Infrastructure Master’s for App Partitions

One of our operations guys sent mail tonight with an error received trying to demote a server prior to rebuilding it with the next Win7 (Server 2008 R2?) milestone build.  The error was:

If you can’t read that, it says that the DCPROMO failed because it barfed trying to move a FSMO role holder for the DC=ForesetDNSZones partition.  His initial troubleshooting didn’t show a whole lot:

C:\Users\v-ntx>netdom query fsmo /domain xcorp.microsoft.com
Schema master               xcorp-dc-10.xcorp.microsoft.com
Domain naming master        xcorp-dc-10.xcorp.microsoft.com
PDC                         XCORP-DC-01.xcorp.microsoft.com
RID pool manager            xcorp-dc-10.xcorp.microsoft.com
Infrastructure master       xcorp-dc-10.xcorp.microsoft.com

The command completed successfully.

The only thing I can think is that xcorp-dc-03 is Win-7 M3escrow and the other servers are WS08 RTMF.

C:\LocalBin>dcchk xcorp
Server            Build  Site        Opt.    Ping     Sysvol   DCQuery   InSync GCQuery
—————   —–  ———   —-   ——-   ——   ——-   —— ——-
XCORP-DC-01       6001   Liberty      GC    Success    True    Success   True Success
XCORP-DC-03       6781   Liberty      GC    Success    True    Success   True Success
XCORP-DC-10       6001   Liberty      GC    Success    True    Success   True Success

The problem of course didn’t have anything to do with any of the other servers, but rather that since this is our pre-deployment lab environment, we crash and burn a lot of servers and normally don’t really worry about demoting them properly.

A quick reminder that application partitions have their own Infrastructure Master roles, and it was pretty easy to see that this is where our problem was:

Dn: CN=Infrastructure,DC=ForestDnsZones,DC=xcorp,DC=microsoft,DC=com
cn: Infrastructure;
distinguishedName: CN=Infrastructure,DC=ForestDnsZones,DC=xcorp,DC=microsoft,DC=com;
dSCorePropagationData: 0×0 = (  );
fSMORoleOwner: CN=NTDS SettingsADEL:41729533-c386-47a3-95bf-61e15b86af6f,CN=XCORP-DC-02ADEL:7b5b8121-bc44-416b-840b-2900689ab877,CN=Servers,CN=Liberty,CN=Sites,CN=Configuration,DC=xcorp,DC=microsoft,DC=com;

This got even easier for me, because rather than needing to type out a long e-mail explaining this whole phenomenon, I remembered that my buddy Ulf had already posted an extensive explanation over on his blog already!  So for your further reading enjoyment, head to http://msmvps.com/blogs/ulfbsimonweidner/archive/2008/07/31/how-many-infrastructure-masters-do-you-have.aspx for the full explanation.

If you just want to get it fixed, then your options are:

Use your favorite editing utility (I’m partial to LDP.EXE), and update the CN=Infrastructure objects fSMORoleOwner attribute with the DN for the NTDS Settings object of the server you want to move the role to.

…or…if you prefer…

Go to http://support.microsoft.com/kb/949257 and copy/paste the fixFSMO.vbs VBScript to your local server, and run it.  It’ll do the same thing automagically for you.