Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

NTDSUTIL shows different role holders than LDIFDE

2 views
Skip to first unread message

mtj7009

unread,
Jan 5, 2010, 11:46:01 AM1/5/10
to

I was in the process of trying to do adprep /rodcprep, and started getting
errors. Ran the following "ldifde -f Infra_DomainDNSZones.ldf -d
"CN=Infrastructure,DC=DomainDnsZones,DC=xxx,DC=com" -l fSMORoleOwner" and got
server#1 as the role holder.
So I checked in AD Users for the Infrastructure role holder it says server
#2. I also verified via the NTDS util which shows server #2 as well.

Why does LDIFDE show something different? How do i make it to be server #2
rather than #1?

Thanks

Florian Frommherz [MVP]

unread,
Jan 5, 2010, 1:17:02 PM1/5/10
to
Howdie!

mtj7009 schrieb:

Which Infrastructure role holder is it that you want to export? Is it
the one of the domain NC or the one of the DomainDnsZones NC? Note that
it is a common "misunderstanding" that people think there's only one
Infrastructure role owner per domain. There actually is one per NC.
DomainDnsZones and ForestDnsZones are NCs as well as the domain NC is.

My guess is you have targeted ldifde to the DomainDnsZones NC and ADUC +
NTDSUtil to the domain NC.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
ANY advice you get on the Newsgroups should be tested thoroughly in your
lab.

Jorge Silva

unread,
Jan 5, 2010, 6:05:24 PM1/5/10
to
Hi
To discover the FSMO owner, to to each server and from cmd type:
netdom query fsmo

Run that cmd on both servers and post the results here.

--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.


"mtj7009" <MTJ...@newsgroup.nospam> wrote in message
news:B622B626-8B55-40B2...@microsoft.com...

Tim Quan [MSFT]

unread,
Jan 6, 2010, 12:57:28 AM1/6/10
to
Hi,

The managed support service of the newsgroup Windows Server Active
Directory is now available instead on:

Windows Server Directory Services forum:
http://social.technet.microsoft.com/Forums/en-US/winserverDS/threads

Would you please repost the question in the forum with the Windows Live ID
used to access your Subscription benefits? Our engineers will assist you in
the new platform. In the future, please post Windows Server related
questions directly to the forums. If you have any questions or concerns,
please feel free to contact us: tn...@microsoft.com.

Tim Quan - MSFT

Jorge de Almeida Pinto [MVP - DS]

unread,
Jan 7, 2010, 5:59:32 PM1/7/10
to
ADUC shows you the Infra FSMO of the AD domain.
The other you specified is for the partition/NC called DomainDNSZones.

Both have their own Infra FSMO

To succesfully do ADPREP /RODCPREP make sure to read:
http://support.microsoft.com/kb/949257


--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"mtj7009" <MTJ...@newsgroup.nospam> wrote in message
news:B622B626-8B55-40B2...@microsoft.com...

> __________ Information from ESET Smart Security, version of virus
> signature database 4752 (20100107) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>

__________ Information from ESET Smart Security, version of virus signature database 4752 (20100107) __________

The message was checked by ESET Smart Security.

http://www.eset.com

0 new messages