Thanks to all the folks for their suggestions. I have done that thru DCPROMO/FORCEREMOVAL and then used ADSIEDIT to remove that from the Active Directory. It really worked for me and saved my time. Thanks to the list
Mohammed Athif Khaleel
Asst.Network Engineer
AlFaisaliah Group Information Technology
Tel.: +966-1-461-0077 x.209
Moble.: +966-509774015
Email: [EMAIL PROTECTED]
"Save Internet, Keep all the systems patched"
Web: http://alfaisaliah.com
-----Original Message-----
From: Brent Westmoreland [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 18 May 2004 5:01 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Unable to demote Additional DCIn troubleshooting, I would say you may want to look at DNS. Had a funky setup in a Windows 2003 test environment where FSMO roles wouldn't transfer because of the SPN registration being bunked. It actually complained about the specific record in the event log. After deleting it and restarting netlogon ti reregister everything was beaaayoootiful. Although if this is your production environment I don't recommend randomly deleting spn registrations to see if it solves the problem, but you could check your eventlogs for signs of a problem nonetheless.
On May 18, 2004, at 9:22 AM, joe wrote:
You have two options...
1. Troubleshoot
2. Cleanup
If #1, start off with a network trace, find out where it really failing... Go from there... I am not so sure I recommend this for this problem unless you have had this issue before.
If #2, if K3 do a forceremoval of AD from the machine and then a metadata cleanup. If 2K, blow the machine away and do a metadata cleanup. Check for any roles that aren't held by real machines that are functioning ok and seize them if necessary.
All of the stuff in #2 is documented in various KB Articles.
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, May 18, 2004 3:26 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Unable to demote Additional DC
Hello Folks,
I am trying to demote an Additional Domain Controller and when I do that thru DCPRMO, I get this error;
The operation failed because:
The Directory Service was unable to transfer the domain wide FSMO roles (PDC and
Rid master) to another Domain Controller in this domain. A possible cause may
that no other servers are on line to receive the FSMO, or the Directory Service
has a record of a server that no longer exists.
"The DSA object could not be found. "
All the servers are online and from this machine, I can ping to the PDC Emulator too. How do I resolve this issue?? Can any one point to some KB articles for explanation?
Regards,
Mohammed Athif Khaleel
Asst.Network Engineer
AlFaisaliah Group Information Technology
Tel.: +966-1-461-0077 x.209
Moble.: +966-509774015
Email: [EMAIL PROTECTED]
Have you installed the patch for Microsoft Security Bulletin MS04-11?
"Save Internet, Keep all the systems patched"
Web: http://alfaisaliah.com
-----------------------------------------------------
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom/which they are addressed. If you have received this email in error please notify the system manager at the following email address: [EMAIL PROTECTED]
-----------------------------------------------------
