Question : 2 FSMO roles messed up, also cannot create a second global catalog

I am having a huge problem. On my network i have 2 servers, serverA and serverB, that are functioning as domain controllers. both are running server 2003, service pack 1. all 5 fsmo roles were on serverA and serverA was also the ONLY global catalog on the network.

one day our UPS went on the fritz and browned out with serverA plugged in, and messed up some stuff. long story short, we have a new server to replace serverA. Before dcpromoing the new serverA up, i wanted to move all of the fsmo roles onto serverB and make serverB a global catalog. I moved 3 of the fsmo roles no problem, the PDC, RID master and infrastructure master. The other two, Domain namming master and schema master, wouldnt transfer. - not a huge concern as i can always seize these later.

however before i take down serverA, i need to make serverB a global catalog. when i go into active directory sites and services, and go into the properties on the NTDS settings for serverB and check the box to make it a Global Catalog, it gives me the following error when i hit apply:

"The following Active Directory error occurred: The directory service encounterd an unknown failure."

so the question is, how can i make serverB a global catalog?

Answer : 2 FSMO roles messed up, also cannot create a second global catalog

You are a little outside of the normal 'role seizure' environment. For example, you are not seizing a working FSMO role from a failed/broken/powered-down server, you are asking a new server to 'create' the role and the relevant values from nothing as the other DC has what sounds like a corrupted set of entries. As you had no other DC in place at the time, the new DC cannot reference anuthing to seize.

You have the entries (3 roles) in place for your domain but the higher two roles which are Forest specific, the domain naming and the schema roles, were only held on the original server A.

What backups did you take of server A? Did these include system states? How often were you taking them and with what software? It may be too late now as you have already commenced seizing roles but this is why Microsoft states that this is the last resort, not the first. There are a number of processes available within the MS toolset to perform a DC restore but again, now you have moved FSMO roles around, this may be an option that is closed to you.

To be brutal (and not knowing your overall setup), now may be the time to create your new server with a fresh OS build and then restore your backups onto it from before the UPS failure then restore the data only from your last backup to bring it back up to date whilst all the other servers are disconnected from the network. Once done, shut this box down and bring up your server B. Do the same again, restore the system state to prior transfering the roles so that it is just a DC and shut it down again. Bring the new server A back on-line then the restored server B and let them resync etc.
Lastly, get the GC role assigned to server B :)

Random Solutions

Multicast Server

sendmail : how to stop sending of mails ?

Receiving GPS Data via GPRS

trimming native_stdout.log

WSUS error: Compiler Error Message: CS0016: Could not write to output file...access is denied

will https pages rank lower in seo than http pages

Two Computers Will Not Connect To Internet When Both Are Connected To Speedstream 6520 Modem/Router