the directory service is missing mandatory configuration

Posted on 2012-04-04
Medium Priority
Last Modified: 2012-04-04
i have installed a new domain controller which is 2008 r2
i dont think it has promoted correctly and replication is not working for

domaindns zones and

forest dns

i think the new server is missing important entries in dns
i was going to demote this server and them promote it hoping it would fix it
but it wont even let me demote it
it gives the error i have attached.

i was maybe going to force dcpromo but was wondering if there was an easier way
Question by:dougdog
  • 3
  • 2
  • 2
  • +3
LVL 21

Expert Comment

ID: 37805620
What are the results of running the following:

netdom query fsmo
LVL 10

Expert Comment

ID: 37805683
I guess the FSMO roles are on the intsalled DC .

Manually transfer all the roles that are held by this directory server to the remote directory server. Then, try to remove this directory server again.

And also try this command to do demote

dcpromo /forceremoval

Then perform the Meta Data cleanup

Author Comment

ID: 37805718
no all fsmo roles are installed on a dc at head office
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

LVL 57

Expert Comment

by:Mike Kline
ID: 37805726
You could try the fixfsmo script outlined here   http://support.microsoft.com/kb/949257/en-us

If that doesn't work the force and cleanup isn't that bad in 2008   great entry with screenshots from krzystof   http://kpytko.wordpress.com/2011/08/30/decommissioning-broken-domain-controller/



Author Comment

ID: 37805745
it thinks it is the last dns server
will this remove dns from my other servers
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37805975
Run dcdiag post results
LVL 10

Expert Comment

ID: 37806184
try this command to do demote

dcpromo /forceremoval
LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 1000 total points
ID: 37806583
In AD 2008, you can delete computer account. This fullfils the same purpose as a metadata cleanup for domain controllers.

It's all GUI based in 2008 and 2008 R2.

Cleanup Server Metadata Windows 2008 (GUI Based)

Active Directory Metadata Cleanup (For Windows 2008 or newer - with screen shots)
By Meinolf Weber, MVP

Author Comment

ID: 37807262
what is the correct method of installing an additional dc
should i set the dns of the new server to an existing dns server and run dcpromo
or should i install dns first and then dcpromo
LVL 59

Accepted Solution

Darius Ghassem earned 1000 total points
ID: 37807281
On the new DC you want to make sure that it is pointing to a existing DC for DNS then run dcpromo. Once this server is fully replicated and passing everything in dcdiag you then can point the server to itself for DNS.

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
There are a few different ways to preview your site before DNS resolves it to your (mt) Media Temple server.  The Plesk platform makes it easy.  See the following guide to learn how.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question