DC卸载失败, 错误信息 Event ID: 2022 Event ID: 2091

问题描述：Windows Server 2008R2 DC卸载失败 Error messagewhen you run the "Adprep /rodcprep" command in Windows Server 2008:"Adprep could not contact a replica for partitionDC=DomainDnsZones,DC=Contoso,DC=com"

错误信息 Event ID: 2022 Event ID: 2091

原因分析：

查看日志报错信息如下

Event ID:2022

Theoperations master roles held by this directory server could not transfer to thefollowing remote directory server.

Remotedirectory server:

\\DC01.XXXXXX.COM

This is preventingremoval of this directory server.

UserAction

Investigatewhy the remote directory server might be unable to accept the operations masterroles, or manually transfer all the roles that are held by this directoryserver to the remote directory server. Then, try to remove this directoryserver again.

AdditionalData

Errorvalue:

5005 Thedirectory service is missing mandatory configuration information, and is unableto determine the ownership of floating single-master operation roles.

There wasalso a second Event ID: 2091

Ownershipof the following FSMO role is set to a server which is deleted or does notexist.

Operationswhich require contacting a FSMO operation master will fail until this conditionis corrected.  

FSMORole: CN=Infrastructure,DC=ForestDnsZones,DC=XXXXX,DC=COM

FSMOServer DN: CN=NTDSSettings\0ADEL:bf05e3dc-9acf-4de5-9358-89bc719fb445,CN=-AD01\0ADEL:dbe9f89d-aa5c-4ad0-bee6-618aa0f1fa31,CN=Servers,CN=MainOffice,CN=Sites,CN=Configuration,DC=U,DC=local

根据日志分析，可以看到FSMO的指向是非法的DC信息，该问题是由第二个新的域控制器具有与旧的死域控制器相同的IP地址造成的，这导致剩余的DC变得混乱，认为其丢失的DC仍然活着，并且破坏了FSMORole所有者的编辑，使用ADSI查看信息可以看到错误的FSMO信息

 

• 右键单击ADSI编辑根并单击连接...

• 使用以下连接点：DC = DomainDNSZones，DC =domain DC =com

• 单击默认命名上下文输入DC.domain.Com。

• 单击DC = DomainDNSZones

• 双击CN =Infrastructure。

• 找到fSMORoleOwner属性

如下图：

在上面，fSMORoleOwner中看到0ADEL，它指的是一个被删除的DC。

正确的FSMORoleOwner值应该为

解决方法

使用VBS脚本同步所有的DC服务器的FSMO信息（在拥有操作主机的DC上运行）

cscript fixfsmo.vbsdc=forestdnszones,dc=XXXXXX,dc=com

cscript fixfsmo.vbs dc=domaindnszones,dc=XXXXX,dc=com

如下命令保存成VBS脚本，然后执行

参考文档https://support.microsoft.com/zh-cn/kb/949257

 

 

 

const ADS_NAME_INITTYPE_GC = 3

const ADS_NAME_TYPE_1779 = 1

const ADS_NAME_TYPE_CANONICAL = 2

 

set inArgs = WScript.Arguments

 

if (inArgs.Count = 1) then

    'Assume the command line argument is the NDNC (in DN form) to use.

   NdncDN = inArgs(0)

Else

   Wscript.StdOut.Write "usage: cscript fixfsmo.vbs NdncDN"

End if

 

if (NdncDN <> "") then

 

    'Convert the DN form of the NDNC into DNS dotted form.

   Set objTranslator = CreateObject("NameTranslate")

   objTranslator.Init ADS_NAME_INITTYPE_GC, ""

   objTranslator.Set ADS_NAME_TYPE_1779, NdncDN

   strDomainDNS = objTranslator.Get(ADS_NAME_TYPE_CANONICAL)

   strDomainDNS = Left(strDomainDNS, len(strDomainDNS)-1)

    

   Wscript.Echo "DNS name: " & strDomainDNS

 

    'Find a domain controller that hosts this NDNC and that is online.

   set objRootDSE = GetObject("LDAP://" & strDomainDNS &"/RootDSE")

   strDnsHostName = objRootDSE.Get("dnsHostName")

   strDsServiceName = objRootDSE.Get("dsServiceName")

   Wscript.Echo "Using DC " & strDnsHostName

 

    'Get the current infrastructure fsmo.

   strInfraDN = "CN=Infrastructure," & NdncDN

   set objInfra = GetObject("LDAP://" & strInfraDN)

   Wscript.Echo "infra fsmo is " & objInfra.fsmoroleowner

 

    'If the current fsmo holder is deleted, set the fsmo holder to this domaincontroller.

 

   if (InStr(objInfra.fsmoroleowner, "\0ADEL:") > 0) then

 

       ' Set the fsmo holder to this domain controller.

       objInfra.Put "fSMORoleOwner", strDsServiceName

       objInfra.SetInfo

 

       ' Read the fsmo holder back.

       set objInfra = GetObject("LDAP://" & strInfraDN)

       Wscript.Echo "infra fsmochanged to:" & objInfra.fsmoroleowner

 

   End if

 

End if

转载于:https://blog.51cto.com/tianzj/1979220