RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.
1) Create a RODC computer account in a domain with Windows Server 2008 domain functional level and all Windows Server 2008 R2 domain controllers (to ensure a Windows Server 2008 R2 helper DC updates the behavior version of the computer account to Win7)
2) Perform second stage promotion by attaching a Windows Server 2008 R2 RODC to the computer account
3) Demote the Windows Server 2008 R2 RODC but retain metadata using the /retainmetadata flag
4) Perform another second stage promotion. This time attach a Windows Server 2008 RODC to the existing computer account. On the 1st reboot after promotion, the RODC will blue screen with the following stop code:
“c00002e2 Directory Services could not start because of the following error: Exception Processing Message c00002e2”
If the computer account was previously occupied by a Windows Server 2008 R2 RODC and then demoted, an attempt to promote a Windows Server 2008 RODC into the same computer account may fail on reboot after promotion with the above error.
If the computer account was created prior to a domain functional level rollback, a new feature at the Windows Server 2008 R2 domain functional level, an attempt to promote a Windows Server 2008 RODC into the computer account may fail on reboot after promotion with the above error.
This is due to conflicting values for the msDS-Behavior-Version attribute on the nTDSDSA object representing the computer account (Win7) and the OS version of the RODC that was promoted using that computer account (Windows Server 2008).
To resolve this problem follow the steps below:
1) To recover the Windows Server 2008 machine you promoted to an RODC which then failed:
a. Boot into Directory Services Restore Mode (DSRM)
b. Demote the domain controller using the forced demotion feature
2) Delete RODC computer account used when failure occurred
3) Pre-create a new RODC computer account and perform a second stage RODC promotion by attaching to this computer account
For more information on RODCs please refer to the “Read-Only Domain Controller Planning and Deployment Guide” (http://technet.microsoft.com/en-us/library/cc771744.aspx)
MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALS”) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.