Hi,
I would request you to post the question on Windows TechNet server Forums:
Here is the link:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/home
Regards,
Error verifying Global Catalog server
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
Hi Everyone,
I'm Jayson, newbie in Windows Server Administration. This is my first time posting here in Microsoft. Hope could find the right solution.
Here's my scenario:
I have 2 domain controllers in a Windows 2000 Forest (Domain A), Server A and Server B. Server A contains all the FSMO Role and holding the Global Catalog while Server B is not a GC and obviously not a FSMO holder. Server A went down because of a Hardware Problem and cannot boot up anymore. Seizing the all FSMO role will using NTDSUTIL was my first option but it always failed. Users authentication is not possible at this point, luckily Windows 2000 Forest (Domain A) has an existing Forest Trust to a Windows 2008 Forest (Domain B) so I authenticated there and managed to connect Active Directory services of Windows 2000 Forest. From there i was able to force transfer the PDC Role, Infrastructure, RID and Schema Master (Using ADUC and AD Schema GUI). And there comes my problem seizuring Domain Naming Master. In GUI (AD Domains and Trust), Change Operations master is greyed out and in NTDSUTIL (CMD) i got this error:
ldap_modify_sW error 0x35(53 (Unwilling To Perform).
Ldap extended error message is 0000214B: SvcErr: DSID-
03210792, problem 5003 (WI
LL_NOT_PERFORM), data 0
Win32 error returned is 0x214b(Only DSAs configured to be
Global Catalog servers
should be allowed to hold the Domain Naming Master FSMO
role.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Role seizure is forbidden in this case
So from here i made Server B as Global Catalog but another problem came up, it does not recognized it self as a Global Catalog. From here i also determine that the Authentication problem also caused by the GC holder was down and creation of unique User Objects is not possible even thought RID Master has been seize already. I got this error by the way:
"Windows cannot validate the uniqueness of this proposed user name with global catalog server because:
The server is not operational. Windows will create this user account, but the user can log on only after the
username is verified to be unique. "
Hope someone has solved this. Many Thans!
Windows for home | Other | Performance and system failures
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
1 answer
Sort by: Most helpful
-
Anonymous
2016-01-31T11:50:53+00:00