Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZ

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Yes, all dc's are current & actually show up correctly with FSMO roles.


"Jorge de Almeida Pinto [MVP - DS]" wrote:

if you do a :

NETDOM QUERY FSMO

do all the DCs listed still exist in your environment?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"dimsdale_007" <dimsdale007@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DF6CDD8B-A0DD-4CE6-BAE7-28DCFB3E66AD@xxxxxxxxxxxxxxxx
This didn't work either. The script comes back with "(20, 5) (null): The
specified domain either does not exist or could not be contacted."

So I ran netdom query /domain /verify and 1 of the 6 domain controllers
which currently holds the RID & PDC roles comes up with this for status
"ERROR! (the specified domain either does not exist or could not be
contacted.) The other 5 DC's pull back the domain status correctly.

I also tried to seize the role, and an error came back saying role seizure
not necessary.

Any other ideas?

"Jorge de Almeida Pinto [MVP - DS]" wrote:

glad to help out

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"dimsdale_007" <dimsdale007@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:771E3D87-FDAD-47E8-BAA6-06499B696B88@xxxxxxxxxxxxxxxx
Just a reference in my original problem statement, ADSIEDIT gave me an
error
"The role owner attribute could not be read.".

I had to put in a change management ticket before I could make the
change,
I
will try the script 1st, if that fails I'll try to seize the role on
DC3,
if
both fail, I'll try to seize/transfer the role to DC4. If it works
tonight,
I'll give you guys an update.

Thanks for the help from everyone BTW!!

"Jorge de Almeida Pinto [MVP - DS]" wrote:

just get the DN of the NTDS Settings object of the CURRENT INFRA FSMO
for
the AD domain and specify that as the INFRA FSMO for both
DOmainDNSZones
and
ForestDNSZones. Use either LDP or ADsiedit

OR....

use the script specified in: http://support.microsoft.com/kb/949257


--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services
#

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test ANY suggestion in a test environment before
implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"dimsdale_007" <dimsdale007@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:EB38DF7C-E32A-43BF-A553-9CB781A58CFD@xxxxxxxxxxxxxxxx
I've ran around and around, google'd until my eyes are bleeding, I
really
hope someone here can help.

Basically this forum
"http://www.mombu.com/microsoft/mom-general-discussion/t-mom-2005-alert-and-event-562604.html";
pretty much shows my issue in detail. But like the last person who
posted
on
the forum, I too keep getting the message "The role owner attribute
could
not
be read." when i try to change the fSMORoleOwner attribute using
ADSIEDIT.

In case you don't want to read the forum, basically, the
FSMORoleOwner
is
showing "CN=NTDS
Settings\0ADEL:9e2f14ec-9e95-4f07-bf7c-1a862a4ed8d6,CN=OLDSERVERNAME\0ADEL:27e107a1-3085-4e72-a7bc-80f05e4769ca,CN=Servers,CN=Default,CN=Sites,CN=Configuration,DC=Company_Name,DC=com"

I'm getting MOM alerts "The script 'AD Replication Monitoring'
encountered
a
runtime error. Failed to obtain the InfrastructureMaster using a
well
known
GUID.
The error returned was: 'Failed to get the 'fSMORoleOwner' attribute
from
the object
'LDAP://DomainController1.company.com/<WKGUID=2fbac1870ade11d297c400c04fd8d5cd,DC=DomainDnsZones,DC=Company_Name,DC=com>'.
The error returned was: 'There is no such object on the server.'
(0x80072030)' (0x80072030)"

When I look in ADUC, it shows that DomainController3 is the
Infrastructure
Master, but the DomainDNSZones & ForestDNSZones are incorrect, and
displays
the GUID of an older server. I'm assumnig someone before me just
took
the
old Infrastructure Master offline, decommissioned it, DC3 seized the
role,
now AD is boogered up.

Does anyone have any ideas?




.

Relevant Pages

  • Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZ
    ... NETDOM QUERY FSMO ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... Always test ANY suggestion in a test environment before implementing! ...
    (microsoft.public.windows.server.active_directory)
  • Re: Adprep /rodcprep error message
    ... the NTDSUTIL command, for seizing, only takes care of the domain and forest FSMOs, not the app NC Infrastructure "FSMO" ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... Always test ANY suggestion in a test environment before implementing! ... >>>> the infrastructure master of the domain NC to the app NC ASSUMING ...
    (microsoft.public.windows.server.active_directory)
  • Re: upgrading or changing a domain from Windows 2000 Chinese to 2003 English.
    ... year old dell server PDC does not fail. ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... Always test ANY suggestion in a test environment before implementing! ...
    (microsoft.public.win2000.security)
  • Re: Moving DC to sub-OU of Domain Controllers OU unsupported?
    ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... * This posting is provided "AS IS" with no warranties and confers no rights! ... Always test ANY suggestion in a test environment before implementing! ...
    (microsoft.public.windows.server.active_directory)
  • Re: FSMO Role Seizures for DR Testing?
    ... until now I have heart two DR scenarios ... your main site dies where the FSMO are located and you to relocate to ... test environment before even thinking about trying in production... ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ...
    (microsoft.public.windows.server.active_directory)