I’d be willing to post it on my blog also.
Regards, Hank Arnold Microsoft MVP - Consumer Security My Blog: <http://it.toolbox.com/blogs/personal-pc-assistant/> http://it.toolbox.com/blogs/personal-pc-assistant/ Twitter: @Hank_PCDoc Facebook: <https://www.facebook.com/hank.arnold.96> https://www.facebook.com/hank.arnold.96 From: [email protected] [mailto:[email protected]] On Behalf Of Webster Sent: Tuesday, April 7, 2015 9:21 AM To: [email protected] Subject: RE: [NTSysADM] DCPROMO demote failing Now you just to write all this up and create a blog article on your process. You are welcome to put it on my site if you wish. Thanks Webster From: [email protected] <mailto:[email protected]> [mailto:[email protected]] On Behalf Of Michael Leone Sent: Tuesday, April 07, 2015 8:15 AM To: [email protected] <mailto:[email protected]> Subject: Re: [NTSysADM] DCPROMO demote failing OK! That seemed to work. I did have to force a replication in Sites and Services. In Sites and Services, I did have to remove the now demoted Win2008 R2 DC (as expected). Now the Site has only 2 servers - 1 parent DC, 1 child DC. However, in the NTDS Settings of the parent DC, I did see an entry that say says <Win2008 R2 DC>\DEL:<guid>". Once I told it to replicate, it did go away. DCDIAG is showing some eventID 0xC0000583 errors - failed to construct an SPN - on the parent DC. I'm hoping those are just transitory ... I will keep an eye on it, but I *think* it's all OK now. On Tue, Apr 7, 2015 at 8:29 AM, Michael Leone <[email protected] <mailto:[email protected]> > wrote: Thanks. I'd seen that link, and also: http://networkadminkb.com/KB/a350/how-to-fix-unable-to-determine-ownership-floating-single.aspx And was able to find the corrupted entry. That first link says to also do the same for the ForestDnsZones, but I am doing a child domain, so there is a different Infrastructure Master for the parent and for the child. I will try demoting that in a little bit, and report back ... On Mon, Apr 6, 2015 at 4:08 PM, Dave Lum <[email protected] <mailto:[email protected]> > wrote: Similarly: http://blog.mpecsinc.ca/2011/03/ad-ds-operation-failed-directory.html Dave From: [email protected] <mailto:[email protected]> [mailto:[email protected] <mailto:[email protected]> ] On Behalf Of Joe Tinney Sent: Monday, April 06, 2015 12:47 PM To: [email protected] <mailto:[email protected]> Subject: Re: [NTSysADM] DCPROMO demote failing I ran into a similar situation and this did the trick : http://blogs.technet.com/b/the_9z_by_chris_davis/archive/2011/12/20/forestdnszones-or-domaindnszones-fsmo-says-the-role-owner-attribute-could-not-be-read.aspx Ran the VBScript and was good to go. On Apr 6, 2015 3:06 PM, "Michael Leone" <[email protected] <mailto:[email protected]> > wrote: I am in the process of testing my new cloned domain, and all was going OK. I cleaned up eveything, removing all non-existent DCs; everything passed all repadmin, dcdiag and dnslint tests. So I added a new Win2012 R2 DC to the parent domain; went fine. Demoted the Win2008 R2 DC there (leaving only the Win2012 R2 DC); that went fine. Added a Win2012 R2 DC to the child domain; that went fine. All dcdiag, repadmin, dnslint tests pass fine. Trying to demote the Win2008 R2 DC in the child, and that's where I am getting: ----- Operation failed because AD DS could not transfer the remaining data in directory partition DC=DomainDnsZones, DC=<etc> to AD DC \\ <file:///\\%3cWin2012R2-DC.%3cchild%3e.%3cdomain> <Win2012R2-DC.<child>.<domain> "The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles." ----- I know it knows where the FSMO roles are, because I checked that before trying to demote it. All the roles were held by the other DC (the Win2012 R2 DC). The DCPROMO.LOG says: Ownership of the following FSMO role is set to a server which is deleted or does not exist. FSMO Role: CN=Infrastructure,DC=DomainDnsZones,DC=<etc> FSMO Server DN: CN=NTDS Settings\0ADEL:<GUID>,CN=<name of previously removed DC>\0aDEL:<different GUID> Here's the weird thing: NETDOM QUERY FSMO shows the correct Infrastructure master (the Win2012 R2 DC). I also see it via the GUI in ADUC. So something buried somewhere deep thinks that one of the removed DCs still holds this role, even tho most everything else thinks the correct DC has it. So how do I fix this? (these are all testing upgrading my domains from Win2008 R2 to Win2012 R2. I can upgrade the domain/forect level until I get rid of the Win2008 R2 DCs. This is all being done on my isolated network) The log suggests manually transferring the roles (which I did before starting the demotion). I did a manual "Replication Now" from Sites and Services, and "repadmin /replsummary" shows no failures. So where do I go from here? Attention: Information contained in this message and or attachments is intended only for the recipient(s) named above and may contain confidential and or privileged material that is protected under State or Federal law. If you are not the intended recipient, any disclosure, copying, distribution or action taken on it is prohibited. If you believe you have received this email in error, please contact the sender, delete this email and destroy all copies.
