Seizing Operations Master Roles

M

Mike Hakopyan

Hello, I am having a problem with one of my AD servers.
It crashed about a month a go and I couldn't recover it.
SO I reinstalled 2000, changed it's name, loaded AD and
it's now up fine. The problem is, it originaly was the
RID and Domain Naming Master for my parent domain...now I
can't transfer the role to my other AD Server or this new
one I reinstalled. I'm thinking it can't find the
original name on the network that's why....here's the
error message I got from ntdsutil.

fsmo maintenance: seize domain naming master
Attempting safe transfer of domain naming FSMO before
seizure.
ldap_modify_sW error 0x35(53 (Unwilling To Perform).
Ldap extended error message is 0000214B: SvcErr: DSID-
03210792, problem 5003 (WI
LL_NOT_PERFORM), data 0

Win32 error returned is 0x214b(Only DSAs configured to be
Global Catalog servers
should be allowed to hold the Domain Naming Master FSMO
role.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Role seizure is forbidden in this case
fsmo maintenance:

This message was displayed at the second AD server while
trying to seize control of the domain naming master from
the first AD server. I'm loged on as admininstrator on
the domain, and I am in the enterprise admins sec. group
as well. Can I reinstal the AD on this server that
originally crashed and change it's name back to the
original name so that my other AD can find it when I'm
trying to transfer the roles? Anyone seen this problem
before??

Thank you.

Mike H.
 
S

Steve Adkin

Hi Mike,

It looks like it cannot query a Global Catalog server. Check that in yur dns
you have the following:
_gc dns entry for the new GC in the _tcp container in DNS manager

Also you may try promoting that server to a GC server. Also use the netdom
command from the support tools to make sure the old server wasn't holding
any of the other fsmo roles (which you may need to seize first) by typing:
netdom query fsmo

Regards,

Steve
 
G

Guest

This new AD is also a GC server...I've got the other roles
being controled by my second AD server. So, the only ones
left to seize are RID master and DN master. I looked at
the dns entry you mentioned and it had only one entry for
_gc and it was referencing to a AD server in one of my
child domains as: svads.

it didn't have the full name like
svads.sunvalley.sgtransit.com So I changed it to that and
still same error. So, I tried to change the _gc name from
svads to the name of my AD server to which i'm trying to
transfer these roles to: to3m.sgtransit.com

still same error message on ntdsutil command. I'll check
on the other command tool you mentioned soon. Hope it
works.


Thanks Steve.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Seize domain naming error 3
Unable to seize FSMO Roles 8
Seize Domain Naming Master 2
problem seizing domain naming master 2
FSMO question 3
transfer of FSMO error 3
Transfer FSMO to another DC 3
FSMO Roles 4

Top