Link to home
Start Free TrialLog in
Avatar of Dhyanesh Singh
Dhyanesh Singh

asked on

Can not remove Old Primary Domain controller

Hi Experts,

I have a scenario, where I have 1 OLD DC (2k8) and 1 NEW DC (2k16) both are working fine.Both are in intra site replication mode.  I have migrated all roles to NEW DC and also made it as global catalog server as well. Now when I want to gracefully remove ADDS role from OLD DC its throwing me error. I don't want to seize roles on NEW DC, kindly guide me for the same.

Note: NEW DC is working perfectly fine if I switch off OLD DC.

error (event viewer):

The operations master roles held by this directory server could not transfer to the following remote directory server.
 
Remote directory server:
\\SOL-1.in.mysolutions.com
 
This is preventing removal of this directory server.
 
User Action
Investigate why the remote directory server might be unable to accept the operations master roles, or manually transfer all the roles that are held by this directory server to the remote directory server. Then, try to remove this directory server again.
 
Additional Data
Error value:
5005 The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.
Extended error value:
0
Internal ID:
52498735
Avatar of Shaun Vermaak
Shaun Vermaak
Flag of Australia image

Please run on both DCs and post
NETDOM /QUERY FSMO

Open in new window

Avatar of Dhyanesh Singh
Dhyanesh Singh

ASKER

the result shows all roles in new dc.

As I mentioned in my note I kept old dc down for more than a week, so it works without the old DC, roles have been transferred successfully.
ASKER CERTIFIED SOLUTION
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
As I mentioned in my note I kept old dc down for more than a week, so it works without the old DC, roles have been transferred successfully.
This won't prove that roles have been transferred. AD will happily continue working (just logging errors) if a FSMO holder is offline until it is required
I agree with this suggestion from https://social.technet.microsoft.com/Forums/office/en-US/847644e7-aee5-4d20-8bf8-497c359268fc/dcpromo-fails-the-directory-service-is-missing-mandatory-configuration-information-and-is-unable?forum=winserverDS

It looks to be at some point of time FSMO role is been seized from the failed DC, but its metadata cleanupp has not been performed and it became a lingering object.

My suggestion is use dcpromo /forceremoval and perform metadata cleanup to remove the dc and its references. You can refer below article to remove references of earlier removed dc from the AD.
open adsi edit and connect to default naming context
expand and select the top level folder; on the right you will see your top level AD objects
at the bottom is CN=Infrastructure
open that and check the value for fSMORoleOwner
does it point to the new server or old server?  if old server, you need to change to the new one then try removing ADDS again
i've had this issue multiple times because of that attribute having the wrong value
Tech net link worked perfectly fine.