I am trying to remove a 2008 R2 DC from our domain but receive this error:
"Directory Service is missing mandatory configuration information...unable to determine ownership of floating single-master operation roles"
In the even log we have this additional error:
Error:
Ownership of the following FSMO role is set to a server which is deleted or does not exist.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: CN=Infrastructure,DC=DomainDnsZones,DC=lvcinc,DC=local
FSMO Server DN: CN=NTDS Settings\0ADEL:464a6261-2c82-4ac1-b2b2-144d2e5e1b74,CN=SDOCS1\0ADEL:27fa192a-1f79-4a62-9557-d14ce99406d9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lvcinc,DC=local
User Action:
1. Determine which server should hold the role in question.
2. Configuration view may be out of date. If the server in question has been promoted recently, verify that the Configuration partition has replicated from the new server recently. If the server in question has been demoted recently and the role transferred, verify that this server has replicated the partition (containing the latest role ownership) lately.
3. Determine whether the role is set properly on the FSMO role holder server. If the role is not set, utilize NTDSUTIL.EXE to transfer or seize the role. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.
4. Verify that replication of the FSMO partition between the FSMO role holder server and this server is occurring successfully.
Steps to try resolving:
Investigating the above error - it is referencing a Very old DC from a few years ago "SDOCS1". See bold type above.
1. Ran DCDiag /v /q on all servers and the only errors we receive are the ones that are manifested due to NOT having run the RODC switch with ADPREP
(Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=lvcinc,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=lvcinc,DC=local
......................... SVHOST2 failed test NCSecDesc
2. Checked the location of the FSMO roles and they are all located on our SDC1 server. I even transferred the Infrastructure FSMO role to a different server and the DCPROMO to remove the server still failed with the same above error.
3. Ran through the "Seizing" of the roles specified by this KB: http://support.microsoft.com/kb/255504. The server mentioned in the error (SDOCS1) doesn't hold any of the roles and isn't listed in the list of servers
3. Went through this KB about removing the metadata of the defunct server: http://support.microsoft.com/kb/216498. The server mentioned doesn't exist in any of the locations.
I'm at a loss as to how to resolve this. Somewhere the AD Database has a reference to that old server (SDOCS1). I have looked in all the obvious places in ADSIEDIT and DNS and have found no reference to it.
I know I can do a force removal of this server (SVHOST2) - but it seems that I need to fix the greater problem of removing the referencen to SDOCS1.
Thanks for any help for this perplexing issue!
-David Miller