I didnt dcpromo my old server...oh.....

I put a new server into place, and when the old one was history I couldn't do a dcpromo to put it to a member server....so whenever I access the group policies in Active Directory Users and Computers I am getting the following:

The domain controller for Group Policy operations is not available. You may cancel this operation for this session or retry using one of the following domain controller choices:
The one with the Operations Master token for the PDC emulator.

Any idea...what I need to do to remove the old server from the farm?
Joshua DumasAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jon_godwinCommented:
you need to move those roles to your current server
0
Joshua DumasAuthor Commented:
and how is that done?
0
cfairleyCommented:
I am assuming that you only have two DCs, one old and one new.  When you open up ADUC, make sure that the very top line in the view pane reads "Active Directory Users and Computers [your new DC]".  If not, right click that line, select "Connect to Domain Controller" and select your new DC.  

Next, right-click the very top line again and select "All tasks" and then "Operations Masters".  Make sure that all the roles point to your new DC, change them if they are not.  If this does not work, the roles will have to be siezed using NTDSUTL and the old DC will have to be reinstalled if DCPROMO does not work.

Thanks,
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

jdeclueCommented:
Because the old server is no longer available you have to seize the roles to the existing server exactly as cfairley says. Here is the kb to get that done. If this works CREDIT cfairley please.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;255504
0
Joshua DumasAuthor Commented:
can I have some help with NTDSUTL - I hate to F*C* my domain up with a stupid command....
0
cfairleyCommented:
Before using ntdsutil, enable "File and Printer Sharing" and enable "TCP/IP NetBIOS Service".  Follow the brief directions in this link:  http://www.jsiinc.com/SUBN/tip6500/rh6590.htm

Then try to change the roles using ADUC.  If still unable, then use ntdsutil.  The link that jdeclue provided describes exactly how to use it.  Don't worry about damaging your domain with this command, it is harmless when you only have two DCs.  When you have more than two, you could possibly move a FSMO role to the wrong DC.
0
jdeclueCommented:
duemes, an update as to the status of your dcpromo, please.

J
0
Joshua DumasAuthor Commented:
This is what I get when I run seize domain naming master:

Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of domain naming FSMO failed, proceeding with seizure ...
Server "SERVERNAME" knows about 5 roles
Schema - CN=NTDS Settings,CN=SERVERNAME,CN=Servers,CN=Default-First-Site,CN=Sites
,CN=Configuration,DC=DOMAINNAME,DC=MYDOMAINNAME,DC=com
Domain - CN=NTDS Settings,CN=SERVERNAME,CN=Servers,CN=Default-First-Site,CN=Site
s,CN=Configuration,DC=DOMAINNAME,DC=MYDOMAINNAME,DC=com
PDC - CN=NTDS Settings,CN=SERVERNAME,CN=Servers,CN=Default-First-Site,CN=Sites,C
N=Configuration,DC=DOMAINNAME,DC=MYDOMAINNAME,DC=com
RID - CN=NTDS Settings,CN=SERVERNAME,CN=Servers,CN=Default-First-Site,CN=Sites,CN
=Configuration,DC=DOMAINNAME,DC=MYDOMAINNAME,DC=com
Infrastructure - CN=NTDS Settings,CN=SERVERNAME,CN=Servers,CN=Default-First-Site,
CN=Sites,CN=Configuration,DC=DOMAINNAME,DC=MYDOMAINNAME,DC=com
fsmo maintenance:

ANY IDEA?
0
Joshua DumasAuthor Commented:
Any ideas?
0
cfairleyCommented:
This happens when you seize a role from a DC that is not available.  If the previous owner of the FSMO role was available, then the message would read successful.  Notice that it still says "proceeding with seizure".  The list of roles shown above should tell you who is the correct owner of the role, it should say your new DC.

To check the roles:
ntdsutil
roles
select operation target
connections
connect to server "servername"
Q
list roles for connected server
0
Joshua DumasAuthor Commented:
it appears when I do the above steps it shows that the Schema, RID, & Infrastructure is with the old server...how do I get it to the new server????

The new server is doing:
Domain & PDC

Any ideas?
0
jdeclueCommented:
Here are the step by step instructions on removing the old Domain Controller in a MS knowledge Base Article, after you remove the Server object from Active Directory then you will have to follow the steps to seize the roles. You will need ADSIEdit and NTDSUtil to complete this.

http://support.microsoft.com/default.aspx?kbid=216498 - How to remove the DC manually after a failed Demotion
http://support.microsoft.com/default.aspx?scid=kb;EN-US;255504 - NTDSUTIL to seize the roles

This is a procedure that can cause serious issues if done incorrectly so you must follow the steps exactly.

In addition, before you follow these steps I would like to request Second Opinions or Concurrence from other Experts, please.

J
0
jdeclueCommented:
Ok, I did some double checking... Before you do anything, follow these steps, exactly.

On your new Domain Controller, click Start, click Run, type ntdsutil in the Open box, and then click OK.

Type "roles", and then press ENTER.

Type "connections", and then press ENTER.

Type "connect to server servername", where servername is the name of the new Domain Controller, and then press ENTER.

Type "q", and then press ENTER again.

You should now be at the "fsmo maintenance:" prompt, again.

Type "Seize domain naming master", and then press ENTER

Type "Seize infrastructure master", and then press ENTER

Type "Seize PDC", and then press ENTER

Type "Seize RID master", and then press ENTER

Type "Seize schema master", and then press ENTER

Let me know exactly what happens


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Joshua DumasAuthor Commented:
I think I found out what wasnt seized..and I seized it...let me check later on tonight and I will post something...but I went into ADUC and it looks like everything is working fine....HEA!

I will post something later (8-9PM) EST to let you know if everything went alright.

THANKS!
0
jdeclueCommented:
Fingers crossed ;)
0
cfairleyCommented:
I hope everything is OK too.  duemes, disregard jdeclue's earlier message about giving me the CREDIT.  We worked as a team.  If you can't split it, then give it to him.

Nice working with you jdeclue!  I wish a lot more people would use this site.
0
Joshua DumasAuthor Commented:
everything is working great!
0
jdeclueCommented:
I just started answering questions a couple of weeks ago, and have found this sit to be great! Wish I had started earlier... Thanks cfairley... and dittos to you
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.