FRANCISCO MENDEZ
asked on
problem to rise the forest functional level
We alredy migrated all the DCs of a domain, from Windows 2003 to Windows 2012-R2. Now we want to rise the domain and the forest to Windows 2012-R2. We already reviewd that all sites have only Windows 2012-R2 DCs. We alredy review in DNS that there is not old records related to previous Windows 2003 DCs. If trying to rise the forest level from the AD Administrative Center, it says it is not possible to rise because the domain includes old DCs, same for forest rise. Both offeres option save as, but the files generated do not says wich is the old DC. When using AD Domain and trusts, for forest rise, we get the error: The NTDS-DSA object CN=NTDS Settings, CN=LostandFoundConfig,CN=C onfigurati on,DC...do main name... is not properly configured and is preventing the forest functional level from being raised. It refers to the DC xxx ... Delete this object using the ADSI Edit. I looked in the metadata through ntdsutil, but the site refered does not existe, neither the DC. In the LostAndFound recipient, there is no reference to that object. If I look with ADSI Edit, in the configuration context, in CN=LostAndFpoundConfig, it is the entry for CN=NTDS Settings, if I view the properties, in the Atribute lastknownParent, it refers to the names DC xxx. Is it possible (safe) to delete this entry directly in the ADSIEdit? or how can I update this last object so it does not refer to the old DC? (I do not know if this entry (CN=NTDS Settings) inside the path specified is a neccesary entry that should be updated insted of deleted).
error.docx
error.docx
ASKER
we alredy executed all metadatacleanup with ntds util. The old site of the old DC does not exists any more (in the metadata neither in the AD Sites and Serves). So it is not possible also to find any more in the metadata. ntdsutil only shows the current live sites.
If it is being detected by the Raise Forest/Domain Functional Levels snap-in, then it is in AD somewhere. Just in case this is not a replication issue, have you looked in ADSIEdit on the server that fails to run the snap-in?
-saige-
-saige-
ASKER
yes, as described in the initial description: If I look with ADSI Edit, in the configuration context, in CN=LostAndFoundConfig, it is the entry for CN=NTDS Settings, if I view the properties, in the Atribute lastknownParent, it refers to the names DC xxx.
so the questio is...
Is it possible (safe) to delete this entry directly in the ADSIEdit?
or how can I update this last object so it does not refer to the old DC?
(I do not know if this entry (CN=NTDS Settings) inside the path specified is a neccesary entry that should be updated insted of deleted).
so the questio is...
Is it possible (safe) to delete this entry directly in the ADSIEdit?
or how can I update this last object so it does not refer to the old DC?
(I do not know if this entry (CN=NTDS Settings) inside the path specified is a neccesary entry that should be updated insted of deleted).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
solved with other Experts Exchange articles already in DB
If it is offline but can be brought back online, do so and rerun DCPROMO on the server to remove it from active directory.
If it is still online, then this server needs to be demoted.
More information on performing metadata cleanup: Clean Up Server Metadata
-saige-