Solved

The directory services is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.

Posted on 2013-01-03
14
1,782 Views
1 Endorsement
Last Modified: 2013-01-12
I doing migration of AD with DNS server 2008 R2 to windows server 2012. but after migration when I try to demote  old DC of 2008 R2 it shows below error message.

"The operation failed because:  Active Directory Domain Services could not transfer the remaining data in directory partition DC=ForestDnsZones,DC=domain-internal,DC=com to Active Direcotry Domain Controller \\RWC-DC2.domain-internal.com.
"The directory services is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles."
dc-remove.jpg
DNS.png
1
Comment
Question by:rigelnet
  • 6
  • 3
  • 2
  • +3
14 Comments
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 38739593
0
 

Expert Comment

by:Seshadrim
ID: 38739857
Try Transferring the FSMO roles to the newly Installed Windows 2012 Domain Controller.
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38740972
I am assuming you are upgrading the OS from 2008 to 2012 by adding a new DC (Not Migration) and the forest name is not changed

So in this case this seems to be issue with connectivity ...
First post the dcdiag /q from 2012
repadmin /replsum from 2012

Then we would be able to conclude anything ...In worst case you will need to seize FSMO roles on 2012 server using below link

Seize FSMO role:
http://www.petri.co.il/seizing_fsmo_roles.htm
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:rigelnet
ID: 38742807
I have successfully  transferred FSMO roles to migrated 2012 DC. after transfer FSMO I have run command netdom query fsmo and it shows successfully.here i have attached file
fsmo.jpg
0
 

Author Comment

by:rigelnet
ID: 38742828
My setup is as below
old server : win server 2008 r2 including Active Directory and DNS

plan for New server: win server 2012 with Active directory and DNS and used new hardware with upgraded one.

I have followed below url for the migration
http://www.msserverpro.com/migrating-active-directory-domain-controller-from-windows-server-2008-r2-to-windows-server-2012/

all steps done successfully but can not remove old dc with dc promo.

here I have attached test result of command dcdiag /q from 2012
repadmin /replsum from 2012

please give me solution asap as i stuck between....
dcdiag-and-repadmin-test-from-ne.jpg
0
 

Author Comment

by:rigelnet
ID: 38742840
Here I have attached right screenshot of my test setup which shows all fsmo roles are transferred successfully. Though I have tried with seize FSMO but when i run this it shows transferred successfully no need to seize.
fsmo-result.jpg
0
 

Author Comment

by:rigelnet
ID: 38742912
Further more I have checked dcdiag /q from 2012
repadmin /replsum from 2012  while put down old 2008 R2 DC. Than i will get test result as attached
dcdiag-test.jpg
0
 
LVL 2

Expert Comment

by:thomasclm
ID: 38742949
Can you make an entry in DNS of the missing GUID (see attacment). Without porper GUID, AD will never replicate.

Regards,
Thomas
DNS---GUID.png
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38744376
It seems to be dns issue make sure below practice is followed



Every DNS server should Point to its own IP as a primary DNS and DNS located in remote site as a secondary DNS in TCP/IP properties
All the unused NIC's to be disabled
Valid DNS Ip from ISP to be configuered in DNS forwarders Do not configuere local DNS in forwarders
Public DNS IP's Should not be used at any NIC Card except Forwarders
Domain Controllers should not be multi-homed
Running VPN server and RRas server makes the DC multihomed refer http://support.microsoft.com/default.aspx?scid=kb;en-us;272294


If anything above is incorrect please correct it and run "ipconfig /flushdns & ipconfig /registerdns " and restart DNS service using "net stop dns & net start dns"

DNS best practices
http://technet.microsoft.com/en-us/library/cc778439(v=WS.10).aspx

Checklist: Deploying DNS for Active Directory
http://technet.microsoft.com/en-us/library/cc757116(v=ws.10)

DNS Arguments

http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx#dnsbest
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 38745764
The dcdiag output you posted in #38742912 shows an event in the System log indicating that your servers' clocks are not synchronized.  Is that only happening in your test environment?  If it's happening in production, it needs to be addressed, as too much clock skew (>5 minutes by default) causes Kerberos authentication failures.
0
 

Author Comment

by:rigelnet
ID: 38749756
Thanks for your  quick reply. But now i got error in Group policy. DNS name resolution and all working fine now. But group policy is not implemented as I configure in 2008 r2 AD. the policy folders and all are migrated but not in effect. here I have attached screenshot.

when i reset any password fron this 2012 new AD it will give effect on client end. but i can not get my old configured Group policy.
gp.jpg
group-policy-error.jpg
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 38751467
Run the "net share" command on both DCs to verify that the SYSVOL and NETLOGON folders are shared.
0
 

Author Comment

by:rigelnet
ID: 38753654
I have run "net share" command on both DCs to verify but  in 2008 R2 I can find NETLOGON folder which shows shared. but in windows server 2012 AD server i could not find NETLOGON folder shared. event i can not find. can you give me detail path? or what configuration should be done?
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 38755626
Does that mean that you have a SYSVOL share on the 2012 server but not a NETLOGON share?

Check the DFSR event log on the 2012 server (and maybe the 2008 R2 server too) for errors.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question