Thanks. I'd seen that link, and also: http://networkadminkb.com/KB/a350/how-to-fix-unable-to-determine-ownership-floating-single.aspx
And was able to find the corrupted entry. That first link says to also do the same for the ForestDnsZones, but I am doing a child domain, so there is a different Infrastructure Master for the parent and for the child. I will try demoting that in a little bit, and report back ... On Mon, Apr 6, 2015 at 4:08 PM, Dave Lum <[email protected]> wrote: > Similarly: > http://blog.mpecsinc.ca/2011/03/ad-ds-operation-failed-directory.html > > > > Dave > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Joe Tinney > *Sent:* Monday, April 06, 2015 12:47 PM > *To:* [email protected] > *Subject:* Re: [NTSysADM] DCPROMO demote failing > > > > I ran into a similar situation and this did the trick : > http://blogs.technet.com/b/the_9z_by_chris_davis/archive/2011/12/20/forestdnszones-or-domaindnszones-fsmo-says-the-role-owner-attribute-could-not-be-read.aspx > > Ran the VBScript and was good to go. > > On Apr 6, 2015 3:06 PM, "Michael Leone" <[email protected]> wrote: > > I am in the process of testing my new cloned domain, and all was going > OK. I cleaned up eveything, removing all non-existent DCs; everything > passed all repadmin, dcdiag and dnslint tests. > > > > So I added a new Win2012 R2 DC to the parent domain; went fine. Demoted > the Win2008 R2 DC there (leaving only the Win2012 R2 DC); that went fine. > Added a Win2012 R2 DC to the child domain; that went fine. All dcdiag, > repadmin, dnslint tests pass fine. > > > > Trying to demote the Win2008 R2 DC in the child, and that's where I am > getting: > > > > ----- > > Operation failed because AD DS could not transfer the remaining data in > directory partition DC=DomainDnsZones, DC=<etc> to AD DC > \\<Win2012R2-DC.<child>.<domain> > > > > "The directory service is missing mandatory configuration information, and > is unable to determine the ownership of floating single-master operation > roles." > > ----- > > > > I know it knows where the FSMO roles are, because I checked that before > trying to demote it. All the roles were held by the other DC (the Win2012 > R2 DC). > > > > The DCPROMO.LOG says: > > > > Ownership of the following FSMO role is set to a server which is deleted > or does not exist. > > FSMO Role: CN=Infrastructure,DC=DomainDnsZones,DC=<etc> > > FSMO Server DN: CN=NTDS Settings\0ADEL:<GUID>,CN=<name of previously > removed DC>\0aDEL:<different GUID> > > > > Here's the weird thing: NETDOM QUERY FSMO shows the correct Infrastructure > master (the Win2012 R2 DC). I also see it via the GUI in ADUC. So something > buried somewhere deep thinks that one of the removed DCs still holds this > role, even tho most everything else thinks the correct DC has it. > > > > So how do I fix this? > > (these are all testing upgrading my domains from Win2008 R2 to Win2012 R2. > I can upgrade the domain/forect level until I get rid of the Win2008 R2 > DCs. This is all being done on my isolated network) > > > > The log suggests manually transferring the roles (which I did before > starting the demotion). I did a manual "Replication Now" from Sites and > Services, and "repadmin /replsummary" shows no failures. > > > > So where do I go from here? > > Attention: Information contained in this message and or attachments is > intended only for the recipient(s) named above and may contain confidential > and or privileged material that is protected under State or Federal law. If > you are not the intended recipient, any disclosure, copying, distribution > or action taken on it is prohibited. If you believe you have received this > email in error, please contact the sender, delete this email and destroy > all copies. >
