Demoting a Domina Contoller Issus

Posted on 2013-09-05
Medium Priority
Last Modified: 2013-09-05
I'm trying to demote a Windows 2008 R2 domain controller that has NO FSMO roles on it & never has. When I do a dcpromo to go through the wizard, it get this error "The operateion failed because: active directory domain services could not transfer the remaining data in directory partition DC=forestdnszones, DC=mydomian name, to active directory domian controller \\anotheroneofmydomaincontrollers. The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.

An suggestions as to how I need to demote this thing?
Question by:wantabe2
  • 3
LVL 15

Expert Comment

ID: 39466735
1: run the script listed in support.microsoft.com/kb/949257 which transfers the fSMORoleOwner to an existing domain controller.

If above does not fix the issue then:


LVL 15

Author Comment

ID: 39466741
this server does not hold any FSMO roles
LVL 36

Accepted Solution

Seth Simmons earned 2000 total points
ID: 39466748
the problem is that it's trying to replicate data to the schema master but in AD it's value is not correct so it doesn't know the schema master and dcpromo fails

go to the machine that is the schema master role and open adsi edit

when the console opens, right click on adsi edit and select connect to
under connection point, select the first option (type distinguished name) and in the box type

be sure to fill in the last part with your actual domain name
when it opens, click on default naming context and expand
click on the context you just put in (starting with DC=ForestDNSZones) and on the right you will see CN=Infrastructure

double click and scroll down to where it says fSMORoleOwner
look at the value - it likely refers to a server that no longer exists or has invalid data

change that to refer to the schema master then click ok
it has to be done on the server that has the schema master role else it will throw an error when you try to save it.  i've seen this issue a few times and this is how to fix it
LVL 36

Expert Comment

by:Seth Simmons
ID: 39466755
the value would end up looking something like this:

CN=NTDS Settings,CN=<server>,CN=Servers,CN=<AD Site>,CN=Sites,CN=Configuration,DC=mydomain,DC=com

replace <server> with the actual server holding the schema master role; replace <AD Site> with the actual site name that server is in in AD and your domain at the end
LVL 36

Expert Comment

by:Seth Simmons
ID: 39466770
after that change you'll either have to force replication to that domain controller or wait for manual replication before trying dcpromo again so that change will be replicated on that dc you are demoting

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
There are a few different ways to preview your site before DNS resolves it to your (mt) Media Temple server.  The Plesk platform makes it easy.  See the following guide to learn how.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

587 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question