Error message when you run the "Adprep /rodcprep" command in Windows Server 2008
“Adprep could not contact a replica for partition DC=DomainDnsZones,DC=Domain,DC=suffix”
“Adprep could not contact a replica for partition DC=DomainDnsZones,DC=Subdomain,DC=Domain,DC=suffix”
“Adprep could not contact a replica for partition DC=ForestDnsZones,DC=Domain,DC=suffix”
Note: I could not get the VB script that Microsoft provided in the above KB article to work. I received the following error, “fixfsmo.vbs(1, 1) Microsoft VBscript compilation error: Expected statement”.
Here’s the way I ended up fixing the problem:
- Open ADSIEdit
- Connect to DC=DomainDnsZones,DC=domain,DC=suffix
- Expand it and select CN=Infrastructure
- Right click, click on Properties and look at the fsmoRoleOwner attribute. In my case it was referencing a deleted domain controller:
CN=NTDS SettingsADEL:0db95bd9-0a15-46d8-9665-951689a3c7f9,CN=PFCSRDC1ADEL:5bcf835e-adb2-4eba-9a3e-bccc9611fc78,CN=Servers,CN=PFCS,CN=Sites,CN=Configuration,DC=pfcs,DC=farm
- This means that AD has a bad value for the infrastructure master because the infrastructure master for the referenced partition or partitions has been forcefully demoted or is offline.
- You will need to copy the correct path to the infrastructure master into the fsmoRoleOwner value. To do this, first determine what server your infrastructure master is supposed to be using AD Users and Computers.
- Once you have the <servername>, go back into ADSIEdit.
- Connect to the Configuration partition.
- Expand CN=Sites, CN=<site where Infrastructure Master server is located>, CN=<server name> and go to properties of CN=NTDS Settings.
- Edit the distinguishedName attribute, select the value and copy it into the clipboard.
- Now go back to the Infrastructure object underneath DomainDNSZones, and copy
the value you got into the fsmoRoleOwner attribute. - This will have to be done for each partition with a bad value.
- After AD has been cleaned up rerun the “Adprep /rodcprep” command.
this did not work, however it appears that all you need is to comment out the (title) first line of the script before you save it.
te script works fine afterwards..
Jim
August 24, 2008 at 1:47 pm
Can the script be run against the ForestDNSZones?
I noticed that fSMORoleOwner when using adsiedit and looking CN=Infrastructure under the DC=ForestDNSZones,DC=####,DC=### is shown to be an old server that was demoted sometime ago.
JimB
November 16, 2008 at 11:36 pm
JimB:
Yes, I ran the script against the ForestDNSZones and it seemed to work for me. I know this is a very old response, but for what it’s worth I thought I would pass this along.
Mike
March 12, 2009 at 3:36 pm