| Event Id | 2091 |
| Source | NTDS Replication |
| Description | Ownership of the following FSMO role is set to a server which is deleted or does not exist. Operations which require contacting a FSMO operation master will fail until this condition is corrected. FSMO Role: CN=Infrastructure,DC=ForestDnsZones,DC=mmicmanhomenet,DC=local FSMO Server DN: CN=NTDS Settings\0ADEL:71802418-3aa6-41d4-be34-05ae893e06f7,CN=W2K3SERVER\0ADEL:05c61c7f-2820-492c-bd9a-e9af8914fcea,CN=Servers, |
| Event Information | According to Microsoft: User Action: 1. Determine which server should hold the role in question. 2. Configuration view may be out of date. If the server in question has been promoted recently, verify that the Configuration partition has replicated from the new server recently. If the server in question has been demoted recently and the role transferred, verify that this server has replicated the partition (containing the latest role ownership) lately. 3. Determine whether the role is set properly on the FSMO role holder server. If the role is not set, utilize NTDSUTIL.EXE to transfer or seize the role. 4. Verify that replication of the FSMO partition between the FSMO role holder server and this server is occurring successfully. The following operations may be impacted: Schema: You will no longer be able to modify the schema for this forest. Domain Naming: You will no longer be able to add or remove domains from this forest. PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory accounts. RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups. Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed. Try with the following steps for FSMO Schema Master role: 1. Registering the schmmgmt.dll located in C:\windows\system32\ (i.e. from the cmd prompt C:\WINNT\system32>regsvr32 schmmgmt.dll). 2. Open an mmc and add the Active Directory Schema snapin. 3. Right click on the active directory schema and select Operations Master, this will show you the schema master.(the equivalent of netdom query fsmo). |
| Reference Links | How to remove data in Active Directory after an unsuccessful domain controller demotion How to view and transfer FSMO roles in Windows Server 2003 |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.