I have recently inherited a network which had an AD server crash hard before I was hired. And then on my first Monday on the job, our AD crashed hard with a corrupted SAM and I was forced to seize all 5 FSMO roles to our secondary AD server (tempAD). I then promoted another server to become the new AD server (AD1) and it seemed to go fairly smoothly.
I would like to remove tempAD and replace it with a new secondary AD because there are some other functions on the temp AD server that I need to work on apart from this issue. However, the dcpromo wizard won't let me demote the secondary AD server. The error message I get states: The operation failed because Active Directory Domain Services could not transfer the remaining data in the directory partition... "The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles."
When digging into the directory server diagnosis, I discovered a previous server at FSMO Role: CN=Infrastructure,DC=DomainDnsZones,DC=mycompany,DC=local
This led me to investigate our DNS servers (AD1 and tempAD) wherein I discovered not just the bad AD server that had died before I started (WIN-Bad1), but another long-deceased AD server (Win-Bad2). I was able to delete both references in DNS, but adsiedit.msc still shows Win-Bad1 in this Infrastructure role.
1) if AD1 holds all FSMO roles, why is active directory still remembering Win-Bad1?
2) what's the best procedure for removing Win-Bad1?
Bookmarks