I have two a Server 2008 R2 Domain Controllers. CrDC was the primary DC until yesterday when I transferred the FSMO roles to OuDC (my other DC). While attempting to demote CrDC. I Get the following error:
The operation failed because:
Active Directory Domain Services could not transfer the remaining data in directory partition DC=ForestDnsZones,DC=mydomain,DC=local to
Active Directory Domain Controller \\OuDC.domain.local.
"The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles."
-AND-
Remote directory server:
\\OuDC.domain1.local
This is preventing removal of this directory server.
User Action
Investigate why the remote directory server might be unable to accept the operations master roles, or manually transfer all the roles that are held by this directory server to the remote directory server. Then, try to remove this directory server again.
Additional Data
Error value:
5005 The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.
Extended error value:
0
Internal ID:
52498735
I have ran all of the NDTSUTIL fixes and I believe that I have come to the root of the problem but I’m not positive and I don’t know how to fix it. We used to have and Windows Server 2003 Domain Controller named TIGER and I believe that it was not demotedcorrectly more than a year ago because I keep getting the following error and I believe it may have to do with this (Please notice: CN=TIGER):
Ownership of the following FSMO role is set to a server which is deleted or does not exist.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: CN=Infrastructure,DC=ForestDnsZones,DC=mydomain,DC=local
FSMO Server DN: CN=NTDS Settings\0ADEL:bab2a84f-a8da-44c7-a3db-be79abf0f2c9,CN=TIGER\0ADEL:ea6e167e-72df-49ab-b521-6ab1ef4c9657,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain1.DC=local
User Action:
1. Determine which server should hold the role in question.
2. Configuration view may be out of date. If the server in question has been promoted recently, verify that the Configuration partition has replicated from the new server recently. If the server in question has been demoted recently and the role transferred, verify that this server has replicated the partition (containing the latest role ownership) lately.
3. Determine whether the role is set properly on the FSMO role holder server. If the role is not set, utilize NTDSUTIL.EXE to transfer or seize the role. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.
4. Verify that replication of the FSMO partition between the FSMO role holder server and this server is occurring successfully.
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
Any help will be greatly appreciated!