Seizing the Schema Owner and Domain Role Owner Roles

G

Guest

Hello,

Here is the scenario , in order to add a Win 2003 Server to our single Win 2000 Domain, I beleive I have to seize the schema owner role, and then prepare the domain for a Win 2003 Server.
On opening Active Directory Sites and services I see 2 sites,
Site 1: which holds Server 1,server 2, server 3
Site 2: which holds Server 4.
For some reason unknown to me the previous Sys admin just shut down this server 4 and now it is no where to be found.
I ran the netdom query fsmo command on the DC, and recived the following
Schema master & Domain Role Owner : Server 4.XX.COM
PDC Role ,RID Pool Manager, Infrastructure owner : Server 1.xx.com

Now without the server 4 , I cannot change the schema owner and domain role owner. I believe I have to use ntdsutil.
My question is that if Server 1.xx.com is the PDC Role ,RID Pool Manager, Infrastructure owner and also holds the global catalog.
Should I run the ntdsutil tool from another server say Server 2, so that it becomes the Schema master & Domain Role Owner. What other things should I look out for before I run the ntdsutil utility.
Any help is appreciated in this matter, because of Server 4 disappearing I receive numerous Directory Service and NTFRS Errors in the event viewer also
 
J

Jim Singh

You can use the ntdsutil.exe to seize the Fsmo roles that were on the server
4. After you do that you have to do a metadata cleanup to remove reference
to server 4 through ntdsutil.exe. you also have to clean srv 4 refs from
ADCU and ADSS. This will stop all the replication errors you have been
seeing. Now, iam not sure if you are trying to migrate/upgrade to 2k3 or
just trying to add a w2k3 DC in you existing 2k environment. In either case
you should see an error if you were to extend the schema in the forest or
try to add add/delete additional domains since the root server (srv 4) with
shema and domain name FSMO role server is not available. It will not have a
right away impact on end users as you RID master, PDC and infra servers are
up.

-Jim
 
J

Jim Singh

Since you have all the remaining 3 roles on srv1, you need to seize roles on
srv2. Run the utility from srv2.

-Jim
 
J

Jim Singh

Yes, this is the siezure process. Make sure you do the metadata cleanup and
ADUC comp object deletion and ADSS server object cleanup to delete all
references of the old (dead) server 4 in AD. This will get rid of all the
replication KCC errors that you have been getting.
Once you have your new root server (with schema master role, DM role), run
the replmon.exe to see if it had replicated with rest of the DCs and have
all the directory partitions up to date. From replmon.exe do the "configure
alll partitions with all directory partners" and refresh to see any
replication errors.

-Jim

-Jim

JC said:
Sorry about that , All I had to do was type ? at the fsmo maintenence
command line
and got the correct syntax.
But it also gave me errors both the times I tried to seize a role such as
fsmo maintenance: seize schema master
Attempting safe transfer of schema FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-032101CF, problem
5002 (UNAVAILABLE), data 8524
Win32 error returned is 0x20af(The requested FSMO operation failed. The
current
FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of schema FSMO failed, proceeding with seizure ...

Now when I run the netdom query fsmo command , It shows me the updated
results server2 as the schema owner and domain role owner.
So ultimately has it succeeded 100% or will I receive errors in the
future.


JC said:
I ran the utility on Server2, and it said syntax error where did I go
wrong. Shouldnt the command be "seize schema owner" and "seize domain
role owner". Do I have to input a different command. Here are the steps
that I executed

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C\:ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server server2.xxx.com
Binding to server2.xxx.com...
Connected to server2.xxx.com using credentials of locally logged on user

server connections: quit
fsmo maintenance: seize ?
Error 80070057 parsing input - illegal syntax?
fsmo maintenance: seize schema owner
Error 80070057 parsing input - illegal syntax?
fsmo maintenance:

Thx
JC

Jim Singh said:
Since you have all the remaining 3 roles on srv1, you need to seize
roles on
srv2. Run the utility from srv2.

-Jim

Thx for the answer. My end goal is to add a Win 2003 Server to the
Win
2000 Domain and not upgrade any of the existing DC's.
But now should I make Server 1 or Server 2 which is just a additional
DC
in the domain to seize these 2 roles. Also from where do I need to
run the
utility from Server 1 Or Server 2.
thx
JC


:

You can use the ntdsutil.exe to seize the Fsmo roles that were on
the
server
4. After you do that you have to do a metadata cleanup to remove
reference
to server 4 through ntdsutil.exe. you also have to clean srv 4 refs
from
ADCU and ADSS. This will stop all the replication errors you have
been
seeing. Now, iam not sure if you are trying to migrate/upgrade to
2k3 or
just trying to add a w2k3 DC in you existing 2k environment. In
either
case
you should see an error if you were to extend the schema in the
forest or
try to add add/delete additional domains since the root server (srv
4)
with
shema and domain name FSMO role server is not available. It will not
have
a
right away impact on end users as you RID master, PDC and infra
servers
are
up.

-Jim

Hello,

Here is the scenario , in order to add a Win 2003 Server to our
single
Win
2000 Domain, I beleive I have to seize the schema owner role, and
then
prepare the domain for a Win 2003 Server.
On opening Active Directory Sites and services I see 2 sites,
Site 1: which holds Server 1,server 2, server 3
Site 2: which holds Server 4.
For some reason unknown to me the previous Sys admin just shut
down
this
server 4 and now it is no where to be found.
I ran the netdom query fsmo command on the DC, and recived the
following
Schema master & Domain Role Owner : Server 4.XX.COM
PDC Role ,RID Pool Manager, Infrastructure owner : Server 1.xx.com

Now without the server 4 , I cannot change the schema owner and
domain
role owner. I believe I have to use ntdsutil.
My question is that if Server 1.xx.com is the PDC Role ,RID Pool
Manager,
Infrastructure owner and also holds the global catalog.
Should I run the ntdsutil tool from another server say Server 2,
so
that
it becomes the Schema master & Domain Role Owner. What other
things
should
I look out for before I run the ntdsutil utility.
Any help is appreciated in this matter, because of Server 4
disappearing I
receive numerous Directory Service and NTFRS Errors in the event
viewer
also
 
J

Jim Singh

You can manually delete the DSA site object in ADSS but before you do that
you should delete the server in it. If you are still getting replication
errors regarding server 4 then that means that the reference to srv4 still
exists in AD. Check you ADUC - domain controllers - delete srv 4.
Check the Ntdsutil.exe for srv4 object reference by going to the following:
- Ntdsutil.exe
- metadata cleanup
- select operation target
- connections (connect to srv 2 or 1)
- list sites - (check to see what sites are listed here) (if you see site 2
then select it)
- select site .....
- list severs in the site ( site 2)

Now if you still see srv 4 in this site, then do the following

- select server server4(should put the no. i.e. 0,1 etc)
-quit
- remove selected server
------------------------
Now after you remove this you have to remove reference for the site in AD by
going in adsi and in following location:
CN=sitename,CN=sites,CN=configuration,DC=domainname,DC=com.

I would also suggest to reboot the server in restore mode and do a Semantic
database analysis.

- Jim



JC said:
Hi Jim,

I did use metadata cleanup and it removed the Server 4 from the domain.
But why do I still see site no 2 in which the server 4 resided I see
server 4 listed as well, when I go to Active Directory Sites and Services.
I used ADSIEdit mmc and deleted the domain controller under OU=Domain
Controllers
How do I do ADUC comp object deletion and ADSS server object cleanup to
delete all references of the old (dead) server 4 in AD.

