I've done a little more research.. turns out I missed something. After running dcdiag /test:Knowsofroleholders /v, it turns out the server in the DMZ fails. What I get is this:
Warning: CN="NTDS Settings ...blah blah.. is the Schema Owner, but is deleted Warning: CN=NTDS Settings ...blah blah.. is the Domain Owner, but is deleted PDC, RID, and Infrastructure Update Owner all passed, seeing the internal server as the role holders. I'm still researching this, but I think I'm getting closer the the problem... -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 8:29 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Moving Schema Master (continued...) I figured you knew that... Sorry. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 05, 2004 8:15 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Hmmmmm.... Not a bad idea shipmate. > > -----Original Message----- > From: Adams, Kenneth W (Ken) [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 6:55 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Don't you have a desktop PC that you could temporarily use? > If not, you > might want to consider moving your internal DC into the DMZ > long enough > to move the FSMO instead of the other way around. > > Kenneth W. (Ken) Adams, MCSA, MCSE > > > > -----Original Message----- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 4:26 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Wish I could.. Roger had the same idea, placing a server in the DMZ, > moving the role, then bringing the server inside to transfer it to > a trusted DC. He called it a "swing" server. Great idea, but I don't > have another box to do that with. > > -----Original Message----- > From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 2:33 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Have you tried standing up a server in the DMZ next to the > Schema Master > Server (IE. New server in the DMZ). Then transfer the FSMO > role to new > server. > > Just an Idea, > > Todd > > -----Original Message----- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 12:46 PM > To: ActiveDir (E-mail) > Subject: [ActiveDir] Moving Schema Master (continued...) > > > Greetings All > > If you have been following this thread, you know that I am having > problems > moving the Schema Master role from a server sitting in my DMZ to one > sitting > in trusted. I have opened up all ports between these two > servers, and I > am > still getting the same error; current FSMO could not be > contacted. I am > really at a loss! I can't seize the role as the server > currently acting > as > the Schema Master is also an Exchange server, and is > hosting IIS. It is not a server that I can take offline and rebuild. > > I have verified that all requisite rights are in place, I > have verified > replication, I even called the mfgr. (Netscreen) of the firewall to > verify > that I did indeed have all ports open. I can't take this > server offline > to > bring it inside, and I don't have a system that I can use as a "swing" > server as Roger suggested. Is there anything else that may be > preventing > me > from doing this? I am really getting frustrated! (And behind > schedule...) > > TIA for any help. > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
