Transfer the forest-Level Operations Master Roles

Discussion in 'Active Directory' started by Stuart, Mar 21, 2005.

  1. Stuart

    Stuart Guest

    I am trying to decommission a DC and have been following the steps required
    from Technet but have crossed a stumbling block. It will not allow me to
    transfer the Domain Naming Master or the Schema Master to the proposed new DC.

    I have tried this two ways:
    1. Via Operations Manager
    2. Via dcpromo to decommission the current DC

    By using the operations manager i get the following message:
    "The transfer of the operations master role cannot be performed because:
    The requested FSMO operation failed. The current FSMO holder could not be
    contacted" (Even though the current FSMO holder is the server I am running
    the Op Manager from)

    By using the dcpromo i get the following message:
    "The directory service was unable to transfer ownership of one or more
    floating single-master roles to the other servers"

    All tests (netdiag /test:dns) pass successfully as does verifying
    communication with other DC and Verify the existance of operations masters.

    What am i missing?
    Stuart, Mar 21, 2005
    1. Advertisements

  2. You are missing the third way of transferring the roles - Just seize them
    using the ntdsutil command line
    However you should really solve the underlying problem before a direct



    Mike Brannigan [Microsoft]

    This posting is provided "AS IS" with no warranties, and confers no

    Please note I cannot respond to e-mailed questions, please use these
    Mike Brannigan [MSFT], Mar 21, 2005
    1. Advertisements

  3. Hi Stuart

    Is there a Global Catalog on the server holding the Domain Name Master role?

    Michael Iversen
    Michael Iversen, Mar 21, 2005
  4. Stuart

    ptwilliams Guest

    The requested FSMO operation failed. The current FSMO holder could not be
    You shouldn't be running on the server. To transfer using the GUI you logon
    to the server you wish to transfer to and 'pull'. Plus, these are the
    enterprise roles, which means that if you're in a child domain you'll need
    to be EA or have the appropriate delegated rights.

    As others have mentioned, are there any DCs that have been ungracefully
    removed? That is, have there been DCs that are no longer??


    Paul Williams
    ptwilliams, Mar 21, 2005
  5. Stuart

    Stuart Guest

    Yeah, I have set the second DC server to be a GC and the original DC is also
    a GC and is holding the Domain Name Master role.
    Stuart, Mar 22, 2005
  6. In
    Whenever an object goes beyond the tombstone, you are usually SOL (short on
    luck) trying to get it back. However, there *may* be some hope. Here's a
    little snippet from my own private blogs (I haven't published them yet):

    Force DC replication of a tombstoned DC and dealing with lingering objects:

    First cleanup lingering objects as these might exist!

    One each DC:

    Create a REG_DWORD value called:
    "Allow Replication With Divergent and Corrupt Partner"
    Enter value of 1.

    Restart Netlogon

    Then force replication in Sites and Services. If there are multiple Sites,
    you'll have to wait for your configured schedule for this to propagate to
    all DCs. We must keep in mind however, that whatever caused this, it
    happened back before Oct 25 (according to the dcdiag). The replication
    issues MUST be addressed or replication errors will continue and cause these
    errors again.

    Once completed and you've insured replication is occuring, return the value
    in Allow Replication With Divergent and Corrupt Partner to 0 to not allow it
    to replicate outdated data.

    Event IDs possibily associated with: Event ID 2042's, 2023, 1398, 1988,
    1864, NTFRS, NTDS, or similar errors.

    Event ID 1388 or 1988 A lingering object is detected Active Directory:

    Event ID 2042: It has been too long since this machine replicated:

    Active Directory Inside Out (5 of 10): DNS Features and Configuration (First

    Things to consider when a Windows Server 2003-based domain controller or a
    Windows 2000-based domain controller runs in a virtual environment (VPC or

    Innovative IT Concepts, Inc (IITCI)
    Willow Grove, PA

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft MVP - Directory Services
    Microsoft Certified Trainer

    Having difficulty reading or finding responses to your post?
    Instead of the website you're using, I suggest to use OEx (Outlook Express
    or any other newsreader), and configure a news account, pointing to This is a direct link to the Microsoft Public
    Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
    to easily find, track threads, cross-post, sort by date, poster's name,
    watched threads or subject.
    It's easy:

    How to Configure OEx for Internet News

    Infinite Diversities in Infinite Combinations
    Assimilation Imminent. Resistance is Futile
    "Very funny Scotty. Now, beam down my clothes."

    The only constant in life is change...
    Ace Fekay [MVP], Nov 20, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.