AD DC Roles Lost after "demote/promote"



As per my previous thread i have installed a new 2000
Server as a DC within the AD on a new system.

As i wanted to keep the same name of the old server on the
new i first used dcpromo to add the new server as a DC
with the name "DELLSERVER". I then followed KB article;en-

My issue is that now it seems there is NO Operations
Master DC!!!!! bringing up the Operation Master config
from AD Dir Users and comps sees "ERROR" in
the "Operations Master" field and it does not let me
transfer as its as the holder cannot be contacted.

Also of note when i try to go into the "group policy"
section it says "the domain controller for group policy is
not available, may cancel or choice one of the following
DC choices"
1. The One with the Operations Master Token for the PDC
2. The one used by the AD Snap ins
3. Use any available DC

I have chosen "3" and it does then show the group
policy....though seems to "forget" it again when on goes
back into this section.

I seems that KB 238369 is perhaps flawed?
It says that when demoting a DC (if not the last DC in
domain) it performs a final replication and then transfers
roles to another DC. It seems that this does NOT occur!
On the same section of the KB it does mention that if the
DC is a global catalog that must be transferred manually,
which i have done using the KB article 313994.

Any suggestions how one can recover from this mess! Bit
annoyed as i followed the KB's instructions, and it does
state that the roles will be transfer!!! :(


I guessing "Netdom" command is additional admin tool not
installed with 2k server (knew i should have left the 2k
CD in the drive before leaving haha)

The operation master is no longer alive. So i guess
a "sieze" is the only option?

Am i right in assume that once this DC is the master
controller that the following issues should be rectified?

1.The "group policy" issue as mentioned

2.Event ID 16650 recuring in the event log
(as per

The link you posted re role seizure states
"Note Do not put the Infrastructure Master role on the
same domain controller as the global catalog."
As this is now the only DC it has the gloal catalog (as i
knew to manually transfer this as per instructions)

Im guessing that the old server would have been
Infrastructure Master previous (along with global
catalog) wondering what the reason is not to seize this
role? Or is there no need (ie system will work fine
without it?)

Also was i right or wrong in assuming as per the KB238369
i used in thinking that these roles should have been
transfered automaticly? I have seen this mentioned in
other KB's also yet is has not occurred hmmm.

Sorry for all the questions.....newbie struggling :) hehe

At least all the client PC's log straight in, all shares
are connected, everything "appears" to be working....just
need to sort the server 100% :)

Cary Shultz [A.D. MVP]

Good morning, Dan!

Matjaz, I hope that you do not mind that I am jumping in here.

'netdom' is a part of the Support Tools. You should really take a look into
installing the Support Tools on all of your WIN2000 Servers ( notice that
was SERVERS - as in all of them ). The Support Tools can be found in a
couple of places: on the WIN2000 Server CD or on the WIN2000 Service Pack CD
in the Support | Tools folder. I would use the tools from the latest
Service Pack CD or download them from the following link:

The package is close to 10MB in size.

There are a ton of tools in there that you might want to play with. Matjaz
has already mentioned one of them. There is also dcdaig, netdiag, adsiedit,
repadmin, replmon, nltest, etc. etc. etc. Definitely worth your time to
look into these.




Tools downloading......will install and have a look

I "seized" Domain name mastering, schema master, RID
master and PDC as discribed in;en-

It has fixed the event log issues and now the domain
secuirty and group policies/settings seem to be operating

I did not "seize" Infrastructure master as the bottom of
the above KB article states.

The following: Though im 100% certain on the "original"
server it WAS the Infrastructure master AND also the
global catalogue as it was the only stand alone server!
While the below sort of "explains" why doesn't really say
if its all that "bad" either NOT having it as the
Infrastsucture master (ie leaving it stating "error")
or "seizing" it. "seems" to be operating OK apart from
issues "reinstalled" Veritas backup....well more the MS
SQL server, though there is a KB article on issues doing
it in TermServ, and also with TermServ in app
i'll try "onsite" first....if not then switch to remote
admin mode and see....i don't think it
sthe "infrastucture master" issue.

the KB details as above:
NOTE: Do not put the Infrastructure Master (IM) role on
the same domain controller as the global catalog server.
If the Infrastructure Master runs on a global catalog
server it will stop updating object information because
it does not contain any references to objects that it
does not hold. This is because a global catalog server
holds a partial replica of every object in the forest.

Cary Shultz [A.D. MVP]


The whole thing about the Infrastructure Master Role not being on Domain
Controller that is also a Global Catalog Server simply does not apply at all
if you have a one domain / tree / forest ( which most people do! ). So, if
you are a one domain forest - with no child domains or any other trees in
your forest - you do not need to worry about whether the DC that holds the
FSMO Roles of Infrastructure Master is a Global Catalog Server or not. In
fact, in a one domain / tree / forest many people would suggest to you that
all of your Domain Controllers should be Global Catalog Servers as well.
That is subject to review if you have multiple Sites.....



Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question