Active Directory Error!!

[Silenius]

Hi to everybody,

I have already 2 domain controllers,and i was trying via dcpromo to add a
new domain tree with trusts in the same forest.
But i get the following message while dcpromo initializes :
(the same message i get also when instead of domain tree
im trying to make a child domain)

"The role owner attribute could not be read"
"The directory service failed to create the object
CN=Partitions,CN=Configuration,CN=<domain name>

I think that error is related to "Domain Naming Master FSMO Role" when is
trying to update the existing forest.

Any ideas how to resolve this?

Sorry for the length of the mail.

Thanks in advance.

 

[Guest]

Hi!
I think we need more information to be able to help you with this.
Ex.
DNS setup?
OS versions?
Ip configurations on the machines?
And more.

Regards,
Jan Gustavsson


----- Silenius wrote: -----

Hi to everybody,

I have already 2 domain controllers,and i was trying via dcpromo to add a
new domain tree with trusts in the same forest.
But i get the following message while dcpromo initializes :
(the same message i get also when instead of domain tree
im trying to make a child domain)

"The role owner attribute could not be read"
"The directory service failed to create the object
CN=Partitions,CN=Configuration,CN=<domain name>

I think that error is related to "Domain Naming Master FSMO Role" when is
trying to update the existing forest.

Any ideas how to resolve this?

Sorry for the length of the mail.

Thanks in advance.

 

[Ace Fekay [MVP]]

In

Hi!
I think we need more information to be able to help you with this.
Ex.
DNS setup?
OS versions?
Ip configurations on the machines?
And more.

Regards,
Jan Gustavsson


----- Silenius wrote: -----

Hi to everybody,

I have already 2 domain controllers,and i was trying via dcpromo
to add a new domain tree with trusts in the same forest.
But i get the following message while dcpromo initializes :
(the same message i get also when instead of domain tree
im trying to make a child domain)

"The role owner attribute could not be read"
"The directory service failed to create the object
CN=Partitions,CN=Configuration,CN=<domain name>

I think that error is related to "Domain Naming Master FSMO
Role" when is trying to update the existing forest.

Any ideas how to resolve this?

Sorry for the length of the mail.

Thanks in advance.

My intial feeling is the domain is a single label name, since Silenius in an
attempt to mask the original name, only shows the one "DC=" section for the
domain. Normally it should have the two, "DC=domain,DC=com".

The additional information will help.

Here's some specific info that will help us if Silenius can provide us:

1. UNEDITED ipconfig /all
2. The AD DNS Domain name (as it shows up in ADUC).
3. Service Pack level the DC is on
4. Zone name in DNS and if updates are set to at least "YES"
5. If the SRV records exist under the zone name.

Happy Holidays...


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Mark Mancini]

are you SURE you want a new tree?!?!? Are you REALLY sure? DNS is usually
the answer.

 

[Silenius]

Hello,

First, thanks to eveybody for your help.

I want to give additional, some informations about the systems if
this help more to understand the problem.

All servers running under Windows 2000 Server SP4, the new
server that i want to made the new domain tree (the server that shows me the
error below) ,
have as primary and secondary DNS the IP's of the 2 Domain Controllers.Also
the new server
is already joined the domain, i can see with ping or nslookup the domain
controllers.
The SRV records exists under the zone name from the creation of the domain
and i have enable DynamicDNS
by checking "yes" to "allow dynamic updates".
The domain name isn't a single label name, the name i gave to the domain is
"customers.com" (is the FQDN wrong??)
and in the error returns the two: "DC=domain,DC=com " (sorry,i forgot to say
that.)

I want to report here something (maybe is important).
When i was trying to made the new domain tree,the one domain controller was
only live(the other was shut down)
but i was already put as a primary dns only the ip of the live domain
controller.

I hope the above informations be better.

Thanks again & happy holidays to all !

Best Regards,



"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Hello,

First, thanks to eveybody for your help.

I want to give additional, some informations about the systems if
this help more to understand the problem.

All servers running under Windows 2000 Server SP4, the new
server that i want to made the new domain tree (the server that shows
me the error below) ,
have as primary and secondary DNS the IP's of the 2 Domain
Controllers.Also the new server
is already joined the domain, i can see with ping or nslookup the
domain controllers.
The SRV records exists under the zone name from the creation of the
domain and i have enable DynamicDNS
by checking "yes" to "allow dynamic updates".
The domain name isn't a single label name, the name i gave to the
domain is "customers.com" (is the FQDN wrong??)
and in the error returns the two: "DC=domain,DC=com " (sorry,i forgot
to say that.)

I want to report here something (maybe is important).
When i was trying to made the new domain tree,the one domain
controller was only live(the other was shut down)
but i was already put as a primary dns only the ip of the live domain
controller.

I hope the above informations be better.

Thanks again & happy holidays to all !

Best Regards,

Happy Holidays to you too!!

Ok, thanks for the additional information. Two things I see so far at first
glance...

You need to have BOTH DCs up. DCPROMO is trying to contact the FSMO roles,
such as the Domain Name Master, for one, and it maybe on the DC that is
turned off. They both need to be UP.

Two, disjoin the machine out of your current domain. Can't be joined to one
domain when you are trying to promote it to a new domain or tree. Make sure
you set in the Primary DNS Suffix of the machine the NEW domain name (done
in My Computer, Properties, Computer Name tab, properties, More), If you
don;t set this, you;ll come across additional errors.

Try that for now.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Silenius]

Thank you very much Ace, for your precious help!
I'll try your instructions.

Thanks again!!

Best Regards,


"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Thank you very much Ace, for your precious help!
I'll try your instructions.

Thanks again!!

Best Regards,

Let us know how you make out.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Silenius]

Hello,

Well everything works fine!
In the begining i had a problem with the trusts,from the new domain that
create
in the forest, through the "Active Directory Domains & Trusts" snap in i
couldnt manage
the existing domain (root forest domain) but i verify the trusts between the
two domains and everything
works.

In the end i want to say that the problem wasn't the fact that the one of 2
domain controllers
was shut down because the live domain controller had the 5 FSMO roles in
the domain ( The Domain Naming Master FSMO Role that is responsible for
that.)
I just disjoined the server from the domain,that i think was my mistake.

Thanks,

Regards,




"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Hello,

Well everything works fine!
In the begining i had a problem with the trusts,from the new domain
that create
in the forest, through the "Active Directory Domains & Trusts" snap
in i couldnt manage
the existing domain (root forest domain) but i verify the trusts
between the two domains and everything
works.

In the end i want to say that the problem wasn't the fact that the
one of 2 domain controllers
was shut down because the live domain controller had the 5 FSMO
roles in the domain ( The Domain Naming Master FSMO Role that is
responsible for that.)
I just disjoined the server from the domain,that i think was my
mistake.

Thanks,

Regards,

Glad to hear everything is working and the problem is resolved.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory