I'm banging my head here with this one. I'm attempting to demote a dc. It does not hold any fsmo roles. During the demotion I get the following error
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 4/30/2013 3:46:22 PM
Event ID: 2091
Task Category: Replication
Level: Warning
Keywords: Classic
User: ANONYMOUS LOGON
Computer: CLEDC01.na.int-bn.com
Description:
Ownership of the following FSMO role is set to a server which is deleted or does not exist.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: CN=Infrastructure,DC=ForestDnsZones,DC=int-bn,DC=com
FSMO Server DN: CN=NTDS Settings\0ADEL:2c0d9858-bc90-4f7b-855c-14679708327a,CN=BN01\0ADEL:6439b4e8-a515-4d76-abaf-420a6dcb8c8d,CN=Servers,CN=COL,CN=Sites,CN=Configuration,DC=int-bn,DC=com
User Action:
1. Determine which server should hold the role in question.
2. Configuration view may be out of date. If the server in question has been promoted recently, verify that the Configuration partition has replicated from the new server recently. If the server in question has been demoted recently and the role transferred,
verify that this server has replicated the partition (containing the latest role ownership) lately.
3. Determine whether the role is set properly on the FSMO role holder server. If the role is not set, utilize NTDSUTIL.EXE to transfer or seize the role. This may be done using the steps provided in KB articles 255504 and 324801 onhttp://support.microsoft.com.
4. Verify that replication of the FSMO partition between the FSMO role holder server and this server is occurring successfully.
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
<EventID Qualifiers="32768">2091</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>5</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2013-04-30T19:46:22.183617700Z" />
<EventRecordID>27955</EventRecordID>
<Correlation />
<Execution ProcessID="476" ThreadID="4040" />
<Channel>Directory Service</Channel>
<Computer>CLEDC01.na.int-bn.com</Computer>
<Security UserID="S-1-5-7" />
</System>
<EventData>
<Data>CN=Infrastructure,DC=ForestDnsZones,DC=int-bn,DC=com</Data>
<Data>CN=NTDS Settings\0ADEL:2c0d9858-bc90-4f7b-855c-14679708327a,CN=BN01\0ADEL:6439b4e8-a515-4d76-abaf-420a6dcb8c8d,CN=Servers,CN=COL,CN=Sites,CN=Configuration,DC=int-bn,DC=com</Data>
</EventData>
</Event>
The server in question is a server that at one point was a DC but was demoted years before this DC was even joined to domain. I have no issues demoting a 2003 DC this seems to only be on this or maybe other 2008 DC's.
I checked out this link http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/72640045-616b-4b6c-8fc4-e30dd8463402/ and but i'm not sure the best approach here. I'm not sure if I should try this script or just force remove.
A netdom command shows all the FSMO roles that are current. Not sure what else to try to take this out gracefully.
Thanks
RS