5 FSMO roles? Oh, no. There are Hidden FSMO roles that they don’t tell you about! They don’t want you to know about these until you run into a problem!
Have you even been unable to demote a domain controller? It tells you that it can’t determine the fSMORoleOwner – even though a netdom query FSMO returns all 5 roles?
You may also get: “The Directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles”
Well, there are two hidden roles: CN=Infrastructure,DC=ForestDnsZones and CN=Infrastructure,DC=DomainDnsZones,DC=
So, the next time you are transferring FSMO roles, you need to move these two as well – before you Decom the old Role Holder!
Run adsi edit as admin.
Right click on ADSI Edit, select Connect to the naming context “DC=DomainDnsZones,DC=yourdomain,DC=tld”
Click and expand the new “Default naming context” – click on the connection point, move to the right column and click Infrastructure:
Right click and select properties or double click to edit.
Scroll to fSMORoleOwner
Double click to edit.
Repeat for naming context “DC=ForestDnsZones,DC=yourdomain,DC=tld”
The fSMORoleOwner in each “Infrastructure” should match.