Getting rid of a really old server in adsiedit


we trying demote 2008r2 server. ad wouldn't let , gave error.

the operation failed because:

active directory domain services not transfert remaining data in directory partition dc=domaindnszones, dc=, dc=domainame, dc active directory domain controller
new domain controller.

"the directory service missing mandatory configuration information, , unable determine ownership of floating single-master operation roles."


got looking , 2 of our sub-domains list servers @ least 5 years old domainreplica in adsi edit, coincide event viewer. event id2022 operations master roles held directory server not transfer following remote directory server.

we had tried ndtsutil , there no servers in there name. mentioned these really old servers. have worked here 6 years , before time 1 of them. have root domain-which fine. 2 sub-domains have problem other ones fine.

go to:
1-adsiedit in 1 of problem domains.
2-right click adsiedit, pick default naming context, ok
3-right click domain under "default naming context", properties
4-scroll down domainreplica...the server listed old one.
5-try edit entry
6-clear, ok
7-apply.... operation failed. error code: 0x209a access attribute owned security accounts manager (sam). 0000209a: svcerr: dsid-031a1021, problem 5003 (will_not_perform), data 0


peter andersen

peter,

what domain , forest functional level?  if server 2000 native or higher, can ignore attribute.  you not able clear (in supported manner) anyway.



Windows Server  >  Directory Services



Comments

Popular posts from this blog

CRL Revocation always failed

Failed to query the results of bpa xpath

0x300000d errors in Microsoft Remote Desktop client