Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Errors with FSMO Role owner, and it's very urgent.

Status
Not open for further replies.
swemho

swemho

MIS
Jun 13, 2001
12
0
0
SE
We had a little problem in our AD, one of our dc's (also exchange server) went dead, so in replacing it we could do a proper demotion, thus it is still "on the network".

I've used ntdsutil do clean up the metadata and remove it that way, and removed it from Active Directory Domains and Trusts. So this far it all seems fine, and the second (we only have 2) domain controller should seize control of the schema etc after approx 15 minutes, but it doesn't.
I've tried to use ntdsutil and Active Directory Schema mmc to change the schema master, but without result. It just can't be done, it claims that the old server is still the schema master. And I do not understand this since I have done virtually everything in my power to remove it from our AD.

The real problem is that I cannot install exchange on the new server because I cannot do /forestprep nor /domainprep, thus no installation. Because it claims that it cannot access the Active Directory, nor contact the Schema master. Alas we have no mail.
Can someone give me some helpful tips ?

Best Regards,

Marcus Hansebo
 
Sort by date Sort by votes
What security rights does the user you are using to attempt to run this have? It sounds like you have a fair idea what you are doing and don't mean to ask a simple question, just wondering if this user has sufficient rights?

The user will need Enterprise Admins/Schema Admins permssions.

Cheers.
 
Upvote 0 Downvote
I'm an enterprise admin, and schema admin, well basically I'm every admin there is =).

The thing is I wasn't in place when this domain controller went ballistic on us, so I couldn't really see if I could help out in phase one. So it feels like the who AD is messed up.

But it looks like if it all comes down to the schema.
 
Upvote 0 Downvote
Can't you just take ownership of the FSMO role onto your other DC?
 
Upvote 0 Downvote
as I mentioned earlier, I've tried to use ntdsutil and the Schema MMC, but it is not possible to change the schema master, it says it cannot contact the current schema master DOH, of course it can't it's not there. But the strange this is that I have manually removed the old DC, so it should automatically transfer that role, which it doesn't. And this should as you say leave me with the manual option, which also fails. Thus I'm in knee deep shit. I don't feel like reinstalling the whole AD (no we don't have any backups of the AD) just because of this. There ought to be some hacking way of achieving what I want.
 
Upvote 0 Downvote
Go to Active Directory Users and Computers, at the top level right-click and properties, check the RID allocation etc. and take control of the roles.

Does this help?
 
Upvote 0 Downvote
Sorry, I just checked, it's not properties, it's operations masters...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Question
Problem with PDFs in IIS
Replies
1
Views
244
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
143
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
84
DrB0b
DrB0b
Scparks
  • Locked
  • Question
Trouble with setting up a SMTP Relay to Office 365
Replies
0
Views
52
Scparks
Scparks
lacked
  • Locked
  • Question
problem with windows update on windows server 2016
Replies
1
Views
55
maybeimaleo
maybeimaleo

Part and Inventory Search

Sponsor

Back
Top