Windows 2003 Domain - Running a command netdom query /domain:domain name fsmo

elaw used Ask the Experts™

I was going to run DCPromo to remove active directory on one of the old domain controller.  Moved all the roles from this DC to other DC's.  I have also exchange 2007

While checking few things, find out when I use NTDSUTIL to check the roels, it gives the error: "the security context is invalid".

Also i use the command netdom query /domain: domain name fsmo it gives the error:
The security context is invalid
the command failed to complete successfully.

Guys do you have any idea..
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Information Security Consultant


Thanks Adonis.  the issue is fixed.  I have run the dcdiag and the verifiyentrerprisereferences test is failing.  Please let me know if it will cause any issue when demoting a DC


Adonis SardinasInformation Security Consultant

AD is a beast of a platform. Anything can happen really. But you should be fine as long as your moved your FSMO roles to another server.

Run the verifiyentrerprisereferences on your new DC
What do you get when you run DCDIAG on your new DC?

If you had not done so already bring down your DC you are going to demote and see what errors are reported on your new DC.

Event log is your friend. MS does a good decent job at giving help with event log issues.

Ooo, an ddont forget Google and ExpertXchange both very helpful resources.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial