-
February 10th, 2005, 06:25 PM
#11
Ah, thanks, now I remember...I had done this a couple of weeks ago...
The server in need of demotion holds RID, PDC, and Infrastructure roles.
What's interesting is under each role it says "The current operations master is offline. The role cannot be transferred."
-
February 10th, 2005, 06:28 PM
#12
Ok! You'll need the command-line tool call NTDSUTIL. Are you W2K domain or Windows 2003 domain?
-
February 10th, 2005, 06:44 PM
#13
Everything's W2k, and I do indeed have that tool! Installed it recently in fact!
FYI for anyone else reading this...the vast majority of these tools can be found for download HERE.
-
February 10th, 2005, 07:20 PM
#14
-
February 10th, 2005, 07:25 PM
#15
So I'm still running into this error when trying to connect to the server via NTDSUTIL to seize roles:
DsBindW error 0x80090322(The target principal name is incorrect.)
Any idea on that by chance?
-
February 10th, 2005, 07:26 PM
#16
Nice site... make sure to scan them all first.
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
-
February 10th, 2005, 09:54 PM
#17
It worked! I finally managed to transfer all the roles to the other DC.
Which leaves me with a new problem...
MS support page says that the global catalog server cannot also hold the infrastructure role. However, once I demote this DC, I'll only have one DC on the network...so I won't have another server to assign the role of insfrustructure to. So is that bad?
-
February 10th, 2005, 10:08 PM
#18
If I'm not mistaken, Global Catalog server is only use in forest and forest are only created when you make a trust link between 2 top level AD.
I don't beliece M$ then they said global gatalog cannot be on the same DC that infratructure. When you created your domain, you only have one DC.
To force a DC to be a global catalog, go in the NTDS settings of your DC from your Active Directory Sites and Services Concole. You'll see it there. (In Windows 2003 at least).
-
February 10th, 2005, 10:20 PM
#19
Ok, I suspected as much...
Argh, so close! I'm almost there! BUT, after resetting the password via netdom and restarting the server, I'm still getting this error that's preventing dcpromo from working and demoting the DC:
The operation failed because: The Directory Service failed to replicate off changes made locally. "Access is denied. "
I shouldn't still be getting that "Access is denied" error...I already reset the password with netdom (followed this) so that both DCs can talk to each other...
-
February 10th, 2005, 10:23 PM
#20
Don't bother with dcpromo. If a DC didn't replicate for 60 days, he should be remove from the AD database. Just fdisk the server (Or power it off for a few days to see how it's going)
By curiosity, did you look your event viewer about replication error?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|