Operational master error

July 18, 2007

When i right click the AD user and computer to view the operational master

role (FSMO), the RID, infrastructure and PDC all have error and i cannot add

group policy. Pls help.

Daniel

July 18, 2007

Re: Operational master error

What's the error message?

Bob Lin, MS-MVP, MCSE & CNE

Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net

How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com

"Daniel" <danieltbt05@gmail.com> wrote in message news:eGMPXISyHHA.2172@TK2MSFTNGP06.phx.gbl...

When i right click the AD user and computer to view the operational master

role (FSMO), the RID, infrastructure and PDC all have error and i cannot add

group policy. Pls help.

Daniel

July 18, 2007

RE: Operational master error

Hi Daniel,

Drop to a command prompt and type Netdom Query FSMO

See who holds the roles

Also what error are you getting when you try to

1) Add a new user

2) Add a new Group Policy

Thanks

"Daniel" wrote:

> When i right click the AD user and computer to view the operational master

> role (FSMO), the RID, infrastructure and PDC all have error and i cannot add

> group policy. Pls help.

>

> Daniel

>

July 19, 2007

Re: Operational master error

I cannot open the domain security policy(group policy editor) in the star menu-> admin tools. It gives the error message "Fail to open group policy object. You may not have the appropriate rights. The specific domain does not exist or could not be contacted." . But i can use mmc to add group policy snap-in. The operational master role fields all have error. I cannot add user in AD user and computers and error is GC cannot be contacted. FYI, this DC is setup through another DC and it is setup as an additional Dc in the single domain, while that first DC is offline now.

Daniel

"Robert L [MVP - Networking]" <noreply@hotmail.com> wrote in message news:e$jccmUyHHA.4928@TK2MSFTNGP03.phx.gbl...

What's the error message?

Bob Lin, MS-MVP, MCSE & CNE

Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net

How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com

"Daniel" <danieltbt05@gmail.com> wrote in message news:eGMPXISyHHA.2172@TK2MSFTNGP06.phx.gbl...

When i right click the AD user and computer to view the operational master

role (FSMO), the RID, infrastructure and PDC all have error and i cannot add

group policy. Pls help.

Daniel

July 19, 2007

Re: Operational master error

I cannot add new user and the error is GC cannot be contacted and is

offline. All the operational master fields have error. Pls refer to the

earlier message i post. Thanks

Daniel

"Rob (Microsoft)" <Rob (Microsoft)@discussions.microsoft.com> wrote in

message news:D1557AB8-8DCE-4E86-BB4C-486459BB379A@microsoft.com...

> Hi Daniel,

>

> Drop to a command prompt and type Netdom Query FSMO

> See who holds the roles

>

> Also what error are you getting when you try to

>

> 1) Add a new user

> 2) Add a new Group Policy

>

> Thanks

> "Daniel" wrote:

>

>> When i right click the AD user and computer to view the operational

>> master

>> role (FSMO), the RID, infrastructure and PDC all have error and i cannot

>> add

>> group policy. Pls help.

>>

>> Daniel

>>

July 19, 2007

Re: Operational master error

After you have done all of the other things, is this the only DC in the

environment?

"Daniel" wrote:

> I cannot open the domain security policy(group policy editor) in the star menu-> admin tools. It gives the error message "Fail to open group policy object. You may not have the appropriate rights. The specific domain does not exist or could not be contacted." . But i can use mmc to add group policy snap-in. The operational master role fields all have error. I cannot add user in AD user and computers and error is GC cannot be contacted. FYI, this DC is setup through another DC and it is setup as an additional Dc in the single domain, while that first DC is offline now.

>

> Daniel

>

> "Robert L [MVP - Networking]" <noreply@hotmail.com> wrote in message news:e$jccmUyHHA.4928@TK2MSFTNGP03.phx.gbl...

> What's the error message?

>

> Bob Lin, MS-MVP, MCSE & CNE

> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net

> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com

> "Daniel" <danieltbt05@gmail.com> wrote in message news:eGMPXISyHHA.2172@TK2MSFTNGP06.phx.gbl...

> When i right click the AD user and computer to view the operational master

> role (FSMO), the RID, infrastructure and PDC all have error and i cannot add

> group policy. Pls help.

>

> Daniel

>

July 19, 2007

Re: Operational master error

Ok first

Open your TCP/IP properties and make sure DNS is only pointed to your DNS

server.

If you have multiple NIC's disable all but 1 of them.

