Most Domain Controllers are now Windows 2012
Forest and Domain functional level is Windows 2008 R2
---
Trying to dcpromo a Windows 2008 R2 domain controller down to member server and during dcpromo got a message:
The operation failed because:
Active Directory Domain Services could not transfer the remaining data in directory partition
DC=ForestDNSZones, DC=<domainname>,DC=org to
Active Directory Domain Controller \\DCNAME.domainname.org.
"The directory service is missing mandatory configuration
information, and is unable to determine the ownership of floating
single-master operation roles."
---
Running DCDIAG on the server - NCSecDesc fails
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=domain,DC=org
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=domain,DC=org
One of the TechNet articles says that adprep /rodcprep from Windows 2008 R2 needs to be run and would eliminate the NCSecDesc fail error.
Can I still run adprep /rodcprep even after Windows 2012 domain controllers have been added to the domain (which I understand changes the schema during insertion of Windows 2012 domain controller)?
What options do I have to resolve getting the Windows 2008 R2 domain controller dcpromo'ed down to member server?
Thanks,
F.Palacio
