Solved

Domain Naming Master Offline after DCPRO Windows 2008 Server

Posted on 2011-03-20
6
1,663 Views
Last Modified: 2012-05-11
Hello

I just upgrade my domain to a Windows 2008 DC.  Right after that I noticed that the Domain Naming Master went offline before  I could move it from the Window 2003 DC to the Windows 2008 DC.

when I run netdom query fsmo this is what I get.

Domain naming master        *** Warning: role owner is a deleted DC: CN=NTDS Set
tings\0ADEL:948d2692-3640-4118-8ed6-98036aa067db,CN=SERVER1\0ADEL:f5713379-6794-
46a8-bbe6-2ef678110ba2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu
ration,DC=ccichicago,DC=cci-exchange,DC=com
0
Comment
Question by:jacobb_2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 35

Accepted Solution

by:
Seth Simmons earned 500 total points
ID: 35177983
If that DC is no longer accessible then use another DC to seize that FSMO role.

http://support.microsoft.com/kb/255504

Skip down to the Seize FSMO roles section and do that for the domain naming master role.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35178924
Before you do that, it's important to check why this is happening, if you seize the role from another server that already has it then the one you seize it from will need to be completely rebuilt.

From both domain controllers run the following command:

NETDOM QUERY FSMO

Post the results, also post the results of DCDIAG and IPCONFIG /ALL from both DC's please.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 35178997
There is two way to move FSMO role to another server first is transfer the FSMO role to another server, transfer normally happens when server is going for maintenance like disk crash, driver update, patches updates etc, so you don't want your FSMO role donw you temporary transfer the FSMO roles.

Another way is to seize the FSMO role on another server, its same like king is dead & assigning his heir to hold the throne further by making him the King, seizing works in same way, if the server holding FSMO role is dead & it can't be revert back, you have to seize the FSMO role on another DC, once you seize the dc you can't bring the crash server back to network even it can be as you have seize the role, the new dc will be treated as authoritative server, so never put back the DC from which you seize the FSMO role.  If you want to reuse the server & DC name or server, perform the metadata cleanup for AD, removed all the left out records from AD DNS manually, allow time for replication to another DC's & once you verify changes are replicated & there is no more traces using repadmin tool, you can format the new server, install the fresh OS & configure as DC & transfer the roles if you wish.

So Seizing happens in disaster recover scenario where you can't transfer the FSMO role , in your case it looks same to me you can seize the FSMO role on healthy dc but make sure w/o performing metadata steps don't connect the dc even if it can be connected.

So, if you think you don't wanna bring old dc back seize the FSMO role & also check there is no replication error in your current domain.

http://www.petri.co.il/seizing_fsmo_roles.htm
http://technet.microsoft.com/en-us/library/cc816907%28WS.10%29.aspx

0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 74

Expert Comment

by:Glen Knight
ID: 35179022
Why is everyone insisting on seizing the roles?? We don't even know what the problem is yet!!!
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35183149
So you weren't interested in actually finding out what the problem was? What about the server that currently has that role on it? You will now have to rebuild that server if it's live.
0
 

Author Comment

by:jacobb_2000
ID: 35183343
I talked with Microsoft and we were unable to get the old DC working.
we will be demoting the old Server.

thx

Jake
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question