Error Demoting Domain Controller
-
You might also get interesting results using
netdom query fsmo /domain:forest
netdom query fsmo /domain:child1
netdom query fsmo /domain:child2
from different DCs -
@wirestyle22
It might not exist 'for real' anymore but your AD thinks it does, somewhere.
You have to find the reference to it within the depths of AD and get rid of it. -
@wirestyle22 said in Error Demoting Domain Controller:
@Dashrender found this: http://khellman.blogspot.com/2014/02/ad-ds-operation-failed-dcpromo-error.html
Using this link, Wire and I did find that his Domain did have a left over Forest based entry in ADSI edit for the DC that no longer exists. Now trying to find the best way to resolve the problem.
It's likely the DC was removed without running through DCPromo. It's likely that ADSI edit Metadata cleanup will be needed.
-
Update: Within ASDI Edit we connected to:
DC=ForestDNSZone,DC=subdomain,DC=rootdomain,DC=comCN=Infrastructure(Text File) listsfSMORoleOwnerin the Attribute Editor. The value showed a lot of garbled code instead of clean names, etc. A part of it was referencing the Domain Controller that hasn't been in production for a long time. -
I logged into a domain controller on the root domain using enterprise admin credentials and was able to edit
fSMORoleOwnerin the Attribute Editor. I then attempted to demote the Domain Controller again and got past the initial error, but it then gave me an access denied error. I had already gone into sites and services to disable the deleted protection so I spent a long time trying to figure out why this was occurring. It simply had not replicated to the DC yet.Domain Controller successfully demoted.
Big shoutouts to @Dashrender for going completely out of his way to help me resolve this issue. Can't thank you enough man.
-
@wirestyle22 said in Error Demoting Domain Controller:
ForestDNSZone
I'm trying to do this now and my ADSI edit doesn't show the ForestDNSZone. Assuming my TLD/Domain was contoso.com, I should be plugging in this, right? No worky... Not sure why.
http://i.imgur.com/hvqjF5V.png -
@Grey said in Error Demoting Domain Controller:
@wirestyle22 said in Error Demoting Domain Controller:
ForestDNSZone
I'm trying to do this now and my ADSI edit doesn't show the ForestDNSZone. Assuming my TLD/Domain was contoso.com, I should be plugging in this, right? No worky... Not sure why.
http://i.imgur.com/hvqjF5V.pngAre you working on a single domain or one root domain with multiple subdomains?
-
@wirestyle22 said in Error Demoting Domain Controller:
@Grey said in Error Demoting Domain Controller:
@wirestyle22 said in Error Demoting Domain Controller:
ForestDNSZone
I'm trying to do this now and my ADSI edit doesn't show the ForestDNSZone. Assuming my TLD/Domain was contoso.com, I should be plugging in this, right? No worky... Not sure why.
http://i.imgur.com/hvqjF5V.pngAre you working on a single domain or one root domain with multiple subdomains?
Single root. No subdomains.
-
@Grey said in Error Demoting Domain Controller:
@wirestyle22 said in Error Demoting Domain Controller:
@Grey said in Error Demoting Domain Controller:
@wirestyle22 said in Error Demoting Domain Controller:
ForestDNSZone
I'm trying to do this now and my ADSI edit doesn't show the ForestDNSZone. Assuming my TLD/Domain was contoso.com, I should be plugging in this, right? No worky... Not sure why.
http://i.imgur.com/hvqjF5V.pngAre you working on a single domain or one root domain with multiple subdomains?
Single root. No subdomains.
Your screenshot looks right to me. What does it say when you click OK
-
@wirestyle22 said in Error Demoting Domain Controller:
@Grey said in Error Demoting Domain Controller:
@wirestyle22 said in Error Demoting Domain Controller:
@Grey said in Error Demoting Domain Controller:
@wirestyle22 said in Error Demoting Domain Controller:
ForestDNSZone
I'm trying to do this now and my ADSI edit doesn't show the ForestDNSZone. Assuming my TLD/Domain was contoso.com, I should be plugging in this, right? No worky... Not sure why.
http://i.imgur.com/hvqjF5V.pngAre you working on a single domain or one root domain with multiple subdomains?
Single root. No subdomains.
Your screenshot looks right to me. What does it say when you click OK
-
This post is deleted! -
Do you see any DC's listed in the computer dropdown shown below? Might need to manually select a server. It should be able to see itself.
-
@wirestyle22 said in Error Demoting Domain Controller:
Do you see any DC's listed in the computer dropdown shown below? Might need to manually select a server. It should be able to see itself.
Yup. Oddly, not all of them. Out of 1 RODC and 5 DCs, only 2 show in the dropdown.
-
@Grey You don't even want to know what my network looks like. It's held together by bubblegum
-
@wirestyle22 said in Error Demoting Domain Controller:
@Grey You don't even want to know what my network looks like. It's held together by bubblegum
You don't even have duct tape? It's time for an upgrade!
-
@wirestyle22 said in Error Demoting Domain Controller:
@Grey You don't even want to know what my network looks like. It's held together by bubblegum
I just want to get to the root cause of the FSMO error you mentioned at first. I'm doing a dcpromo to remove a DC and getting the 'missing mandatory information' yet I can see that my FSMO/RID/etc. roles are all being handled by the proper server through the ntdsutil, AD sites & services and in the various other AD tools. The only thing left to determine is what is in my scheme or something that's not providing the detail for the dcpromo tool. I know that I can run it with a /force switch, but I'd rather find the root cause so I have an answer instead of a workaround.
-
@wirestyle22 said in Error Demoting Domain Controller:
@Grey said in Error Demoting Domain Controller:
@wirestyle22 said in Error Demoting Domain Controller:
ForestDNSZone
I'm trying to do this now and my ADSI edit doesn't show the ForestDNSZone. Assuming my TLD/Domain was contoso.com, I should be plugging in this, right? No worky... Not sure why.
http://i.imgur.com/hvqjF5V.pngAre you working on a single domain or one root domain with multiple subdomains?
(*&@^$(@ Thing. Apparently, you need spaces in between the commas. This is dumb, though. Some places, this doesn't matter and others, you can't have spaces, and then this requires a space. Stupid thing.
