnig someone before me just >> > took
>> > the
>> > old Infrastructure Master offline, decommissioned it, DC3 seized the
>> > role,
>> > now AD is boogered up.
>> >
>> > Does anyone have any ideas?
>>
>>

.

Relevant Pages

  • Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZ
    ... all dc's are current & actually show up correctly with FSMO roles. ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... Always test ANY suggestion in a test environment before implementing! ...
    (microsoft.public.windows.server.active_directory)
  • Re: Adprep /rodcprep error message
    ... the NTDSUTIL command, for seizing, only takes care of the domain and forest FSMOs, not the app NC Infrastructure "FSMO" ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... Always test ANY suggestion in a test environment before implementing! ... >>>> the infrastructure master of the domain NC to the app NC ASSUMING ...
    (microsoft.public.windows.server.active_directory)
  • Re: upgrading or changing a domain from Windows 2000 Chinese to 2003 English.
    ... year old dell server PDC does not fail. ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... Always test ANY suggestion in a test environment before implementing! ...
    (microsoft.public.win2000.security)
  • Re: Moving DC to sub-OU of Domain Controllers OU unsupported?
    ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... * This posting is provided "AS IS" with no warranties and confers no rights! ... Always test ANY suggestion in a test environment before implementing! ...
    (microsoft.public.windows.server.active_directory)
  • Re: FSMO Role Seizures for DR Testing?
    ... until now I have heart two DR scenarios ... your main site dies where the FSMO are located and you to relocate to ... test environment before even thinking about trying in production... ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ...
    (microsoft.public.windows.server.active_directory)