Active Directory FSMO Errors

Today while trying to demote a domain controller I received an error:

The directory services is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.

Running dcdiag /v yielded an error like the following:

Ownership of the following FSMO role is set to a server which is deleted or does not exist. Operations which require contacting a FSMO operation master will fail until this condition is corrected. FSMO Role: CN=Infrastructure,DC=DomainDnsZones,DC=mydomain,DC=local FSMO Server DN: CN=NTDS SettingsADEL:464a6261-2c82-4ac1-b2b2-144d2e5e1b74,CN=SOMEOLDSERVERADEL:27fa192a-1f79-4a62-9557-d14ce99406d9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local User Action: 1. Determine which server should hold the role in question. 2. Configuration view may be out of date. If the server in question has been promoted recently, verify that the Configuration partition has replicated from the new server recently. If the server in question has been demoted recently and the role transferred, verify that this server has replicated the partition (containing the latest role ownership) lately. 3. Determine whether the role is set properly on the FSMO role holder server. If the role is not set, utilize NTDSUTIL.EXE to transfer or seize the role. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com. 4. Verify that replication of the FSMO partition between the FSMO role holder server and this server is occurring successfully. 

The SOMEOLDSERVER reference in the above was indeed an old server that died long ago. Since I thought I followed all the proper instructions for removing a dead domain controller I was surprised to see this was lurking in the metadata after all these years. Much research identified excellent posts and discussions including http://goo.gl/yXSbe3 and http://goo.gl/WEgj8o, the latter of which pointed me to a VB script in http://support.microsoft.com/kb/949257/en-us that when run against DC=DomainDnsZones,DC=mydomain,DC=local (from the output above) corrected the error and subsequently allowed the DCPROMO to run successfully. I hope this post helps save someone the couple of hours of struggling I went through.

Leave a Reply

Your email address will not be published. Required fields are marked *