Drop down to a CMD prompt and type Netdiag /Fix

(Netdiag is part of the support tools)

Open Active directory Sites and Services

Expand your Site

Right click on the "NTDS settings" under the server and choose properties

Make sure the Global Catalog checkbox is checked

If it is not checked, put a check mark in it, wait 10 minutes and reboot the

server

Open Regedit

HKLM\System\CCS\Control\LSA check the crash on audit fail value. If it is a

2 set it to a 1 and clear out your security logs.

Under HKLM\System\CCS\Services\Lanmanserver\Parameters

Make sure require secure signature is set to a 0

Under HKLM\System\CCS\Services\Lanmanworkstation\Parameters

Make sure require secure signature is set to a 0

"Daniel" wrote:

> I cannot add new user and the error is GC cannot be contacted and is

> offline. All the operational master fields have error. Pls refer to the

> earlier message i post. Thanks

>

> Daniel

>

> "Rob (Microsoft)" <Rob (Microsoft)@discussions.microsoft.com> wrote in

> message news:D1557AB8-8DCE-4E86-BB4C-486459BB379A@microsoft.com...

> > Hi Daniel,

> >

> > Drop to a command prompt and type Netdom Query FSMO

> > See who holds the roles

> >

> > Also what error are you getting when you try to

> >

> > 1) Add a new user

> > 2) Add a new Group Policy

> >

> > Thanks

> > "Daniel" wrote:

> >

> >> When i right click the AD user and computer to view the operational

> >> master

> >> role (FSMO), the RID, infrastructure and PDC all have error and i cannot

> >> add

> >> group policy. Pls help.

> >>

> >> Daniel

> >>

>

July 19, 2007

Re: Operational master error

Hi Rob, cannot find any command with Netdom Query FSMO.

Daniel

"Rob (Microsoft)" <Rob (Microsoft)@discussions.microsoft.com> wrote in

message news:D1557AB8-8DCE-4E86-BB4C-486459BB379A@microsoft.com...

> Hi Daniel,

>

> Drop to a command prompt and type Netdom Query FSMO

> See who holds the roles

>

> Also what error are you getting when you try to

>

> 1) Add a new user

> 2) Add a new Group Policy

>

> Thanks

> "Daniel" wrote:

>

>> When i right click the AD user and computer to view the operational

>> master

>> role (FSMO), the RID, infrastructure and PDC all have error and i cannot

>> add

>> group policy. Pls help.

>>

>> Daniel

>>

July 19, 2007

Re: Operational master error

I know why it cannot find domain controller because this DC was setup as an

additional DC from another DC and i've make that 1st DC online again and

everything is fine now. The FSMO role is holded by the 1st DC. Is it ok to

change the FSMO role in this DC ?

Daniel

"Rob (Microsoft)" <RobMicrosoft@discussions.microsoft.com> wrote in message

news:B88B8166-BAC7-42E3-8CA2-F1C775AE6C8E@microsoft.com...

> After you have done all of the other things, is this the only DC in the

> environment?

>

> "Daniel" wrote:

>

>> I cannot open the domain security policy(group policy editor) in the star

>> menu-> admin tools. It gives the error message "Fail to open group policy

>> object. You may not have the appropriate rights. The specific domain does

>> not exist or could not be contacted." . But i can use mmc to add group

>> policy snap-in. The operational master role fields all have error. I

>> cannot add user in AD user and computers and error is GC cannot be

>> contacted. FYI, this DC is setup through another DC and it is setup as an

>> additional Dc in the single domain, while that first DC is offline now.

>>

>> Daniel

>>

>> "Robert L [MVP - Networking]" <noreply@hotmail.com> wrote in message

>> news:e$jccmUyHHA.4928@TK2MSFTNGP03.phx.gbl...

>> What's the error message?

>>

>> Bob Lin, MS-MVP, MCSE & CNE

>> Networking, Internet, Routing, VPN Troubleshooting on

>> http://www.ChicagoTech.net

>> How to Setup Windows, Network, VPN & Remote Access on

>> http://www.HowToNetworking.com

>> "Daniel" <danieltbt05@gmail.com> wrote in message

>> news:eGMPXISyHHA.2172@TK2MSFTNGP06.phx.gbl...

>> When i right click the AD user and computer to view the operational

>> master

>> role (FSMO), the RID, infrastructure and PDC all have error and i

>> cannot add

>> group policy. Pls help.

>>

>> Daniel

>>

July 19, 2007

Re: Operational master error

Netdom is part of the support tools

"Daniel" wrote:

> Hi Rob, cannot find any command with Netdom Query FSMO.

