Demoting Domain Controller fails with msg: The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.

While trying to demote, dcpromo out, a domain controller the operation might fail with the following error

“The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.”

As you can notice, in my case, the partition at problems was DC=ForestDnsZones,DC=domain,DC=int.

To investigate more the problem I issued a dsquery command

dsquery * CN=Infrastructure,DC=ForestDnsZones,DC=domain,DC=int -attr fSMORoleOwner

The result clearly shows, as indicated in the event viewer, that the fSMORoleOwner is set to an orphaned object CN=NTDS Settings\0ADEL:xxxxxx

I opened ADSIEdit.msc and connected to: CN=Infrastructure,DC=ForestDnsZones,DC=domain,DC=int

right click -> Properties on “infrastructure” and looked for the fSMORoleOwner attribute and remove the \0ADEL:xxxxxx from CN=NTDS Settings\0ADEL:xxxxxx. I have seen instances where the domain controller was still active but it is just the \0ADEL:xxxxxx part that was wrong and I have also seen it where the server simply didn’t exist anymore.

The Value of the fSMORoleOwner should be in a similar format to: “CN=NTDS Settings,CN=SAMPLEDCNAME01,CN=Servers,CN=SampleSiteName,CN=Sites,CN=Configuration,DC=sampledomain,DC=com”

All looked pretty good, however when I tried to apply the changes I was faced with another error “The role owner attribute could not be read“.

The error above is from a Windows 2008 server, but the 2003 server error is a little different and it simply says “The role owner attribute could not be read.” and the solution is to connect to the server that actually has the Schema Master role and this shouldn’t be an issue.