i have aproblem when i add additional domain controler 2008 to domain contrloer with 2003 server i have prepare windows 2003 server forest prep , domain prep and group policy prep the error message is (you canot install an additional domain controler at this time becuse the rid master is ofline ) pls any one help me in this problem

this means that either your RId master is not reachable or its corrupted. Please try to ping the fsmo role holder and see its reachable if not try disabling the firewall and retry again. Thanks http://www.virmansec.com/blogs/skhairuddin

Hi, The cause is that Dcpromo attempts to identify the owner of the RID Master role by reading the fsmoRoleOwner attribute of CN=RID Manager$,CN=System,DC=<domain> and extracting the dnsHostName of the RID Master. Dcpromo then tries to initiate an LDAP connection over port 389 to the RID Master Server using its fully qualified computer name. If the LDAP connection fails for any reason, Dcpromo determines the RID Master to be offline. Initial sync failures by the RID FSMO should not cause this error. Run repadmin /showattr fsmo_rid: ncobj:domain: /filter:(objectclass=ridmanager) /subtree and either netdom query fsmo or dcdiag /test:<name of FSMO test> The output of the repadmin command will include the fSMORoleOwner. If the fSMORoleOwner distinguished name path that is returned from the command in the previous step is mangled or assigned to a deleted domain controller, remove the metadata for that domain controller and seize the role to a live domain controller that hosts a writable copy of the domain partition. Verify that RID master role is assigned to a live domain controller that has successfully inbound-replicated the domain directory partition since it last restarted from at least one other domain controller in the same domain. If the current role holder is the only live domain controller in the domain but its copy of Active Directory or AD DS refers to domain controllers that no longer exist, remove the stale metadata for those domain controllers, restart the live domain controller, and try promotion again. Troubleshooting errors http://technet.microsoft.com/en-us/library/upgrade-domain-controllers-to-windows-server-2008-r2(v=ws.10).aspx#BKMK_Tshoot BrentPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

In addition, if the RID master is strill unreachable, you can proceed by resizing of the RID master FSMO role. Once done, force the removal of the DC (dcpromo /forceremoval) and proceed by metadata cleanup. Have a look to this article about the Best Practices of Assiging FSMO roles. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration