Orphaned domain controller?

  • Thread starter Thread starter michael
  • Start date Start date
M

michael

Hello
I am wondering if i have an orphaned domain controller. I see the
server showing up in AD U&C and in AD S&S as one of the domain
controllers for the domain. But when i try to demote the server using
dcpromo the first screen that pops up states that "this wizard will
help you install active directory services on this server, making this
server a domain controller". The next screen states "specify the role
you want this server to have" domain controller for new domain, or
additional domain controller for existing domain. So it seems that
even though the server is showing up a DC it must not really be. Is
this an orphaned domain controller? I'm asking this because when i
try and run adprep /forestprep to prepare the domain for win2k3
servers. I get an error Failed to transfer the schema FSMO role: 52.
Thanks
 
Hello Michael,

What do the event logs say on the orphaned domain controller and on
"working" domain controllers? Any strange entries? Can you give me some more
information?

Rick Claus [MSFT], MCSE
TechNet CDN - IT Pro Advisor

No Email Please... This alias is for newsgroup purposes only.
This posting is provided “AS IS†with no warranties and confers no rights.
 
In addition to what Michael suggested, what happens if you look at the
object in the ADSS MMC? Is there an NTDS Settings underneath the computer
object?

What happens if you run dcdiag /c /v on your 'working' Domain Controllers?

HTH,

Cary
 
The orphaned domain controller(or the one in question)
doesn't have a directory service key in the event log.
There is nothing of note in the system log. The
application log does mention that it can't contact the
license logging service on the operations master(warning
event 213)on two different attempts in the past week. The
system log on the operations master reports a netlogon
warning 5781(dynamic registration of one or more dns
records failed because no Dns servers are available)4
times in the last week. This though was all in one day
and came after the operations master went offline for a
while after adprep /forestprep failed. This message isn't
showing up currently. The app log on op master shows
nothing of note. There is one more DC and that reports an
8021 browser warning(browser was unable to retrieve a list
of servers from browser master)on 10 different occasions
in the past week. 9 of these happened during the time Op
master went offline and it's showed up only once since
then. These are the things of note in the domain in the
past week. Thanks
-----Original Message-----
Hello Michael,

What do the event logs say on the orphaned domain controller and on
"working" domain controllers? Any strange entries? Can you give me some more
information?

Rick Claus [MSFT], MCSE
TechNet CDN - IT Pro Advisor

No Email Please... This alias is for newsgroup purposes only.
This posting is provided â?oAS ISâ? with no warranties and confers no rights.

michael said:
Hello
I am wondering if i have an orphaned domain controller. I see the
server showing up in AD U&C and in AD S&S as one of the domain
controllers for the domain. But when i try to demote the server using
dcpromo the first screen that pops up states that "this wizard will
help you install active directory services on this server, making this
server a domain controller". The next screen states "specify the role
you want this server to have" domain controller for new domain, or
additional domain controller for existing domain. So it seems that
even though the server is showing up a DC it must not really be. Is
this an orphaned domain controller? I'm asking this because when i
try and run adprep /forestprep to prepare the domain for win2k3
servers. I get an error Failed to transfer the schema FSMO role: 52.
Thanks
.
 
Look in dns do you see _msdcs, _sites, _tcp, _udp see if the server has
services listed in there. Also load up adsiedit and check to see the
domain; go to your domain - dc = xxx, cn=system,cn=file replication service,
cn = domain system volume and see if you find the server there. My guess is
you don't but these are places the system references activity related to
your dc's.

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.