Thx
JC


Jim Singh said:
Yes, this is the siezure process. Make sure you do the metadata cleanup
and
ADUC comp object deletion and ADSS server object cleanup to delete all
references of the old (dead) server 4 in AD. This will get rid of all the
replication KCC errors that you have been getting.
Once you have your new root server (with schema master role, DM role),
run
the replmon.exe to see if it had replicated with rest of the DCs and have
all the directory partitions up to date. From replmon.exe do the
"configure
alll partitions with all directory partners" and refresh to see any
replication errors.

-Jim

-Jim

JC said:
Sorry about that , All I had to do was type ? at the fsmo maintenence
command line
and got the correct syntax.
But it also gave me errors both the times I tried to seize a role such
as
fsmo maintenance: seize schema master
Attempting safe transfer of schema FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-032101CF, problem
5002 (UNAVAILABLE), data 8524
Win32 error returned is 0x20af(The requested FSMO operation failed. The
current
FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of schema FSMO failed, proceeding with seizure ...

Now when I run the netdom query fsmo command , It shows me the updated
results server2 as the schema owner and domain role owner.
So ultimately has it succeeded 100% or will I receive errors in the
future.


:

I ran the utility on Server2, and it said syntax error where did I go
wrong. Shouldnt the command be "seize schema owner" and "seize domain
role owner". Do I have to input a different command. Here are the
steps
that I executed

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C\:ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server server2.xxx.com
Binding to server2.xxx.com...
Connected to server2.xxx.com using credentials of locally logged on
user

server connections: quit
fsmo maintenance: seize ?
Error 80070057 parsing input - illegal syntax?
fsmo maintenance: seize schema owner
Error 80070057 parsing input - illegal syntax?
fsmo maintenance:

Thx
JC

:

Since you have all the remaining 3 roles on srv1, you need to seize
roles on
srv2. Run the utility from srv2.

-Jim

Thx for the answer. My end goal is to add a Win 2003 Server to the
Win
2000 Domain and not upgrade any of the existing DC's.
But now should I make Server 1 or Server 2 which is just a
additional
DC
in the domain to seize these 2 roles. Also from where do I need to
run the
utility from Server 1 Or Server 2.
thx
JC


:

You can use the ntdsutil.exe to seize the Fsmo roles that were on
the
server
4. After you do that you have to do a metadata cleanup to remove
reference
to server 4 through ntdsutil.exe. you also have to clean srv 4
refs
from
ADCU and ADSS. This will stop all the replication errors you have
been
seeing. Now, iam not sure if you are trying to migrate/upgrade to
2k3 or
just trying to add a w2k3 DC in you existing 2k environment. In
either
case
you should see an error if you were to extend the schema in the
forest or
try to add add/delete additional domains since the root server
(srv
4)
with
shema and domain name FSMO role server is not available. It will
not
have
a
right away impact on end users as you RID master, PDC and infra
servers
are
up.

-Jim

Hello,

Here is the scenario , in order to add a Win 2003 Server to our
single
Win
2000 Domain, I beleive I have to seize the schema owner role,
and
then
prepare the domain for a Win 2003 Server.
On opening Active Directory Sites and services I see 2 sites,
Site 1: which holds Server 1,server 2, server 3
Site 2: which holds Server 4.
For some reason unknown to me the previous Sys admin just shut
down
this
server 4 and now it is no where to be found.
I ran the netdom query fsmo command on the DC, and recived the
following
Schema master & Domain Role Owner : Server 4.XX.COM
PDC Role ,RID Pool Manager, Infrastructure owner : Server
1.xx.com

Now without the server 4 , I cannot change the schema owner and
domain
role owner. I believe I have to use ntdsutil.
My question is that if Server 1.xx.com is the PDC Role ,RID
Pool
Manager,
Infrastructure owner and also holds the global catalog.
Should I run the ntdsutil tool from another server say Server
2,
so
that
it becomes the Schema master & Domain Role Owner. What other
things
should
I look out for before I run the ntdsutil utility.
Any help is appreciated in this matter, because of Server 4
disappearing I
receive numerous Directory Service and NTFRS Errors in the
event
viewer
also
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top