problem seizing domain naming master

P

Paul Clarke

I'm having problems seizing the domain naming master role.
I have two win2k domains in separate forests. The first
forest held the schema and the domain naming roles for
both forests. I have transferred all users, apps and
services to the new second domain running in native mode.
I had problems with the trust between the two domains and
could not transfer the roles so I tried seizing them. I
have managed to seize the schema role out of the old
forest into the new but when I try the domain name master
I get an "Insufficient access rights" message as shown
below.


fsmo maintenance: seize domain naming master
Attempting safe transfer of domain naming FSMO before
seizure.
ldap_modify_sW error 0x32(50 (Insufficient Rights).
Ldap extended error message is 00002098: SecErr: DSID-
031513C9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Win32 error returned is 0x2098(Insufficient access rights
to perform the operation.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of domain naming FSMO failed, proceeding with
seizure ...
ldap_modify of SD failed with 0x32(50 (Insufficient
Rights).
Ldap extended error message is 00002098: SecErr: DSID-
03151404, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Win32 error returned is 0x2098(Insufficient access rights
to perform the operation.)
)
fsmo maintenance:


I am logged on as administrator and a member of the
Enterprise Admins group though this is only a global group
despite the fact that the new domain is in native mode.

Any ideas?
 
S

Shawni Jernigan \(MSFT\)

Paul,

Hey! OK, first of all, a DC in one FOREST cannot own roles for another
FOREST. So, are you actually meaning to say DOMAINS?? In the event you are
meaning domains, that is still not an option because while the Domain naming
master and schema master are FOREST wide roles, the only DCs that could
seize those roles would be DCs in the Root Domain where the current FSMO
role owner resides.

Hope that helps!
223346.KB.EN-US FSMO Placement and Optimization on Windows 2000 Domain
Controllers
 
G

Guest

Hi Shawni,
Thanks for the reply.
I have two domains in their own forests. To create the
second domain I promoted a standalone server by
selecting "DC for a new domain", "Create new domain"
then "Create new forest" in the installation wizard. When
I look at "AD domains and trusts" the domain naming master
is serverA.domain.com and is offline. The current server
is serverB.network.com.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Unable to seize FSMO Roles 8
Seize domain naming error 3
Seizing Operations Master Roles 2
Seize Domain Naming Master 2
Insufficient Rights to Modify LDAP Policy? 3
FSMO Advise Sought (Schema Master & Domain Naming Master) 4
Transfer FSMO to another DC 3
FSMO question 3

Top