The orphaned domain controller(or the one in question)
doesn't have a directory service key in the event log.
There is nothing of note in the system log. The
application log does mention that it can't contact the
license logging service on the operations master(warning
event 213)on two different attempts in the past week. The
system log on the operations master reports a netlogon
warning 5781(dynamic registration of one or more dns
records failed because no Dns servers are available)4
times in the last week. This though was all in one day
and came after the operations master went offline for a
while after adprep /forestprep failed. This message isn't
showing up currently. The app log on op master shows
nothing of note. There is one more DC and that reports an
8021 browser warning(browser was unable to retrieve a list
of servers from browser master)on 10 different occasions
in the past week. 9 of these happened during the time Op
master went offline and it's showed up only once since
then. These are the things of note in the domain in the
past week. Thanks
-----Original Message-----
Hello Michael,

What do the event logs say on the orphaned domain controller and on
"working" domain controllers? Any strange entries? Can you give me some more
information?

Rick Claus [MSFT], MCSE
TechNet CDN - IT Pro Advisor

No Email Please... This alias is for newsgroup purposes only.
This posting is provided â?oAS ISâ? with no warranties and confers no rights.

michael said:
Hello
I am wondering if i have an orphaned domain controller. I see the
server showing up in AD U&C and in AD S&S as one of the domain
controllers for the domain. But when i try to demote the server using
dcpromo the first screen that pops up states that "this wizard will
help you install active directory services on this server, making this
server a domain controller". The next screen states "specify the role
you want this server to have" domain controller for new domain, or
additional domain controller for existing domain. So it seems that
even though the server is showing up a DC it must not really be. Is
this an orphaned domain controller? I'm asking this because when i
try and run adprep /forestprep to prepare the domain for win2k3
servers. I get an error Failed to transfer the schema FSMO role: 52.
Thanks
.
 
Yes there is an NTDS setting, for the possible orphan,
underneath the computer object in ADSS MMC. It does have
the same automatically generated entrys as the other two
dc's. The dcdiag output is as shown below(this was ran
from the op master).

DC Diagnosis

Performing initial setup:
* Verifing that the local machine <server name>, is a
DC.
* Connecting to directory service on server <server
name>.
* Collecting site info.
* Identifying all servers.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\<SERVER NAME>
Starting test: Connectivity
* Active Directory LDAP Services Check
The host å% could not be resolved to a valid IP
address.
Check the DNS server, DHCP, server name, etc
......................... <SERVER NAME> failed
test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\<SERVER NAME>
Skipping all tests, because server <SERVER NAME> is
not responding to directory service requests

Running enterprise tests on : <enterprise fqdn>
Starting test: Intersite
Skipping site Default-First-Site-Name, this site
is outside the scope
provided by the command line arguments provided.
......................... <enterprise fqdn>
passed test Inters
ite
Starting test: FsmoCheck
GC Name: \\<server name>.<enterprise fqdn>
Locator Flags: 0xe00001fd
PDC Name: \\<server name>.<enterprise fqdn>
Locator Flags: 0xe00001fd
Time Server Name: \\<server name>.<enterprise
fqdn>
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\<server
name>.<enterprise fqdn>
Locator Flags: 0xe00001fd
KDC Name: \\<server name>.<enterprise fqdn>
Locator Flags: 0xe00001fd
......................... <enterprise fqdn>
passed test FsmoCh
eck

C:\>


C:\>
 
Actually, yes the server is referenced in dns under the
msdcs, sites, tcp and udp. It has kerberos,ldap and
kpassword entries under these keys. And yes the possible
orphan server is listed under the adsi key you described
as well. Should i delete one or both of these entries.
-----Original Message-----
Look in dns do you see _msdcs, _sites, _tcp, _udp see if the server has
services listed in there. Also load up adsiedit and check to see the
domain; go to your domain - dc = xxx, cn=system,cn=file replication service,
cn = domain system volume and see if you find the server there. My guess is
you don't but these are places the system references activity related to
your dc's.

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.



