Unable to demote DC due to error “The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.”
Trying to demote a Domain Controller the process fails with:
Active Directory Domain Services could not transfer the remaining data in directory partition DC=ForestDnsZones,DC=domain,DC=com to
Active Directory Domain Controller \\domaincontroller.domain.com.
“The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.”
Using Command Prompt run:
dsquery * CN=Infrastructure,DC=ForestDnsZones,DC=domain,DC=int -attr fSMORoleOwner
(Replace domain and int for the correct values)
You will find some entries like:
\0ADEL:c66cd18e-6f23-4aaa-b567-f5293219f906
Which clearly shows there is some info linked to a former domain controller.
From the server holding the Schema Master role run ADSIEdit connect to the Default Naming Context and follow the instructions:
- Expand and click on DC=domain,DC=com
- Double-click CN=Infrastructure at the end of the list of folders
- Look for the fSMORoleOwner attribute and double-click on it
- Copy its content and click Cancel twice to close the windows
- Use ADSIEdit again to connect to the following Connection Point: DC=DomainDNSZones,DC=domain,DC=com (Replace domain and com for the correct values)
- Follow the same process to get to CN=Infrastructure
- Look for the fSMORoleOwner attribute and double-click on it
- Paste the value copied earlier and click OK twice to accept the changes
- Repeat the same steps to update the value also connected to the DC=ForestDNSZones,DC=domain,DC=com Connection Point
- Wait for Replication and try to demote the server after again
This worked perfectly. Thank you so much.
Was trying to demote a 2008 R2 server and this fixed the error I was getting. Thank you!
Thanks for this! This fixed my dcpromo issue without a problem.
WOW. I have been looking for a solution to this for over 8 hours! Perfect Guide nailed the issue for me. I think I just found my new fav forum! Thanks Guys
To date this article is still valid and helped massively. A+, Thank you for sharing this.
Thanks! Exactly what I needed!
Quick note of thanks. This post worked for me and saved me a ton of deep-diving into possible root causes for this issue. I ended up first running the VB script at the link below, but that didn’t work. Then I used your approach. I’m including the link anyway in case it helped. I could see that it did make a change, so who knows.
——-
https://docs.microsoft.com/en-ca/troubleshoot/windows-server/identity/error-run-adprep-rodcprep-command
Life saver! I’ve been trying to resolve a problem with demoting DC for days. Forever grateful