AD Demotion

I am currently helping a customer with upgrading all of their old DCs. When I tried to demote one of the DCs I got the following error message:

Title bar text: Active Directory Domain Services Installation Wizard
Message Text:
The operation failed because:
Active Directory Domain Services could not transfer the remaining data in directory partition
DC=DomainDNSZones,DC=<DNS domain name>
to
Active Directory Domain Controller
\\OtherDC
“The directory service is missing mandatory configuration
information, and is unable to determine the ownership of floating single-master operation roles.”

The problem is that each of the application Partitions for DNS has a FSMO and this name is present in more than one place. If these location does not match you will get the above error. To verify that this is actually the problem you can check the following parameters in ADSI Edit:

In ADSI edit connect to Default naming context and browse to CN=Infrastructure,DC=domain,DC=local and verify fSMORoleOwner

Then connect to CN=Infrastructure,DC=DomainDNSZones,DC=domain,DC=local and check that the fSMORoleOwner is the same as above. Perform the same operation for CN=Infrastructure,DC=ForestDNSZones,DC=domain,DC=local

If these do not match up the is a VB Script from MS you can use to fix it:

const ADS_NAME_INITTYPE_GC = 3
const ADS_NAME_TYPE_1779 = 1
const ADS_NAME_TYPE_CANONICAL = 2

set inArgs = WScript.Arguments

if (inArgs.Count = 1) then
    ‘ Assume the command line argument is the NDNC (in DN form) to use.
    NdncDN = inArgs(0)
Else
    Wscript.StdOut.Write “usage: cscript fixfsmo.vbs NdncDN”
End if

if (NdncDN <> “”) then

    ‘ Convert the DN form of the NDNC into DNS dotted form.
    Set objTranslator = CreateObject(“NameTranslate”)
    objTranslator.Init ADS_NAME_INITTYPE_GC, “”
    objTranslator.Set ADS_NAME_TYPE_1779, NdncDN
    strDomainDNS = objTranslator.Get(ADS_NAME_TYPE_CANONICAL)
    strDomainDNS = Left(strDomainDNS, len(strDomainDNS)-1)
    Wscript.Echo “DNS name: ” & strDomainDNS

    ‘ Find a domain controller that hosts this NDNC and that is online.
    set objRootDSE = GetObject(“LDAP://” & strDomainDNS & “/RootDSE”)
    strDnsHostName = objRootDSE.Get(“dnsHostName”)
    strDsServiceName = objRootDSE.Get(“dsServiceName”)
    Wscript.Echo “Using DC ” & strDnsHostName

    ‘ Get the current infrastructure fsmo.
    strInfraDN = “CN=Infrastructure,” & NdncDN
    set objInfra = GetObject(“LDAP://” & strInfraDN)
    Wscript.Echo “infra fsmo is ” & objInfra.fsmoroleowner

    ‘ If the current fsmo holder is deleted, set the fsmo holder to this domain controller.

    if (InStr(objInfra.fsmoroleowner, “\0ADEL:”) > 0) then

        ‘ Set the fsmo holder to this domain controller.
        objInfra.Put “fSMORoleOwner”,  strDsServiceName
        objInfra.SetInfo

        ‘ Read the fsmo holder back.
        set objInfra = GetObject(“LDAP://” & strInfraDN)
        Wscript.Echo “infra fsmo changed to:” & objInfra.fsmoroleowner

    End if

End if

Paste it into a file called fixfsmo.vbs and run it

cscript fixfsmo.vbs DC=ForestDnsZones,DC=domain,DC=local
cscript fixfsmo.vbs DC=DomainDnsZones,DC=domain,DC=local

Leave a Reply