R
Rashid
Hi,
I am encountering problems associated with seizing the
Domain Master and Schema Master Roles.
The background to thi sproblem is as follows.
I have created a test area consisting of a Domain with 2
Directory Controllers. I have simulated a situation where
by the Domain controller with the main operations roles
has crashed and is off line permanently, and leaving an
alternate Domain Controller to work on its own. In order
to seize roles I have done the following.
So far I have run the NTDSUTil metadata cleanup and
deleted all other instances of previous domain controllers
and attempted seizure of all roles.
I managed to take all roles exxcept for Domain naming and
schema master.
I have already enabled this one as the Global catalog,
removed previous FRS settiungs for any other domain
controllers using ADSI Edit.
I managed to take all roles except the Domain Naming
Master and Schema master roles
When I try to seize them using ntdsutil I get the
following:
fsmo maintenance: seize schema master
Attempting safe transfer of schema FSMO before seizure.
ldap_modify_sW error 0x32(50 (Insufficient Rights).
Ldap extended error message is 00002098: SecErr: DSID-
031513C9, problem 4003 (IN SUFF_ACCESS_RIGHTS), data 0
Win32 error returned is 0x2098(Insufficient access rights
to perform the operation.)
And
fsmo maintenance: seize domain naming master
Attempting safe transfer of domain naming FSMO before
seizure.
ldap_modify_sW error 0x35(53 (Unwilling To Perform).
Ldap extended error message is 0000214B: SvcErr: DSID-
03210792, problem 5003 (WILL_NOT_PERFORM), data 0
Win32 error returned is 0x214b(Only DSAs configured to be
Global Catalog servers should be allowed to hold the
Domain Naming Master FSMO role.)
Is there any other utilities I need to run or procedures
to follow to get round this problem of seizing roles?
I am encountering problems associated with seizing the
Domain Master and Schema Master Roles.
The background to thi sproblem is as follows.
I have created a test area consisting of a Domain with 2
Directory Controllers. I have simulated a situation where
by the Domain controller with the main operations roles
has crashed and is off line permanently, and leaving an
alternate Domain Controller to work on its own. In order
to seize roles I have done the following.
So far I have run the NTDSUTil metadata cleanup and
deleted all other instances of previous domain controllers
and attempted seizure of all roles.
I managed to take all roles exxcept for Domain naming and
schema master.
I have already enabled this one as the Global catalog,
removed previous FRS settiungs for any other domain
controllers using ADSI Edit.
I managed to take all roles except the Domain Naming
Master and Schema master roles
When I try to seize them using ntdsutil I get the
following:
fsmo maintenance: seize schema master
Attempting safe transfer of schema FSMO before seizure.
ldap_modify_sW error 0x32(50 (Insufficient Rights).
Ldap extended error message is 00002098: SecErr: DSID-
031513C9, problem 4003 (IN SUFF_ACCESS_RIGHTS), data 0
Win32 error returned is 0x2098(Insufficient access rights
to perform the operation.)
And
fsmo maintenance: seize domain naming master
Attempting safe transfer of domain naming FSMO before
seizure.
ldap_modify_sW error 0x35(53 (Unwilling To Perform).
Ldap extended error message is 0000214B: SvcErr: DSID-
03210792, problem 5003 (WILL_NOT_PERFORM), data 0
Win32 error returned is 0x214b(Only DSAs configured to be
Global Catalog servers should be allowed to hold the
Domain Naming Master FSMO role.)
Is there any other utilities I need to run or procedures
to follow to get round this problem of seizing roles?
