The role owner attribute could not be read

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

The error message stated in the subject line occurs whenever I attempt to
either add an attribute to my active directory schema or add an attribute to
a class. I have researched the error message at the MSDN. It is mapped to
another error message: "8366 error_ds_invalid_role_owner". There is no
further explanations or suggestions to point me to where the problem resides.

This is a Windows 2000 Advanced Server with SP4 domain. This domain resides
in our development lab. We're trying to integrate a workflow COTS package
that requires some schema mods to complete the integration.

I am logged in with SchemaAdmin rights, I have set the registry setting to
allow write access to the schema. And the "allow the schema to be updated on
this server" option is checked.
1 answer Last reply
More about role owner attribute read
  1. Archived from groups: microsoft.public.win2000.advanced_server (More info?)

    Had the same problem on my test domain set-up.

    Now I have been doing quite a lot of DR work on this domain and have
    carried out Role transfers, Role Seizures etc in this domain in the
    past.

    Today, when I tried to modify the Schema I had the same problem, and
    tried all the usual diags (DCDIAG FsmoCheck and KnowsOfRoleHolders,
    NTDSUTIL, checking DNS Entries etc) and all passed OK.

    Out of interest, I then tried to perform a Schema Master Role Transfer
    To the DC it is already Sitting on and got a similar error (don't know
    if this is normal?)

    Anyhow, Since I know that this role had been at one stage siezed from
    another crashed DC which I've since re-built and re-promoted, I
    wondered if there may be still some references to the old role-holder
    lurking deep in the mysterious depths of AD somewhere.

    So, I went into NTDSUTIL and did a METADATA CLEANUP to remove the 'old'
    Role-holder DC (a bit brutal I know) - and that seems to have cured the
    problem.

    Now, I'm happy to do this in my test domain, but I'd be reluctant to
    take such a drastic step in a production environment - however it may
    provide some clues as to what has caused the problem in the first
    place.

    Incidentally - I didn't even Try DCPROMO'ing the 'old' role-holder back
    down - that may have cured the issue too, and would obviously be a much
    cleaner solution.
    BullDawg131 wrote:
    > *The error message stated in the subject line occurs whenever I
    > attempt to
    > either add an attribute to my active directory schema or add an
    > attribute to
    > a class. I have researched the error message at the MSDN. It is
    > mapped to
    > another error message: "8366 error_ds_invalid_role_owner". There is
    > no
    > further explanations or suggestions to point me to where the problem
    > resides.
    >
    > This is a Windows 2000 Advanced Server with SP4 domain. This domain
    > resides
    > in our development lab. We're trying to integrate a workflow COTS
    > package
    > that requires some schema mods to complete the integration.
    >
    > I am logged in with SchemaAdmin rights, I have set the registry
    > setting to
    > allow write access to the schema. And the "allow the schema to be
    > updated on
    > this server" option is checked. *


    --
    tynymynydd
    ------------------------------------------------------------------------
    Posted via http://www.mcse.ms
    ------------------------------------------------------------------------
    View this thread: http://www.mcse.ms/message963908.html
Ask a new question

Read More

Error Message Servers Windows