The role owner attribute could not be read

[Guest]

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

The error message stated in the subject line occurs whenever I attempt to
either add an attribute to my active directory schema or add an attribute to
a class. I have researched the error message at the MSDN. It is mapped to
another error message: "8366 error_ds_invalid_role_owner". There is no
further explanations or suggestions to point me to where the problem resides.

This is a Windows 2000 Advanced Server with SP4 domain. This domain resides
in our development lab. We're trying to integrate a workflow COTS package
that requires some schema mods to complete the integration.

I am logged in with SchemaAdmin rights, I have set the registry setting to
allow write access to the schema. And the "allow the schema to be updated on
this server" option is checked.

 

[Guest]

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Had the same problem on my test domain set-up.

Now I have been doing quite a lot of DR work on this domain and have
carried out Role transfers, Role Seizures etc in this domain in the
past.

Today, when I tried to modify the Schema I had the same problem, and
tried all the usual diags (DCDIAG FsmoCheck and KnowsOfRoleHolders,
NTDSUTIL, checking DNS Entries etc) and all passed OK.

Out of interest, I then tried to perform a Schema Master Role Transfer
To the DC it is already Sitting on and got a similar error (don't know
if this is normal?)

Anyhow, Since I know that this role had been at one stage siezed from
another crashed DC which I've since re-built and re-promoted, I
wondered if there may be still some references to the old role-holder
lurking deep in the mysterious depths of AD somewhere.

So, I went into NTDSUTIL and did a METADATA CLEANUP to remove the 'old'
Role-holder DC (a bit brutal I know) - and that seems to have cured the
problem.

Now, I'm happy to do this in my test domain, but I'd be reluctant to
take such a drastic step in a production environment - however it may
provide some clues as to what has caused the problem in the first
place.

Incidentally - I didn't even Try DCPROMO'ing the 'old' role-holder back
down - that may have cured the issue too, and would obviously be a much
cleaner solution.
BullDawg131 wrote:
> *The error message stated in the subject line occurs whenever I
> attempt to
> either add an attribute to my active directory schema or add an
> attribute to
> a class. I have researched the error message at the MSDN. It is
> mapped to
> another error message: "8366 error_ds_invalid_role_owner". There is
> no
> further explanations or suggestions to point me to where the problem
> resides.
>
> This is a Windows 2000 Advanced Server with SP4 domain. This domain
> resides
> in our development lab. We're trying to integrate a workflow COTS
> package
> that requires some schema mods to complete the integration.
>
> I am logged in with SchemaAdmin rights, I have set the registry
> setting to
> allow write access to the schema. And the "allow the schema to be
> updated on
> this server" option is checked. *



--
tynymynydd
------------------------------------------------------------------------
Posted via http://www.mcse.ms
------------------------------------------------------------------------
View this thread: http://www.mcse.ms/message963908.html