AD Orphaned Server issues

  • Thread starter Thread starter geXen
  • Start date Start date
G

geXen

Hello,
We had a DC that died and we decided to retire. I am trying to
clean-up some leftovers, but I am experiencing an issuer.

On all DC's the fSMORoleOwner was messed up for the Domains and the
Forests and contained the orphaned user. We have two sites. One the
site that didn't contain the the dead server, I was able to change the
attribute for the server without any issue. However, on the site that
did have the orphaned server, when I try to change the attribute I get
the following error "The role owner attribute could not be read"

Any ideas?
 
You will need to clean up your metadata and seize your fsmo roles.

Role Seizure
http://support.microsoft.com/default.aspx?scid=kb;en-us;255504

Metadata Cleanup
http://support.microsoft.com/?id=216498

Once this is complete, let it settle a couple of hours and then you should
run diagnostics against your Active Directory domain.

If you don't have the tools installed, install them from your server install
disk.
d:\support\tools\setup.exe

Run dcdiag and netdiag in verbose mode.

If you download a gui script I wrote it should be simple to set and run. It
also has the option to run individual tests without having to learn all the
switch options. The details will be output in notepad text files that pop
up automagically.

The script is located in the download section on my website at
http://www.pbbergs.com

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.
 
Paul,
I completed those steps months ago, but it didn't change this for some
reason. If you look at all the domain controllers and view the FSMO's
through ntdsutil, they all are pointed correctly. The only reaosn I
know about these is because we just installed MOM and it is having
problems running some scripts. dcdiag runs fine, the only error in
netdiag is

DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly
on DNS se
rver '172.16.1.250'. Please wait for 30 minutes for DNS server
replication.
 
OK, but that doesn't help out with my original problem. Has anybody
seen this error message before and know how to fix it?
 
Sounds like your replication is completely dorked, you don't have to fix this on
a site by site basis if your replication is working.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
Back
Top