Solved

the directory service is missing mandatory configuration

Posted on 2012-04-04
10
667 Views
Last Modified: 2012-04-04
i have installed a new domain controller which is 2008 r2
i dont think it has promoted correctly and replication is not working for

domaindns zones and

forest dns

i think the new server is missing important entries in dns
i was going to demote this server and them promote it hoping it would fix it
but it wont even let me demote it
it gives the error i have attached.

i was maybe going to force dcpromo but was wondering if there was an easier way
Capture.JPG
0
Comment
Question by:dougdog
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 21

Expert Comment

by:motnahp00
ID: 37805620
What are the results of running the following:

netdom query fsmo
0
 
LVL 10

Expert Comment

by:jmanishbabu
ID: 37805683
I guess the FSMO roles are on the intsalled DC .

Manually transfer all the roles that are held by this directory server to the remote directory server. Then, try to remove this directory server again.

And also try this command to do demote

dcpromo /forceremoval

Then perform the Meta Data cleanup
0
 

Author Comment

by:dougdog
ID: 37805718
no all fsmo roles are installed on a dc at head office
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 57

Expert Comment

by:Mike Kline
ID: 37805726
You could try the fixfsmo script outlined here   http://support.microsoft.com/kb/949257/en-us

If that doesn't work the force and cleanup isn't that bad in 2008   great entry with screenshots from krzystof   http://kpytko.wordpress.com/2011/08/30/decommissioning-broken-domain-controller/

Thanks

Mike
0
 

Author Comment

by:dougdog
ID: 37805745
it thinks it is the last dns server
will this remove dns from my other servers
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37805975
Run dcdiag post results
0
 
LVL 10

Expert Comment

by:jmanishbabu
ID: 37806184
try this command to do demote

dcpromo /forceremoval
0
 
LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 250 total points
ID: 37806583
In AD 2008, you can delete computer account. This fullfils the same purpose as a metadata cleanup for domain controllers.

It's all GUI based in 2008 and 2008 R2.

Cleanup Server Metadata Windows 2008 (GUI Based)
http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx

Active Directory Metadata Cleanup (For Windows 2008 or newer - with screen shots)
By Meinolf Weber, MVP
http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx
0
 

Author Comment

by:dougdog
ID: 37807262
what is the correct method of installing an additional dc
should i set the dns of the new server to an existing dns server and run dcpromo
or should i install dns first and then dcpromo
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 250 total points
ID: 37807281
On the new DC you want to make sure that it is pointing to a existing DC for DNS then run dcpromo. Once this server is fully replicated and passing everything in dcdiag you then can point the server to itself for DNS.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question