• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2034
  • Last Modified:

Active Directory could not transfer the remaining data in directory partition CN=Schema,CN=Configuration,DC=luhsads,DC=xxx,DC=org to domain controller

I'm trying to remove a "good" but old DC.  I get the error below.

Active Directory could not transfer the remaining data in directory partition CN=Schema,CN=Configuration,DC=luhsads,DC=xxxx,DC=org to domain controller

I've read several posts about this error, but none seem to match mine exactly, so before I do a dcpromo /forceremoval I want to check with EE first.
0
J.R. Sitman
Asked:
J.R. Sitman
  • 6
  • 4
3 Solutions
 
AmitIT ArchitectCommented:
0
 
J.R. SitmanAuthor Commented:
OK that helps.  When running, dcdiag, I got the error failed test NCSecDesc.   Domain controllers doesn't have Replicating Directory Changes in Filtered set.  Replication error "8524".

I didn't see a solution for this error.  Can you help?
0
 
AmitIT ArchitectCommented:
Run dcdiag /q and post it here.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
J.R. SitmanAuthor Commented:
attached
dcdiag.jpg
0
 
J.R. SitmanAuthor Commented:
did you see the attachment?
0
 
footechCommented:
Regarding the NCSecDesc error when running dcdiag.  This is expected behavior if you haven't run "adprep /rodcprep".  This is not a problem if you don't plan on adding any Read-Only domain controllers.  You could also run the above command just so you don't see the error anymore when running dcdiag.
http://support.microsoft.com/kb/967482
0
 
J.R. SitmanAuthor Commented:
Great.  So do you feel it's ok to do the forceremoval, then metadata cleanup?
0
 
AmitIT ArchitectCommented:
You can do force removal also. If it is 2008, I guess firewall settings are causing issue and that is why 2003 is unable to contact it. Run Portquery and check what ports are blocked.
0
 
J.R. SitmanAuthor Commented:
Thanks
0
 
AmitIT ArchitectCommented:
Can you also post, what was the final solution you applied.
0
 
J.R. SitmanAuthor Commented:
I did a dcpromo /forceremoval.  Then Metadata cleanup.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now