OK! That seemed to work. I did have to force a replication in Sites and Services. In Sites and Services, I did have to remove the now demoted Win2008 R2 DC (as expected). Now the Site has only 2 servers - 1 parent DC, 1 child DC.
However, in the NTDS Settings of the parent DC, I did see an entry that say says <Win2008 R2 DC>\DEL:<guid>". Once I told it to replicate, it did go away. DCDIAG is showing some eventID 0xC0000583 errors - failed to construct an SPN - on the parent DC. I'm hoping those are just transitory ... I will keep an eye on it, but I *think* it's all OK now. On Tue, Apr 7, 2015 at 8:29 AM, Michael Leone <[email protected]> wrote: > Thanks. I'd seen that link, and also: > > > http://networkadminkb.com/KB/a350/how-to-fix-unable-to-determine-ownership-floating-single.aspx > > And was able to find the corrupted entry. That first link says to also do > the same for the ForestDnsZones, but I am doing a child domain, so there is > a different Infrastructure Master for the parent and for the child. > > I will try demoting that in a little bit, and report back ... > > On Mon, Apr 6, 2015 at 4:08 PM, Dave Lum <[email protected]> wrote: > >> Similarly: >> http://blog.mpecsinc.ca/2011/03/ad-ds-operation-failed-directory.html >> >> >> >> Dave >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Joe Tinney >> *Sent:* Monday, April 06, 2015 12:47 PM >> *To:* [email protected] >> *Subject:* Re: [NTSysADM] DCPROMO demote failing >> >> >> >> I ran into a similar situation and this did the trick : >> http://blogs.technet.com/b/the_9z_by_chris_davis/archive/2011/12/20/forestdnszones-or-domaindnszones-fsmo-says-the-role-owner-attribute-could-not-be-read.aspx >> >> Ran the VBScript and was good to go. >> >> On Apr 6, 2015 3:06 PM, "Michael Leone" <[email protected]> wrote: >> >> I am in the process of testing my new cloned domain, and all was going >> OK. I cleaned up eveything, removing all non-existent DCs; everything >> passed all repadmin, dcdiag and dnslint tests. >> >> >> >> So I added a new Win2012 R2 DC to the parent domain; went fine. Demoted >> the Win2008 R2 DC there (leaving only the Win2012 R2 DC); that went fine. >> Added a Win2012 R2 DC to the child domain; that went fine. All dcdiag, >> repadmin, dnslint tests pass fine. >> >> >> >> Trying to demote the Win2008 R2 DC in the child, and that's where I am >> getting: >> >> >> >> ----- >> >> Operation failed because AD DS could not transfer the remaining data in >> directory partition DC=DomainDnsZones, DC=<etc> to AD DC >> \\<Win2012R2-DC.<child>.<domain> >> >> >> >> "The directory service is missing mandatory configuration information, >> and is unable to determine the ownership of floating single-master >> operation roles." >> >> ----- >> >> >> >> I know it knows where the FSMO roles are, because I checked that before >> trying to demote it. All the roles were held by the other DC (the Win2012 >> R2 DC). >> >> >> >> The DCPROMO.LOG says: >> >> >> >> Ownership of the following FSMO role is set to a server which is deleted >> or does not exist. >> >> FSMO Role: CN=Infrastructure,DC=DomainDnsZones,DC=<etc> >> >> FSMO Server DN: CN=NTDS Settings\0ADEL:<GUID>,CN=<name of previously >> removed DC>\0aDEL:<different GUID> >> >> >> >> Here's the weird thing: NETDOM QUERY FSMO shows the correct >> Infrastructure master (the Win2012 R2 DC). I also see it via the GUI in >> ADUC. So something buried somewhere deep thinks that one of the removed DCs >> still holds this role, even tho most everything else thinks the correct DC >> has it. >> >> >> >> So how do I fix this? >> >> (these are all testing upgrading my domains from Win2008 R2 to Win2012 >> R2. I can upgrade the domain/forect level until I get rid of the Win2008 R2 >> DCs. This is all being done on my isolated network) >> >> >> >> The log suggests manually transferring the roles (which I did before >> starting the demotion). I did a manual "Replication Now" from Sites and >> Services, and "repadmin /replsummary" shows no failures. >> >> >> >> So where do I go from here? >> >> Attention: Information contained in this message and or attachments is >> intended only for the recipient(s) named above and may contain confidential >> and or privileged material that is protected under State or Federal law. If >> you are not the intended recipient, any disclosure, copying, distribution >> or action taken on it is prohibited. If you believe you have received this >> email in error, please contact the sender, delete this email and destroy >> all copies. >> > >
