"The directory service is missing mandatory configuration information, and is unable to ...

Xavier Mustin

Staff member
AD DS operation failed - Dcpromo error - FSMO role broken

I was about to remove a domain controller of a customer so many times before when the error below appeared.

Active Directory Domain Services Installation Wizard
The operation failed because:

Active Directory Domain Services could not transfer the remaining data in directory partition DC=ForestDnsZones,DC=company,DC=com to
Active Directory Domain Controller \\DC.company.com.

"The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles."

Very strange considering that running "netdom query fsmo" gives the result that one of the other domain controllers owns all FSMO roles. The Event Viewer is in this case your best friend.

Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 2014-02-01 14:44:13
Event ID: 2091
Task Category: Replication
Level: Warning
Keywords: Classic
Ownership of the following FSMO role is set to a server which is deleted or does not exist.

The DC mentioned in the Event Viewer warning was an old Windows Server DC removed more than 5 years ago!

Let's move on, make sure to open ADSIEdit on the affected FSMO Role ownerand make the necessary changes there.

How to obtain the correct setting:
  1. On the affected role owner open ADSIEdit.
  2. Click on Default Naming Context [DC.Company.Com].
  3. Click on DC=Company,DC=Com.
  4. Double click on CN=Infrastructure at the bottom of the list of folders.
  5. Locate the fSMORoleOwner attribute and click on it.
  6. Click the Edit button.
  7. CTRL+C to copy the contents of the attribute.
  8. Click CANCEL twice.

  1. Correct the problematic settings:
    1. Right click the ADSI Edit root and click on Connect to…
    2. Use the following connection point:
      1. DC=DomainDNSZones,DC=Company,DC=Com
    3. Click on Default Naming Context [DC.Company.Com] to populate it.
    4. Click on DC=DomainDNSZones,DC=Company,DC=Com folder.
    5. Double click on CN=Infrastructure.
    6. Locate the fSMORoleOwner attribute and click on it.
    7. Click the Edit button.
    8. CTRL+V to paste the correct setting.
    9. Click OK and then Apply.
    10. Repeat steps 2.1-2.9 to correct DC=ForestDNSZones,DC=Comapny,DC=Com.

Once the above steps were completed on the FSMO Role owner for Infrastructure I was able to properly demote the DC.