Domain Controller Demotion Fails with “the directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master opration roles

Attempting to demote a domain controller halted with the following error..

Demoting the domain controller will not success until this is resolved. Because we are modifying the domain with either a promotion or demotion of a domain controller and th error references a FSMO role, my assumption was the Infrastructure Master role was the culprit.

The errror message also states that it cannot transfer remaining data in the ForestDnsZone directory partition.

I was able to resovle this issue by launching ADSI Edit on the Infrastructure Master DC and connecting to DC=ForestDNSZone,DC=domain,DC=com. After connecting I was presented with the below object list.

Right click the Infrastructure object and select properties to disply the attributes and values of the object as shown below.

The value of  fSMORoleOwner in my case was a long GUID string that was invalid. An Example is shown below.

CN=NTDS SettingsADEL:662af435-c295-4c49-be21-ea430d931be7,CN=AD1ADEL:91c7679f-95f0-4b64-aad0-05ffa61790d7,CN=Servers,CN=SiteName,CN=Sites,CN=Configuration,DC=domain,DC=com

By replacing this value with the proper value of a domain controller that holds the infrastructure master role in the correct syntax, I was able to proceed with the domain controller demotion without error.

The proper syntax for this AD attribute is below. The values in bold italics are variables that need to be changed per environment.

CN=NTDS Settings,CN=ServerName,CN=Servers,CN=SiteName,CN=Sites,CN=Configuration,DC=domain,DC=com

A quick way to determine who the current fsmo role holders are in Active Directory is to launch a command line from a domain controller and run, netdom query fsmo, which will list all FMSO role holders as shown below.

This entry was posted in Active Directory Services and tagged , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s