>

> Daniel

>

> "Rob (Microsoft)" <Rob (Microsoft)@discussions.microsoft.com> wrote in

> message news:D1557AB8-8DCE-4E86-BB4C-486459BB379A@microsoft.com...

> > Hi Daniel,

> >

> > Drop to a command prompt and type Netdom Query FSMO

> > See who holds the roles

> >

> > Also what error are you getting when you try to

> >

> > 1) Add a new user

> > 2) Add a new Group Policy

> >

> > Thanks

> > "Daniel" wrote:

> >

> >> When i right click the AD user and computer to view the operational

> >> master

> >> role (FSMO), the RID, infrastructure and PDC all have error and i cannot

> >> add

> >> group policy. Pls help.

> >>

> >> Daniel

> >>

>

July 19, 2007

Re: Operational master error

Hi Daniel,

It is OK to transfer the roles to that DC.

Before you do that though, you need to make sure that this machine is also a

global catalog server.

To do this you need to open AD sites and services

Under the machine right click on NTDS settings and choose properties

Then put a check in Global catalog

To gracefully transfer the roles you will need to

1) Open Active Directory Users and computers

2) Right click on the words Active Directory Users and computer (Windows

2000) or on the domain name (Windows 2003) and choose operations master

3) On each of the tabs you will need click on change

4) Open Active Directory Domains and Trusts

5) Right click on the words Active Directory domains and trusts and choose

operations master

6) Click change

7) Click Start/Run and type Regsvr32 schmmgmt.dll

8) Open MMC

9) Add the Active Directory Schema

10) Right click on the word Active Directory Schema and click change domain

controller

11) Change the domain controller view to the one you want to transfer the

role to

12) Click OK

13) Click the + next to Active Directory Schema

14) Right click on Active Directory Schema and choose operations master

15) Click change (Note you must be a schema admin)

I hope this helps

Thanks

"Daniel" wrote:

> I know why it cannot find domain controller because this DC was setup as an

> additional DC from another DC and i've make that 1st DC online again and

> everything is fine now. The FSMO role is holded by the 1st DC. Is it ok to

> change the FSMO role in this DC ?

>

> Daniel

>

> "Rob (Microsoft)" <RobMicrosoft@discussions.microsoft.com> wrote in message

> news:B88B8166-BAC7-42E3-8CA2-F1C775AE6C8E@microsoft.com...

> > After you have done all of the other things, is this the only DC in the

> > environment?

> >

> > "Daniel" wrote:

> >

> >> I cannot open the domain security policy(group policy editor) in the star

> >> menu-> admin tools. It gives the error message "Fail to open group policy

> >> object. You may not have the appropriate rights. The specific domain does

> >> not exist or could not be contacted." . But i can use mmc to add group

> >> policy snap-in. The operational master role fields all have error. I

> >> cannot add user in AD user and computers and error is GC cannot be

> >> contacted. FYI, this DC is setup through another DC and it is setup as an

> >> additional Dc in the single domain, while that first DC is offline now.

> >>

> >> Daniel

> >>

> >> "Robert L [MVP - Networking]" <noreply@hotmail.com> wrote in message

> >> news:e$jccmUyHHA.4928@TK2MSFTNGP03.phx.gbl...

> >> What's the error message?

> >>

> >> Bob Lin, MS-MVP, MCSE & CNE

> >> Networking, Internet, Routing, VPN Troubleshooting on

> >> http://www.ChicagoTech.net

> >> How to Setup Windows, Network, VPN & Remote Access on

> >> http://www.HowToNetworking.com

> >> "Daniel" <danieltbt05@gmail.com> wrote in message

> >> news:eGMPXISyHHA.2172@TK2MSFTNGP06.phx.gbl...

> >> When i right click the AD user and computer to view the operational

> >> master

> >> role (FSMO), the RID, infrastructure and PDC all have error and i

> >> cannot add

> >> group policy. Pls help.

> >>

> >> Daniel

> >>

>

July 19, 2007

Re: Operational master error

I also have similar case posted here:

Cannot edit domain GPOWhen you select the Edit of Default Domain Policy, you may receive these message: “Failed to open the Group Policy Object. You may not have appropriate ...

http://www.chicagotech.net/Security/domaingp1.htm

Bob Lin, MS-MVP, MCSE & CNE

Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net

How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com

"Rob (Microsoft)" <RobMicrosoft@discussions.microsoft.com> wrote in message news:94E49024-1202-41BC-85A2-F8EDEB604F87@microsoft.com...