The directory service was unable to transfer ownership of one or more floating single-master operation roles to other servers.

I have moved the FSMO roles a week back to decommission one of our domain controller and when I tried to decommission got below error.

The operation failed because:
Active Directory Domain Services could not transfer the remaining data in directory partition
DC=DomainDNSZones,DC=
to
Active Directory Domain Controller
\\<DNS name of helper DC used to service demotion>
“The directory service is missing mandatory configuration
information, and is unable to determine the ownership of floating single-master operation roles.” 

Observations:
1. Suspected that roles not move properly. But when I Ran netdom query fsmo, which is      giving the DC which holds FSMO roles.
2. Verified the fsMORoleOwner attribute and found it’s correctly updated with fsmo               role  holder.
a. On the fsmo role owner open ADSIEdit.
b. Click on Default Naming Context [DC.domain.Com].
c. Navigate to DC=Domain,DC=Com.
d. Double click on CN=Infrastructure at the bottom of the list of folders.
e. Check the fSMORoleOwner attribute and click on it.
f. Click the Edit button.
g. It should show DC which shows in netdom query fsmo.
3. Right click the ADSI Edit root and click on Connect to
a. DC=DomainDNSZones,DC=domain,DC=Com
b. Click on Default Naming Context [DC.domain.Com].
c. Click on DC=DomainDNSZones,DC=Company,DC=Com folder.
d. open properties by right click on CN=Infrastructure.
e. check the fSMORoleOwner attribute and click on it.
f. Click the Edit button.
g. This should show the fSMO role holder which shows in netdom query fsmo. But          in my case it was still showing the old domain controller.

Resolution:
1. Navigate to below settings in ADSIEdit.
a. On the fsmo role owner open ADSIEdit.
b. Click on Default Naming Context [DC.domain.Com].
c. Navigate to DC=Domain,DC=Com.
d. Double click on CN=Infrastructure at the bottom of the list of folders.
e. Check the fSMORoleOwner attribute and click on it.
f. Click the Edit button. – It should show DC which showed in netdom query fsmo.
g. Copy the contents of the attribute.
h. Click CANCEL.
2. Right click the ADSI Edit root and click on Connect to
a. DC=DomainDNSZones,DC=domain,DC=Com
b. Click on Default Naming Context [DC.domain.Com].
c. Click on DC=DomainDNSZones,DC=Company,DC=Com folder.
d. open properties by right click on CN=Infrastructure.
e. check the fSMORoleOwner attribute and click on it.
f. Click the Edit button.
g. Paste the value which copied in step 1.

If you are doing on root domain in forest, then repeat the same for DC=ForestDNSZones,DC=Domainy,DC=Com

After doing this I was able to demote the AD from DC without any issues.

Hope this can help you, if you have anything unclear, please let me know.

Please remember to Leave a Reply in bottom of this article.

Important Note – This posting is provided AS-IS with no warranties or guarantees and confers no rights.

 

4 thoughts on “The directory service was unable to transfer ownership of one or more floating single-master operation roles to other servers.

  4. Superb, although I had to follow this quite carefully and slightly reinterpret 2b and 2c. It fixed the underlying issue and I was able to demote my DC OK.

    Like

    Reply

Leave a comment