AD Error

Y

York

Hi, all,

I got a problem that when I try to promote a win2000
machine as a DC. the situation is that

I have a Domain with 2 DC(one 2003 and one 2000), let's
call it test.com

NOw I want to promote another win2000 machine as the
subdomain of test.com. let's say "sub.test.com" . During
the AD installion, it had error that "The role owner's
attribute could not be read". the installation failed
finally.

Could anyone help on this issue?
 
H

Herb Martin

I got a problem that when I try to promote a win2000
machine as a DC. the situation is that

I have a Domain with 2 DC(one 2003 and one 2000), let's
call it test.com

NOw I want to promote another win2000 machine as the
subdomain of test.com. let's say "sub.test.com" . During
the AD installion, it had error that "The role owner's
attribute could not be read". the installation failed
finally.
Click to expand...


First clarify your goal: First DC in a child domain? (not an additional DC
in the current domain).

Sounds like you have a missing Domain Naming Master (or other master).
Have you perhaps swapped out a DC at some point without TRANSFERING
the five single masters to another DC first?

Second most likely is you have DNS messed up (see below) and the role holder
just isn't being found.

Check AD Users and Computers for your PDC Emulator (or AD Domains
and Trusts for the Domain Naming Master.)

If you destroyed the original DC without transferring then you need to run
NTDSUtil to move the 5 roles (also consider you might need to add GCs
also and do this before you add a second domain anyway.)

Use NTDSUtil roles to SEIZE the roles ONLY if you know the original
DC isn't coming back. Search this at google to find help:

[ ntdsutil roles role transfer seize site:microsoft.com ]
[ ntdsutil roles role transfer seize microsoft: ] <--- colon: after
microsoft:

You might want to test using DCDiag before fixing any of this; dump the
output to a file -- search the file for FAIL, WARN, IGNORE.

DNS fixes:
DNS must be dynamic
ONLY the Dynamic DNS server (set) must be specified in ALL
internal clients NIC properties
Internal Clients INCLUDE the DCs and DNS server itself
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Question about Global Catelog 1
Access denied 2
Unable to local DC ......... URGENT 1
Slow Logons and Can't open files 0
Cannot browse parent domain 1
q Win2000 subdomain DC 1
Removing DC from the domain 1
Event ID : 40960 LSAsrv / SPNego 2

Top