Similarly: http://blog.mpecsinc.ca/2011/03/ad-ds-operation-failed-directory.html
Dave From: [email protected] [mailto:[email protected]] On Behalf Of Joe Tinney Sent: Monday, April 06, 2015 12:47 PM To: [email protected] Subject: Re: [NTSysADM] DCPROMO demote failing I ran into a similar situation and this did the trick : http://blogs.technet.com/b/the_9z_by_chris_davis/archive/2011/12/20/forestdnszones-or-domaindnszones-fsmo-says-the-role-owner-attribute-could-not-be-read.aspx Ran the VBScript and was good to go. On Apr 6, 2015 3:06 PM, "Michael Leone" <[email protected]<mailto:[email protected]>> wrote: I am in the process of testing my new cloned domain, and all was going OK. I cleaned up eveything, removing all non-existent DCs; everything passed all repadmin, dcdiag and dnslint tests. So I added a new Win2012 R2 DC to the parent domain; went fine. Demoted the Win2008 R2 DC there (leaving only the Win2012 R2 DC); that went fine. Added a Win2012 R2 DC to the child domain; that went fine. All dcdiag, repadmin, dnslint tests pass fine. Trying to demote the Win2008 R2 DC in the child, and that's where I am getting: ----- Operation failed because AD DS could not transfer the remaining data in directory partition DC=DomainDnsZones, DC=<etc> to AD DC \\<Win2012R2-DC.<child>.<domain<file:///\\%3cWin2012R2-DC.%3cchild%3e.%3cdomain>> "The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles." ----- I know it knows where the FSMO roles are, because I checked that before trying to demote it. All the roles were held by the other DC (the Win2012 R2 DC). The DCPROMO.LOG says: Ownership of the following FSMO role is set to a server which is deleted or does not exist. FSMO Role: CN=Infrastructure,DC=DomainDnsZones,DC=<etc> FSMO Server DN: CN=NTDS Settings\0ADEL:<GUID>,CN=<name of previously removed DC>\0aDEL:<different GUID> Here's the weird thing: NETDOM QUERY FSMO shows the correct Infrastructure master (the Win2012 R2 DC). I also see it via the GUI in ADUC. So something buried somewhere deep thinks that one of the removed DCs still holds this role, even tho most everything else thinks the correct DC has it. So how do I fix this? (these are all testing upgrading my domains from Win2008 R2 to Win2012 R2. I can upgrade the domain/forect level until I get rid of the Win2008 R2 DCs. This is all being done on my isolated network) The log suggests manually transferring the roles (which I did before starting the demotion). I did a manual "Replication Now" from Sites and Services, and "repadmin /replsummary" shows no failures. So where do I go from here? Attention: Information contained in this message and or attachments is intended only for the recipient(s) named above and may contain confidential and or privileged material that is protected under State or Federal law. If you are not the intended recipient, any disclosure, copying, distribution or action taken on it is prohibited. If you believe you have received this email in error, please contact the sender, delete this email and destroy all copies.