The orphaned domain controller(or the one in question)
doesn't have a directory service key in the event log.
There is nothing of note in the system log. The
application log does mention that it can't contact the
license logging service on the operations master(warning
event 213)on two different attempts in the past week. The
system log on the operations master reports a netlogon
warning 5781(dynamic registration of one or more dns
records failed because no Dns servers are available)4
times in the last week. This though was all in one day
and came after the operations master went offline for a
while after adprep /forestprep failed. This message isn't
showing up currently. The app log on op master shows
nothing of note. There is one more DC and that reports an
8021 browser warning(browser was unable to retrieve a list
of servers from browser master)on 10 different occasions
in the past week. 9 of these happened during the time Op
master went offline and it's showed up only once since
then. These are the things of note in the domain in the
past week. Thanks
-----Original Message-----
Hello Michael,

What do the event logs say on the orphaned domain controller and on
"working" domain controllers? Any strange entries? Can you give me some more
information?

Rick Claus [MSFT], MCSE
TechNet CDN - IT Pro Advisor

No Email Please... This alias is for newsgroup purposes only.
This posting is provided â?oAS ISâ? with no warranties and confers no rights.

michael said:
Hello
I am wondering if i have an orphaned domain controller. I see the
server showing up in AD U&C and in AD S&S as one of the domain
controllers for the domain. But when i try to demote the server using
dcpromo the first screen that pops up states that "this wizard will
help you install active directory services on this server, making this
server a domain controller". The next screen states "specify the role
you want this server to have" domain controller for new domain, or
additional domain controller for existing domain. So it seems that
even though the server is showing up a DC it must not really be. Is
this an orphaned domain controller? I'm asking this because when i
try and run adprep /forestprep to prepare the domain for win2k3
servers. I get an error Failed to transfer the schema FSMO role: 52.
Thanks
.


.
 
See this tech article. It sounds like you need to cleanup your AD.

http://support.microsoft.com/default.aspx?scid=kb;en-us;216498

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.



Actually, yes the server is referenced in dns under the
msdcs, sites, tcp and udp. It has kerberos,ldap and
kpassword entries under these keys. And yes the possible
orphan server is listed under the adsi key you described
as well. Should i delete one or both of these entries.
-----Original Message-----
Look in dns do you see _msdcs, _sites, _tcp, _udp see if the server has
services listed in there. Also load up adsiedit and check to see the
domain; go to your domain - dc = xxx, cn=system,cn=file replication service,
cn = domain system volume and see if you find the server there. My guess is
you don't but these are places the system references activity related to
your dc's.

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.



The orphaned domain controller(or the one in question)
doesn't have a directory service key in the event log.
There is nothing of note in the system log. The
application log does mention that it can't contact the
license logging service on the operations master(warning
event 213)on two different attempts in the past week. The
system log on the operations master reports a netlogon
warning 5781(dynamic registration of one or more dns
records failed because no Dns servers are available)4
times in the last week. This though was all in one day
and came after the operations master went offline for a
while after adprep /forestprep failed. This message isn't
showing up currently. The app log on op master shows
nothing of note. There is one more DC and that reports an
8021 browser warning(browser was unable to retrieve a list
of servers from browser master)on 10 different occasions
in the past week. 9 of these happened during the time Op
master went offline and it's showed up only once since
then. These are the things of note in the domain in the
past week. Thanks
-----Original Message-----
Hello Michael,

What do the event logs say on the orphaned domain controller and on
"working" domain controllers? Any strange entries? Can you give me some more
information?

Rick Claus [MSFT], MCSE
TechNet CDN - IT Pro Advisor

No Email Please... This alias is for newsgroup purposes only.
This posting is provided â?oAS ISâ? with no warranties and confers no rights.

michael said:
Hello
I am wondering if i have an orphaned domain controller. I see the
server showing up in AD U&C and in AD S&S as one of the domain
controllers for the domain. But when i try to demote the server using
dcpromo the first screen that pops up states that "this wizard will
help you install active directory services on this server, making this
server a domain controller". The next screen states "specify the role
you want this server to have" domain controller for new domain, or
additional domain controller for existing domain. So it seems that
even though the server is showing up a DC it must not really be. Is
this an orphaned domain controller? I'm asking this because when i
try and run adprep /forestprep to prepare the domain for win2k3
servers. I get an error Failed to transfer the schema FSMO role: 52.
Thanks
.


.
 
Back
Top