The correct format of the fSMORoleOwner field on the Infrastructure object

If you try to gracefully demote a domain controller from a domain where another DC has been forcibly removed, you may get an error saying that the machine was "unable to determine ownership of floating single-master operation roles". That happens when the forcibly-demoted DC was holding a FSMO role, even if that role was just the management of DomainDnsZones or ForestDnsZones, not one of the normal five.

The problem can be corrected by adjusting the fSMORoleOwner field on the Infrastructure object of the section with ADSI Edit. If you get the format wrong when you try to update the field, you'll receive an error telling you that the "role owner attribute could not be read". The correct format for the role owner field is this:

CN=NTDS Settings,CN=ServerName,CN=Servers,CN=SiteName,CN=Sites,CN=Configuration,DC=DomainName,DC=DomainTld

For example, this says that the new role owner in the default site of the example.com domain is a server called BIGBOX:

CN=NTDS Settings,CN=BIGBOX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com