Operational master error

  • Thread starter Thread starter Daniel
  • Start date Start date
D

Daniel

When i right click the AD user and computer to view the operational master
role (FSMO), the RID, infrastructure and PDC all have error and i cannot add
group policy. Pls help.

Daniel
 
What's the error message?

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Daniel" <danieltbt05@gmail.com> wrote in message news:eGMPXISyHHA.2172@TK2MSFTNGP06.phx.gbl...
When i right click the AD user and computer to view the operational master
role (FSMO), the RID, infrastructure and PDC all have error and i cannot add
group policy. Pls help.

Daniel
 
Hi Daniel,

Drop to a command prompt and type Netdom Query FSMO
See who holds the roles

Also what error are you getting when you try to

1) Add a new user
2) Add a new Group Policy

Thanks
"Daniel" wrote:

> When i right click the AD user and computer to view the operational master
> role (FSMO), the RID, infrastructure and PDC all have error and i cannot add
> group policy. Pls help.
>
> Daniel
>
>
>
 
I cannot open the domain security policy(group policy editor) in the star menu-> admin tools. It gives the error message "Fail to open group policy object. You may not have the appropriate rights. The specific domain does not exist or could not be contacted." . But i can use mmc to add group policy snap-in. The operational master role fields all have error. I cannot add user in AD user and computers and error is GC cannot be contacted. FYI, this DC is setup through another DC and it is setup as an additional Dc in the single domain, while that first DC is offline now.

Daniel

"Robert L [MVP - Networking]" <noreply@hotmail.com> wrote in message news:e$jccmUyHHA.4928@TK2MSFTNGP03.phx.gbl...
What's the error message?

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Daniel" <danieltbt05@gmail.com> wrote in message news:eGMPXISyHHA.2172@TK2MSFTNGP06.phx.gbl...
When i right click the AD user and computer to view the operational master
role (FSMO), the RID, infrastructure and PDC all have error and i cannot add
group policy. Pls help.

Daniel
 
I cannot add new user and the error is GC cannot be contacted and is
offline. All the operational master fields have error. Pls refer to the
earlier message i post. Thanks

Daniel

"Rob (Microsoft)" <Rob (Microsoft)@discussions.microsoft.com> wrote in
message news:D1557AB8-8DCE-4E86-BB4C-486459BB379A@microsoft.com...
> Hi Daniel,
>
> Drop to a command prompt and type Netdom Query FSMO
> See who holds the roles
>
> Also what error are you getting when you try to
>
> 1) Add a new user
> 2) Add a new Group Policy
>
> Thanks
> "Daniel" wrote:
>
>> When i right click the AD user and computer to view the operational
>> master
>> role (FSMO), the RID, infrastructure and PDC all have error and i cannot
>> add
>> group policy. Pls help.
>>
>> Daniel
>>
>>
>>
 
After you have done all of the other things, is this the only DC in the
environment?

"Daniel" wrote:

> I cannot open the domain security policy(group policy editor) in the star menu-> admin tools. It gives the error message "Fail to open group policy object. You may not have the appropriate rights. The specific domain does not exist or could not be contacted." . But i can use mmc to add group policy snap-in. The operational master role fields all have error. I cannot add user in AD user and computers and error is GC cannot be contacted. FYI, this DC is setup through another DC and it is setup as an additional Dc in the single domain, while that first DC is offline now.
>
> Daniel
>
> "Robert L [MVP - Networking]" <noreply@hotmail.com> wrote in message news:e$jccmUyHHA.4928@TK2MSFTNGP03.phx.gbl...
> What's the error message?
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "Daniel" <danieltbt05@gmail.com> wrote in message news:eGMPXISyHHA.2172@TK2MSFTNGP06.phx.gbl...
> When i right click the AD user and computer to view the operational master
> role (FSMO), the RID, infrastructure and PDC all have error and i cannot add
> group policy. Pls help.
>
> Daniel
>
>
 
Ok first

Open your TCP/IP properties and make sure DNS is only pointed to your DNS
server.
If you have multiple NIC's disable all but 1 of them.


Drop down to a CMD prompt and type Netdiag /Fix
(Netdiag is part of the support tools)

Open Active directory Sites and Services
Expand your Site
Right click on the "NTDS settings" under the server and choose properties
Make sure the Global Catalog checkbox is checked
If it is not checked, put a check mark in it, wait 10 minutes and reboot the
server

Open Regedit
HKLM\System\CCS\Control\LSA check the crash on audit fail value. If it is a
2 set it to a 1 and clear out your security logs.

Under HKLM\System\CCS\Services\Lanmanserver\Parameters
Make sure require secure signature is set to a 0
Under HKLM\System\CCS\Services\Lanmanworkstation\Parameters
Make sure require secure signature is set to a 0


"Daniel" wrote:

> I cannot add new user and the error is GC cannot be contacted and is
> offline. All the operational master fields have error. Pls refer to the
> earlier message i post. Thanks
>
> Daniel
>
> "Rob (Microsoft)" <Rob (Microsoft)@discussions.microsoft.com> wrote in
> message news:D1557AB8-8DCE-4E86-BB4C-486459BB379A@microsoft.com...
> > Hi Daniel,
> >
> > Drop to a command prompt and type Netdom Query FSMO
> > See who holds the roles
> >
> > Also what error are you getting when you try to
> >
> > 1) Add a new user
> > 2) Add a new Group Policy
> >
> > Thanks
> > "Daniel" wrote:
> >
> >> When i right click the AD user and computer to view the operational
> >> master
> >> role (FSMO), the RID, infrastructure and PDC all have error and i cannot
> >> add
> >> group policy. Pls help.
> >>
> >> Daniel
> >>
> >>
> >>
>
>
>
 
Hi Rob, cannot find any command with Netdom Query FSMO.

Daniel

"Rob (Microsoft)" <Rob (Microsoft)@discussions.microsoft.com> wrote in
message news:D1557AB8-8DCE-4E86-BB4C-486459BB379A@microsoft.com...
> Hi Daniel,
>
> Drop to a command prompt and type Netdom Query FSMO
> See who holds the roles
>
> Also what error are you getting when you try to
>
> 1) Add a new user
> 2) Add a new Group Policy
>
> Thanks
> "Daniel" wrote:
>
>> When i right click the AD user and computer to view the operational
>> master
>> role (FSMO), the RID, infrastructure and PDC all have error and i cannot
>> add
>> group policy. Pls help.
>>
>> Daniel
>>
>>
>>
 
I know why it cannot find domain controller because this DC was setup as an
additional DC from another DC and i've make that 1st DC online again and
everything is fine now. The FSMO role is holded by the 1st DC. Is it ok to
change the FSMO role in this DC ?

Daniel

"Rob (Microsoft)" <RobMicrosoft@discussions.microsoft.com> wrote in message
news:B88B8166-BAC7-42E3-8CA2-F1C775AE6C8E@microsoft.com...
> After you have done all of the other things, is this the only DC in the
> environment?
>
> "Daniel" wrote:
>
>> I cannot open the domain security policy(group policy editor) in the star
>> menu-> admin tools. It gives the error message "Fail to open group policy
>> object. You may not have the appropriate rights. The specific domain does
>> not exist or could not be contacted." . But i can use mmc to add group
>> policy snap-in. The operational master role fields all have error. I
>> cannot add user in AD user and computers and error is GC cannot be
>> contacted. FYI, this DC is setup through another DC and it is setup as an
>> additional Dc in the single domain, while that first DC is offline now.
>>
>> Daniel
>>
>> "Robert L [MVP - Networking]" <noreply@hotmail.com> wrote in message
>> news:e$jccmUyHHA.4928@TK2MSFTNGP03.phx.gbl...
>> What's the error message?
>>
>> Bob Lin, MS-MVP, MCSE & CNE
>> Networking, Internet, Routing, VPN Troubleshooting on
>> http://www.ChicagoTech.net
>> How to Setup Windows, Network, VPN & Remote Access on
>> http://www.HowToNetworking.com
>> "Daniel" <danieltbt05@gmail.com> wrote in message
>> news:eGMPXISyHHA.2172@TK2MSFTNGP06.phx.gbl...
>> When i right click the AD user and computer to view the operational
>> master
>> role (FSMO), the RID, infrastructure and PDC all have error and i
>> cannot add
>> group policy. Pls help.
>>
>> Daniel
>>
>>
 
Netdom is part of the support tools

"Daniel" wrote:

> Hi Rob, cannot find any command with Netdom Query FSMO.
>
> Daniel
>
> "Rob (Microsoft)" <Rob (Microsoft)@discussions.microsoft.com> wrote in
> message news:D1557AB8-8DCE-4E86-BB4C-486459BB379A@microsoft.com...
> > Hi Daniel,
> >
> > Drop to a command prompt and type Netdom Query FSMO
> > See who holds the roles
> >
> > Also what error are you getting when you try to
> >
> > 1) Add a new user
> > 2) Add a new Group Policy
> >
> > Thanks
> > "Daniel" wrote:
> >
> >> When i right click the AD user and computer to view the operational
> >> master
> >> role (FSMO), the RID, infrastructure and PDC all have error and i cannot
> >> add
> >> group policy. Pls help.
> >>
> >> Daniel
> >>
> >>
> >>
>
>
>
 
Hi Daniel,

It is OK to transfer the roles to that DC.

Before you do that though, you need to make sure that this machine is also a
global catalog server.

To do this you need to open AD sites and services
Under the machine right click on NTDS settings and choose properties
Then put a check in Global catalog

To gracefully transfer the roles you will need to

1) Open Active Directory Users and computers
2) Right click on the words Active Directory Users and computer (Windows
2000) or on the domain name (Windows 2003) and choose operations master
3) On each of the tabs you will need click on change

4) Open Active Directory Domains and Trusts
5) Right click on the words Active Directory domains and trusts and choose
operations master
6) Click change

7) Click Start/Run and type Regsvr32 schmmgmt.dll
8) Open MMC
9) Add the Active Directory Schema
10) Right click on the word Active Directory Schema and click change domain
controller
11) Change the domain controller view to the one you want to transfer the
role to
12) Click OK
13) Click the + next to Active Directory Schema
14) Right click on Active Directory Schema and choose operations master
15) Click change (Note you must be a schema admin)

I hope this helps
Thanks

"Daniel" wrote:

> I know why it cannot find domain controller because this DC was setup as an
> additional DC from another DC and i've make that 1st DC online again and
> everything is fine now. The FSMO role is holded by the 1st DC. Is it ok to
> change the FSMO role in this DC ?
>
> Daniel
>
> "Rob (Microsoft)" <RobMicrosoft@discussions.microsoft.com> wrote in message
> news:B88B8166-BAC7-42E3-8CA2-F1C775AE6C8E@microsoft.com...
> > After you have done all of the other things, is this the only DC in the
> > environment?
> >
> > "Daniel" wrote:
> >
> >> I cannot open the domain security policy(group policy editor) in the star
> >> menu-> admin tools. It gives the error message "Fail to open group policy
> >> object. You may not have the appropriate rights. The specific domain does
> >> not exist or could not be contacted." . But i can use mmc to add group
> >> policy snap-in. The operational master role fields all have error. I
> >> cannot add user in AD user and computers and error is GC cannot be
> >> contacted. FYI, this DC is setup through another DC and it is setup as an
> >> additional Dc in the single domain, while that first DC is offline now.
> >>
> >> Daniel
> >>
> >> "Robert L [MVP - Networking]" <noreply@hotmail.com> wrote in message
> >> news:e$jccmUyHHA.4928@TK2MSFTNGP03.phx.gbl...
> >> What's the error message?
> >>
> >> Bob Lin, MS-MVP, MCSE & CNE
> >> Networking, Internet, Routing, VPN Troubleshooting on
> >> http://www.ChicagoTech.net
> >> How to Setup Windows, Network, VPN & Remote Access on
> >> http://www.HowToNetworking.com
> >> "Daniel" <danieltbt05@gmail.com> wrote in message
> >> news:eGMPXISyHHA.2172@TK2MSFTNGP06.phx.gbl...
> >> When i right click the AD user and computer to view the operational
> >> master
> >> role (FSMO), the RID, infrastructure and PDC all have error and i
> >> cannot add
> >> group policy. Pls help.
> >>
> >> Daniel
> >>
> >>
>
>
>
 
I also have similar case posted here:

Cannot edit domain GPOWhen you select the Edit of Default Domain Policy, you may receive these message: “Failed to open the Group Policy Object. You may not have appropriate ...
http://www.chicagotech.net/Security/domaingp1.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Rob (Microsoft)" <RobMicrosoft@discussions.microsoft.com> wrote in message news:94E49024-1202-41BC-85A2-F8EDEB604F87@microsoft.com...
Hi Daniel,

It is OK to transfer the roles to that DC.

Before you do that though, you need to make sure that this machine is also a
global catalog server.

To do this you need to open AD sites and services
Under the machine right click on NTDS settings and choose properties
Then put a check in Global catalog

To gracefully transfer the roles you will need to

1) Open Active Directory Users and computers
2) Right click on the words Active Directory Users and computer (Windows
2000) or on the domain name (Windows 2003) and choose operations master
3) On each of the tabs you will need click on change

4) Open Active Directory Domains and Trusts
5) Right click on the words Active Directory domains and trusts and choose
operations master
6) Click change

7) Click Start/Run and type Regsvr32 schmmgmt.dll
8) Open MMC
9) Add the Active Directory Schema
10) Right click on the word Active Directory Schema and click change domain
controller
11) Change the domain controller view to the one you want to transfer the
role to
12) Click OK
13) Click the + next to Active Directory Schema
14) Right click on Active Directory Schema and choose operations master
15) Click change (Note you must be a schema admin)

I hope this helps
Thanks

"Daniel" wrote:

> I know why it cannot find domain controller because this DC was setup as an
> additional DC from another DC and i've make that 1st DC online again and
> everything is fine now. The FSMO role is holded by the 1st DC. Is it ok to
> change the FSMO role in this DC ?
>
> Daniel
>
> "Rob (Microsoft)" <RobMicrosoft@discussions.microsoft.com> wrote in message
> news:B88B8166-BAC7-42E3-8CA2-F1C775AE6C8E@microsoft.com...
> > After you have done all of the other things, is this the only DC in the
> > environment?
> >
> > "Daniel" wrote:
> >
> >> I cannot open the domain security policy(group policy editor) in the star
> >> menu-> admin tools. It gives the error message "Fail to open group policy
> >> object. You may not have the appropriate rights. The specific domain does
> >> not exist or could not be contacted." . But i can use mmc to add group
> >> policy snap-in. The operational master role fields all have error. I
> >> cannot add user in AD user and computers and error is GC cannot be
> >> contacted. FYI, this DC is setup through another DC and it is setup as an
> >> additional Dc in the single domain, while that first DC is offline now.
> >>
> >> Daniel
> >>
> >> "Robert L [MVP - Networking]" <noreply@hotmail.com> wrote in message
> >> news:e$jccmUyHHA.4928@TK2MSFTNGP03.phx.gbl...
> >> What's the error message?
> >>
> >> Bob Lin, MS-MVP, MCSE & CNE
> >> Networking, Internet, Routing, VPN Troubleshooting on
> >> http://www.ChicagoTech.net
> >> How to Setup Windows, Network, VPN & Remote Access on
> >> http://www.HowToNetworking.com
> >> "Daniel" <danieltbt05@gmail.com> wrote in message
> >> news:eGMPXISyHHA.2172@TK2MSFTNGP06.phx.gbl...
> >> When i right click the AD user and computer to view the operational
> >> master
> >> role (FSMO), the RID, infrastructure and PDC all have error and i
> >> cannot add
> >> group policy. Pls help.
> >>
> >> Daniel
> >>
> >>
>
>
>
 
Back
Top