Issues adding new DC to network after main DC broke down

What I try to do should be something simple but I made in ended up bad.

We have a virtual network and virtual machine set up on Azure East Asia region datacenter originally. Then, we decided to move all the resources to Southeast Asia region which datacenter is located at Singapore. Our offices are located in Malaysia, so, we think that data transfer will be faster to Singapore.

enter image description here

First, I prepared main DC, PYRUS, which sit on the Azure East Asia datacenter for custom virtual image capture by following this guide. Then, I generalized the vhd and captured the image by following this guide. I thought I can still start the generalized VM but later I found it is not possible, no turn back for me. Lastly, I tried to create the virtual machine followed this guide but it returned some general errors without useful debug information. After a day spent on fixing this, I had no luck and decided to give up this.

I came out with the idea to make one of the branch DC as main DC and add a new DC, LOTUS, on cloud and take over the main DC role later. I followed the steps here to seize the FSMO roles on IRIS and let LOTUS replicate everything from IRIS later. I followed the steps exactly, I seized infrastructure master, PDC, RIC master and naming master. I also deleted all DNS records on IRIS' DNS. When I tried to promote LOTUS as a new DC in the domain, I got these errors: enter image description here enter image description here

I spent half day looking for solution or possible clue on the error logs/event viewer of AD DC but couldn't find anything helpful to solve my problem.

I have limited knowledge on this screwed up everything. I have no clue on what to do now. Can anyone tell me the best solution for this or way to fix one of the issue above ?

I appreciate your help a lot. Thank you so so so much.


Moving comments to answer so as to avoid extended discussion via comments.

Run these two commands:

Foreach ($NC In (Get-ADRootDSE).namingContexts) { Get-ADObject "CN=Infrastructure,$NC" -Properties fSMORoleOwner }

And

Foreach ($NC In (Get-ADRootDSE).namingContexts) { Get-ADObject $NC -Properties fSMORoleOwner }

You need the Active Directory module for Powershell, which is installed on new domain controllers by default.

You might see a couple of errors, but ignore those. Look at the fSMORoleOwner attribute of any objects returned. Do any of them reference the old DC? If so, correct them.

(Stealing your screenshot)

fsmoRoleOwner

Use AD Sites and Services and go find the distinguished name of the NTDS Settings object under the extant (the new DC) domain controller. It will be something like this:

CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=contoso,DC=com

DC01 in your case will be IRIS.

In AD Sites and Services, right-click on the NTDS Settings object and go to Properties, and then to the Attribute Editor tab. Find and copy the distinguishedName.

Take this string and put it into the fsmoRoleOwner attribute of the objects that you found with the Powershell commands earlier. You will probably need to use ADSIEdit to locate them all.

Note: The procedure that I have described here should only be done after you have followed the normal metadata cleanup procedures. This is not a replacement for metadata cleanup, but rather a supplement to it.