Solved

I didnt dcpromo my old server...oh.....

Posted on 2004-08-03
18
198 Views
Last Modified: 2010-04-13
I put a new server into place, and when the old one was history I couldn't do a dcpromo to put it to a member server....so whenever I access the group policies in Active Directory Users and Computers I am getting the following:

The domain controller for Group Policy operations is not available. You may cancel this operation for this session or retry using one of the following domain controller choices:
The one with the Operations Master token for the PDC emulator.

Any idea...what I need to do to remove the old server from the farm?
0
Comment
Question by:duemes
  • 7
  • 6
  • 4
  • +1
18 Comments
 
LVL 1

Expert Comment

by:jon_godwin
ID: 11704503
you need to move those roles to your current server
0
 

Author Comment

by:duemes
ID: 11704523
and how is that done?
0
 
LVL 11

Expert Comment

by:cfairley
ID: 11704994
I am assuming that you only have two DCs, one old and one new.  When you open up ADUC, make sure that the very top line in the view pane reads "Active Directory Users and Computers [your new DC]".  If not, right click that line, select "Connect to Domain Controller" and select your new DC.  

Next, right-click the very top line again and select "All tasks" and then "Operations Masters".  Make sure that all the roles point to your new DC, change them if they are not.  If this does not work, the roles will have to be siezed using NTDSUTL and the old DC will have to be reinstalled if DCPROMO does not work.

Thanks,
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 9

Expert Comment

by:jdeclue
ID: 11707674
Because the old server is no longer available you have to seize the roles to the existing server exactly as cfairley says. Here is the kb to get that done. If this works CREDIT cfairley please.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;255504
0
 

Author Comment

by:duemes
ID: 11711631
can I have some help with NTDSUTL - I hate to F*C* my domain up with a stupid command....
0
 
LVL 11

Expert Comment

by:cfairley
ID: 11713611
Before using ntdsutil, enable "File and Printer Sharing" and enable "TCP/IP NetBIOS Service".  Follow the brief directions in this link:  http://www.jsiinc.com/SUBN/tip6500/rh6590.htm

Then try to change the roles using ADUC.  If still unable, then use ntdsutil.  The link that jdeclue provided describes exactly how to use it.  Don't worry about damaging your domain with this command, it is harmless when you only have two DCs.  When you have more than two, you could possibly move a FSMO role to the wrong DC.
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11726467
duemes, an update as to the status of your dcpromo, please.

J
0
 

Author Comment

by:duemes
ID: 11745036
This is what I get when I run seize domain naming master:

Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of domain naming FSMO failed, proceeding with seizure ...
Server "SERVERNAME" knows about 5 roles
Schema - CN=NTDS Settings,CN=SERVERNAME,CN=Servers,CN=Default-First-Site,CN=Sites
,CN=Configuration,DC=DOMAINNAME,DC=MYDOMAINNAME,DC=com
Domain - CN=NTDS Settings,CN=SERVERNAME,CN=Servers,CN=Default-First-Site,CN=Site
s,CN=Configuration,DC=DOMAINNAME,DC=MYDOMAINNAME,DC=com
PDC - CN=NTDS Settings,CN=SERVERNAME,CN=Servers,CN=Default-First-Site,CN=Sites,C
N=Configuration,DC=DOMAINNAME,DC=MYDOMAINNAME,DC=com
RID - CN=NTDS Settings,CN=SERVERNAME,CN=Servers,CN=Default-First-Site,CN=Sites,CN
=Configuration,DC=DOMAINNAME,DC=MYDOMAINNAME,DC=com
Infrastructure - CN=NTDS Settings,CN=SERVERNAME,CN=Servers,CN=Default-First-Site,
CN=Sites,CN=Configuration,DC=DOMAINNAME,DC=MYDOMAINNAME,DC=com
fsmo maintenance:

ANY IDEA?
0
 

Author Comment

by:duemes
ID: 11749122
Any ideas?
0
 
LVL 11

Expert Comment

by:cfairley
ID: 11751199
This happens when you seize a role from a DC that is not available.  If the previous owner of the FSMO role was available, then the message would read successful.  Notice that it still says "proceeding with seizure".  The list of roles shown above should tell you who is the correct owner of the role, it should say your new DC.

To check the roles:
ntdsutil
roles
select operation target
connections
connect to server "servername"
Q
list roles for connected server
0
 

Author Comment

by:duemes
ID: 11758990
it appears when I do the above steps it shows that the Schema, RID, & Infrastructure is with the old server...how do I get it to the new server????

The new server is doing:
Domain & PDC

Any ideas?
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11761661
Here are the step by step instructions on removing the old Domain Controller in a MS knowledge Base Article, after you remove the Server object from Active Directory then you will have to follow the steps to seize the roles. You will need ADSIEdit and NTDSUtil to complete this.

http://support.microsoft.com/default.aspx?kbid=216498 - How to remove the DC manually after a failed Demotion
http://support.microsoft.com/default.aspx?scid=kb;EN-US;255504 - NTDSUTIL to seize the roles

This is a procedure that can cause serious issues if done incorrectly so you must follow the steps exactly.

In addition, before you follow these steps I would like to request Second Opinions or Concurrence from other Experts, please.

J
0
 
LVL 9

Accepted Solution

by:
jdeclue earned 500 total points
ID: 11762999
Ok, I did some double checking... Before you do anything, follow these steps, exactly.

On your new Domain Controller, click Start, click Run, type ntdsutil in the Open box, and then click OK.

Type "roles", and then press ENTER.

Type "connections", and then press ENTER.

Type "connect to server servername", where servername is the name of the new Domain Controller, and then press ENTER.

Type "q", and then press ENTER again.

You should now be at the "fsmo maintenance:" prompt, again.

Type "Seize domain naming master", and then press ENTER

Type "Seize infrastructure master", and then press ENTER

Type "Seize PDC", and then press ENTER

Type "Seize RID master", and then press ENTER

Type "Seize schema master", and then press ENTER

Let me know exactly what happens


0
 

Author Comment

by:duemes
ID: 11763501
I think I found out what wasnt seized..and I seized it...let me check later on tonight and I will post something...but I went into ADUC and it looks like everything is working fine....HEA!

I will post something later (8-9PM) EST to let you know if everything went alright.

THANKS!
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11763523
Fingers crossed ;)
0
 
LVL 11

Expert Comment

by:cfairley
ID: 11765191
I hope everything is OK too.  duemes, disregard jdeclue's earlier message about giving me the CREDIT.  We worked as a team.  If you can't split it, then give it to him.

Nice working with you jdeclue!  I wish a lot more people would use this site.
0
 

Author Comment

by:duemes
ID: 11768935
everything is working great!
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11772216
I just started answering questions a couple of weeks ago, and have found this sit to be great! Wish I had started earlier... Thanks cfairley... and dittos to you
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
How do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question