Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZ

check out DNS configuration.

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"dimsdale_007" <dimsdale007@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:E4C33CAD-F30B-4204-9B60-E5A4888604B2@xxxxxxxxxxxxxxxx
Yes, all dc's are current & actually show up correctly with FSMO roles.


"Jorge de Almeida Pinto [MVP - DS]" wrote:

if you do a :

NETDOM QUERY FSMO

do all the DCs listed still exist in your environment?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"dimsdale_007" <dimsdale007@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DF6CDD8B-A0DD-4CE6-BAE7-28DCFB3E66AD@xxxxxxxxxxxxxxxx
> This didn't work either. The script comes back with "(20, 5) (null): > The
> specified domain either does not exist or could not be contacted."
>
> So I ran netdom query /domain /verify and 1 of the 6 domain controllers
> which currently holds the RID & PDC roles comes up with this for status
> "ERROR! (the specified domain either does not exist or could not be
> contacted.) The other 5 DC's pull back the domain status correctly.
>
> I also tried to seize the role, and an error came back saying role > seizure
> not necessary.
>
> Any other ideas?
>
> "Jorge de Almeida Pinto [MVP - DS]" wrote:
>
>> glad to help out
>>
>> -- >>
>> Cheers,
>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>
>> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services >> #
>>
>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>> ------------------------------------------------------------------------------------------
>> * This posting is provided "AS IS" with no warranties and confers no
>> rights!
>> * Always test ANY suggestion in a test environment before >> implementing!
>> ------------------------------------------------------------------------------------------
>> #################################################
>> #################################################
>> ------------------------------------------------------------------------------------------
>>
>> "dimsdale_007" <dimsdale007@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in >> message
>> news:771E3D87-FDAD-47E8-BAA6-06499B696B88@xxxxxxxxxxxxxxxx
>> > Just a reference in my original problem statement, ADSIEDIT gave me >> > an
>> > error
>> > "The role owner attribute could not be read.".
>> >
>> > I had to put in a change management ticket before I could make the
>> > change,
>> > I
>> > will try the script 1st, if that fails I'll try to seize the role on
>> > DC3,
>> > if
>> > both fail, I'll try to seize/transfer the role to DC4. If it works
>> > tonight,
>> > I'll give you guys an update.
>> >
>> > Thanks for the help from everyone BTW!!
>> >
>> > "Jorge de Almeida Pinto [MVP - DS]" wrote:
>> >
>> >> just get the DN of the NTDS Settings object of the CURRENT INFRA >> >> FSMO
>> >> for
>> >> the AD domain and specify that as the INFRA FSMO for both
>> >> DOmainDNSZones
>> >> and
>> >> ForestDNSZones. Use either LDP or ADsiedit
>> >>
>> >> OR....
>> >>
>> >> use the script specified in: http://support.microsoft.com/kb/949257
>> >>
>> >>
>> >> -- >> >>
>> >> Cheers,
>> >> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>> >>
>> >> # Jorge de Almeida Pinto # MVP Identity & Access - Directory >> >> Services
>> >> #
>> >>
>> >> BLOG (WEB-BASED)--> >> >> http://blogs.dirteam.com/blogs/jorge/default.aspx
>> >> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>> >> ------------------------------------------------------------------------------------------
>> >> * This posting is provided "AS IS" with no warranties and confers >> >> no
>> >> rights!
>> >> * Always test ANY suggestion in a test environment before
>> >> implementing!
>> >> ------------------------------------------------------------------------------------------
>> >> #################################################
>> >> #################################################
>> >> ------------------------------------------------------------------------------------------
>> >>
>> >> "dimsdale_007" <dimsdale007@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
>> >> message
>> >> news:EB38DF7C-E32A-43BF-A553-9CB781A58CFD@xxxxxxxxxxxxxxxx
>> >> > I've ran around and around, google'd until my eyes are bleeding, >> >> > I
>> >> > really
>> >> > hope someone here can help.
>> >> >
>> >> > Basically this forum
>> >> > "http://www.mombu.com/microsoft/mom-general-discussion/t-mom-2005-alert-and-event-562604.html";
>> >> > pretty much shows my issue in detail. But like the last person >> >> > who
>> >> > posted
>> >> > on
>> >> > the forum, I too keep getting the message "The role owner >> >> > attribute
>> >> > could
>> >> > not
>> >> > be read." when i try to change the fSMORoleOwner attribute using
>> >> > ADSIEDIT.
>> >> >
>> >> > In case you don't want to read the forum, basically, the
>> >> > FSMORoleOwner
>> >> > is
>> >> > showing "CN=NTDS
>> >> > Settings\0ADEL:9e2f14ec-9e95-4f07-bf7c-1a862a4ed8d6,CN=OLDSERVERNAME\0ADEL:27e107a1-3085-4e72-a7bc-80f05e4769ca,CN=Servers,CN=Default,CN=Sites,CN=Configuration,DC=Company_Name,DC=com"
>> >> >
>> >> > I'm getting MOM alerts "The script 'AD Replication Monitoring'
>> >> > encountered
>> >> > a
>> >> > runtime error. Failed to obtain the InfrastructureMaster using a
>> >> > well
>> >> > known
>> >> > GUID.
>> >> > The error returned was: 'Failed to get the 'fSMORoleOwner' >> >> > attribute
>> >> > from
>> >> > the object
>> >> > 'LDAP://DomainController1.company.com/<WKGUID=2fbac1870ade11d297c400c04fd8d5cd,DC=DomainDnsZones,DC=Company_Name,DC=com>'.
>> >> > The error returned was: 'There is no such object on the server.'
>> >> > (0x80072030)' (0x80072030)"
>> >> >
>> >> > When I look in ADUC, it shows that DomainController3 is the
>> >> > Infrastructure
>> >> > Master, but the DomainDNSZones & ForestDNSZones are incorrect, >> >> > and
>> >> > displays
>> >> > the GUID of an older server. I'm assumnig someone before me just
>> >> > took
>> >> > the
>> >> > old Infrastructure Master offline, decommissioned it, DC3 seized >> >> > the
>> >> > role,
>> >> > now AD is boogered up.
>> >> >
>> >> > Does anyone have any ideas?
>> >>
>> >>
>>

.

Relevant Pages

  • Re: Restrict users to logon on the particular computer
    ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... This posting is provided "AS IS" with no warranties, and confers no rights. ...
    (microsoft.public.win2000.active_directory)
  • Re: 2008 AD restore
    ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... * This posting is provided "AS IS" with no warranties and confers no rights! ... Always test ANY suggestion in a test environment before implementing! ... if you at any point in time are able to DISABLE inbound AD replication on a DC BEFORE the tombstone reaches that DC, then you can do an auth restore without the non-auth restore ...
    (microsoft.public.windows.server.active_directory)
  • Re: profilepath - User Profile
    ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... * This posting is provided "AS IS" with no warranties and confers no rights! ... roaming profiles and you can also have polices that exclude some folders from local vs. roaming profile. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Changing IP address of a given adapter (local)
    ... Volodymyr, blog: http://www.shcherbyna.com/ ... (This posting is provided "AS IS" with no warranties, ... I want to change IP address of a given adapter but a little confused. ...
    (microsoft.public.win32.programmer.networks)
  • Re: users password is going to expire - message.
    ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... * This posting is provided "AS IS" with no warranties and confers no rights! ...
    (microsoft.public.windows.server.active_directory)
Loading