You are currently offline, waiting for your internet to reconnect

You cannot promote a Windows Server 2003-based domain controller to be a global catalog server

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

SYMPTOMS
You cannot promote a Microsoft Windows Server 2003-based domain controller to be a global catalog server. After you try to assign the role of global catalog server to the Windows Server 2003-based domain controller by clicking the Global Catalog check box, the domain controller is not promoted to be a global catalog server. Information events that are similar to the following may be logged repeatedly in the Directory Services log.

Event 1559

Event Type: Information
Event Source: NTDS Replication
Event Category: Global Catalog
Event ID: 1559
Date: Date
Time: Time
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: Server Name
Description:The local domain controller has been selected to be a global catalog. However, the domain controller does not host a read-only replica of the following directory partition.

Directory partition:
DC=domain,DC=com

A precondition to becoming a global catalog is that a domain controller must host a read-only replica of all directory partitions in the forest. This event might have occurred because a Knowledge Consistency Checker (KCC) task has not completed or because the domain controller is unable to add a replica of the directory partition due to unavailable source domain controllers. An attempt to add the replica will be tried again at the next KCC interval.

Event 1578

Event Type: Information
Event Source: NTDS Replication
Event Category: Global Catalog
Event ID: 1578
Date: Date
Time: Time
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: Server Name
Description:Promotion of the local domain controller to a global catalog has been delayed because the directory partition occupancy requirements have not been met. The occupancy requirement level and current domain controller level are as follows.

Occupancy requirement level:6
Domain controller level:4

The following registry key value defines the directory partition occupancy requirement level.
Registry key value:HKeyLocalMachine\System\ CurrentControlSet\Services\NTDS\Parameters\Global Catalog Partition Occupancy

Event 1801

If you enable diagnostic logging for the Knowledge Consistency Checker (KCC) to level 1, the following event is logged:

Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge consistency checker
Event ID: 1801
Date: Date
Time: Time
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: Server Name
Description:The Knowledge Consistency Checker will not construct the topologyfor partition DC=domain,DC=com because knowledge of the partition's objectGuidhas not yet replicated to this domain controller.

Additional symptoms

When you type repadmin /showrepl at the command line of the Windows Server 2003-based domain controller, one or more of the domains may not appear.

When you try to add a connection by using the naming context of the missing domain, you may receive the following error message:
Error number: 8440.
The naming context specified for this replication operationis invalid.
CAUSE
This problem occurs when the domain-naming update for the domain has not reached the domain controller that is experiencing the problem. Or, the domain-naming update for a domain that is newly promoted may not have reached any domain controllers outside that domain.

You can verify whether the domain-naming update has reached all the domain controllers by modifying the dumpDatabase attribute on the domain controller that is experiencing the problem.For more information, click the following article number to view the article in the Microsoft Knowledge Base:
315098 How to use the online dbdump feature in Ldp.exe
In the dump file that you create, look for the cross-reference record for the domain. This cross-reference record has an object class 196619. Locate the record that the object class 196619 points to. Then, make sure that the object class that is contained in the record has an assigned GUID.

In the following example, object 5070 references object 5072. However, object 5072 is not assigned a GUID:
5070   4111   1      1459   true  3      DOMAIN  DOMAIN          5072   196619 - 6f73dba6-33e1-41e5-9330-c09a60a37942 4         objectclass: 196619, 655365071   2      2      -      false 2004-10-19 22:19:37 -     1376281 com                  com                   -      -      -                    -                                    -     5072   5071   5      -      false 2004-10-19 22:19:37 -     1376281 domain	        domain
RESOLUTION
To resolve this problem, use one of the following methods.

Method 1

If one or two domain controllers experience the problem, and other domain controllers in the same domain do not experience the problem, you must demote and then promote the domain controllers that are experiencing the problem. To do this, follow these steps:
  1. Log on to the Windows Server 2003-based domain controller by using an account that has domain administrator permissions.
  2. Click Start, click Run, type dcpromo, and then click OK.
  3. Follow the instructions in the wizard to demote the domain controller.
  4. After you demote the domain controller, restart the Windows Server 2003-based computer.
  5. Click Start, click Run, type dcpromo, and then click OK.
  6. Follow the instructions in the wizard to promote the Windows Server 2003-based domain controller.

Method 2

You must rebuild the domain that is mentioned in the event descriptions if one of the following conditions is true:
  • No domain controllers in the domain received the update.
  • The domain controllers that reside outside the domain that was reported in the event messages did not receive the update.
MORE INFORMATION
Event 1119 may be logged in the Directory Services log on the domain controller. This event may be logged after you assign the role of global catalog server to the domain controller, and after the account and the schema information is replicated to the new global catalog server.

The event description states that the computer is identified as a global catalog server. To confirm that the domain-naming master is a global catalog server, follow these steps:
  1. Click Start, click Run, type cmd, and then click OK.
  2. Type nltest /dsgetdc:domain_name /server:server_name, and then press ENTER.
  3. Verify that the GC flag is present on the server.
For example, when you type the command, you receive a message that is similar to the following if the GC flag is present:
DC: \\Server_Name
Address: \\IP Address
Dom Guid: 47bc7d87-309e-4a2a-bac3-c9866a66bab8
Dom Name: Domain_name
Forest Name: Domain_name.com
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_FOREST CLOSE_SITE

The command completed successfully
REFERENCES
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
232072 Initiating replication between Active Directory direct replication partners
For more information about similar problems on a Microsoft Windows 2000-based computer, click the following article number to view the article in the Microsoft Knowledge Base:
842208 You cannot promote a Windows 2000-based domain controller to a global catalog server
DCpromo replication Active Directory
Properties

Article ID: 889711 - Last Review: 03/29/2007 16:29:34 - Revision: 2.1

Microsoft Windows Server 2003, Web Edition, Microsoft Windows Server 2003, Standard Edition (32-bit x86), Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Microsoft Windows Server 2003, Datacenter Edition (32-bit x86), Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems, Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems

  • kbtshoot kbprb KB889711
Feedback
y>