Archive for December, 2013

Failed to gracefully demote domain controller

December 5, 2013 Leave a comment

I was getting ready to upgrade the hardware and server version on an old Windows Server 2008R2 domain controller when I ran into a interesting problem. After launching DCPROMO and going through the steps, I received an error that said “The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles”.

After doing some research, it turns out that the domain controller has incorrect information as to the FSMO operation master owner. It is set to a domain controller that has been deleted or does not exist. In my case, the person before me must have improperly decommissioned a domain controller, leaving cruft behind in the AD. I launched ADSIEdit on the domain controller I was trying to remove and went to the infrastructure container and sure enough under “fSMORoleOwner” is had garbage.

When I tried to edit the value, I received an error stating “Operation Failed. Error code: 0x20ae The role owner attribute could not be read 000020AE: SvcErr: DSID-03152BF7, Problem 5003 (WILL_NOT_PERFORM) Data 0”. If you receive this error message when trying to change the value of “fSMORoleOwner”, you must change the value from the domain controller that holds the FSMO role. Once you change it there, depending on your replication scheme, the change should be updated on the domain controller you are trying to demote and it should now allow you to complete the process.