Transferring FSMO roles problem
Hello AD experts.
I recently checked the schema on our primary domain controller within mmc and found that when I right click Active Directory Schema>Operations master that there was an error. In the box where the current schema master should have been listed was blank, and the box underneath had 'ERROR' in it and said that the schema master was offline.
I transfered the schema master and domain naming master roles manually, and when I went back into the mmc there was an entry for the schema master and it was reporting a status of online.
I rebooted the server after close of businees, and checked again, the server has reverted back to an error status. I have 2 domain controllers. The server that should be the schema master and domain naming master is also the RID/PDC and GC. The other DC is the infrastructure master. The rid/pdc/infrastructure roles when checked in AD all seem OK. If anyone can help with my missing schema master that'd be great.
I recently checked the schema on our primary domain controller within mmc and found that when I right click Active Directory Schema>Operations master that there was an error. In the box where the current schema master should have been listed was blank, and the box underneath had 'ERROR' in it and said that the schema master was offline.
I transfered the schema master and domain naming master roles manually, and when I went back into the mmc there was an entry for the schema master and it was reporting a status of online.
I rebooted the server after close of businees, and checked again, the server has reverted back to an error status. I have 2 domain controllers. The server that should be the schema master and domain naming master is also the RID/PDC and GC. The other DC is the infrastructure master. The rid/pdc/infrastructure roles when checked in AD all seem OK. If anyone can help with my missing schema master that'd be great.
ASKER
If the role is transferrable it can't be seized. If you run ntdsutil and issue seize schema master or seize domain naming master you get a message saying serverx knows about
ASKER
Sorry, I'll finish my repl properly this time!
If the role is transferrable it can't be seized. If you run ntdsutil and issue seize schema master or seize domain naming master you get a message saying serverx knows about 5 roles and that the seizure was not required, the role was transferred successfully. I agree that the role needs to be seized, but ntdsutil seems to think its transferrable?
Any ideas
If the role is transferrable it can't be seized. If you run ntdsutil and issue seize schema master or seize domain naming master you get a message saying serverx knows about 5 roles and that the seizure was not required, the role was transferred successfully. I agree that the role needs to be seized, but ntdsutil seems to think its transferrable?
Any ideas
I've had to seize roles when I've lost a DC, but I agree, this is very different. Just to make sure I'm understanding the situation......you only have 2 DCs? on the one hand, you're getting an error message that the SMaster is missing, yet ntdsutil shows it exists?
I haven't come across this before....will see if I can come up with some research references you havn't found yet......hope this doesn't turn into the $200 MS call... :-)
One thing.....and this is a long shot........you should be able to tranfer the role, just with Enterprise admin powers......domain admin if your domain is the forest root..........but, have you tried redoing the transfer with an account that's in the schema admins group?
I haven't come across this before....will see if I can come up with some research references you havn't found yet......hope this doesn't turn into the $200 MS call... :-)
One thing.....and this is a long shot........you should be able to tranfer the role, just with Enterprise admin powers......domain admin if your domain is the forest root..........but, have you tried redoing the transfer with an account that's in the schema admins group?
ASKER
Thanks for the reply.
This is a small single domain environment. 2 domain conrtollers. The primary dc is the rid/pdc/gc and according to ntdsutil the schema master and domain naming master. The other dc is the infrastructure master.
Yes, when I registered schmmgmt.dll and ran mmc, active directory schema snapin shows an error, but ntdsutil shows that the schema master exists. I will try redoing with an account in the scema admin group. Perhaps, based on the fact that ntdsutil is showing the roles I should maybe not be too worried??
This is a small single domain environment. 2 domain conrtollers. The primary dc is the rid/pdc/gc and according to ntdsutil the schema master and domain naming master. The other dc is the infrastructure master.
Yes, when I registered schmmgmt.dll and ran mmc, active directory schema snapin shows an error, but ntdsutil shows that the schema master exists. I will try redoing with an account in the scema admin group. Perhaps, based on the fact that ntdsutil is showing the roles I should maybe not be too worried??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Exactly, I'm not seeing any adverse problems with AD, it'd just be nice to know why in the MMC it is coming up with an error, but ntdsutil is reporting all is well in the land of AD.
Question answered
ASKER
I am awarding JConchie the points based on the fact that he removed my fear of pending doom with reference to the error in the MMC. I would still like to know why I am seeing this error in the mmc and not in ntdsutil (I have checked on other clients of ours and a few of them have the same error) but that wasn't the reason the q was posted originally.
I had the same issue with my schema, PDC, and Infrastructure. This happened after I tried to move an aging domain controller out of a network. When I went into the AD users and computers and connected to the same domain controller I was logged into and checked the operations master again they all have the correct server in the operations master block.
In AD U&C, right click on domain and hit Connec to Domain Controller and select the domain controller that you have FSMO roles on. I'm sure you know how do to all this though.
In AD U&C, right click on domain and hit Connec to Domain Controller and select the domain controller that you have FSMO roles on. I'm sure you know how do to all this though.
Choose Run from the Start menu or open a commandline shell, and run the program ntdsutil . Within ntdsutil you will issue a series of commands:
Type "roles"
At fsmo maintenance:, type "connections"
At server connenctions:, type "connect to server serverX@yourdomain.com", that is, the FQDN of the DC you want to take over the role.
At server connenctions:, type "quit"
At fsmo maintenance:, type seize "schema master"
At ntdsutil, type "quit"