Windows 2000 Domain - run DCPromo on Windows 2003 Server 1

[ceil32]

I have a Windows 2000 Domain with two Windows 2000 Servers as DC's

I now have a Windows 2003 Server that I want to make a DC and I get the following error:

The Active Directory Installation Wizard cannot continue because the forest is not prepared for installing Windows Server 2003. Use the Adprep.exe command-line tool to prepare both the forest and the domain. Fore more information about using Adprep.exe see Active Directory Help.

"The version of the Active Directory Schema of the source forest is not compatible with the version of the Active Directory on this computer."

If I run adprep /forestprep or adprep /domainprep will it affect any operations aside from allowing me run DCPromo on the new machine??

Is there anything else I should be aware of?

Thanks

 

[Roadki11]

Shouldnt cause any issues unless you are running exchange. Then there would be additional steps. When running domainprep and forestprep be sure to use adprep from cd2 of the w2k3 r2 discs.

RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

 

[ceil32]

Running Exchange 2000 on the Windows 2000 DC

I plan on running Exchange 2003 on the Server 2003 server

Do I run the Adprep & forestprep commands on existing DC or new server?

 

[Roadki11]

http://www.petri.co.il/windows_2003_adprep.htm

Dont skip the part about exchange.


RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

 

[Roadki11]

Didnt answer this one but im sure its in the link. You run the adpreps on the 2000 domain, it updates the 2000 schema to 2003's level.

RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

 

[ceil32]

Ok thanks for the assistance.

I ran ADPrep /forestprep and got the following error:

adprep encountered a win32 error . Error code : 0x57 error message: the parameter is incorrect

I googled it and found that I needed to run ntdsutil

I found that two roles were still held by a redundant DC - Schema master & Domain Naming Master - this server is long gone and it won't allow me to transfer the roles to the current Windows 2000 DC

I get the following error:

win32 error returned is 0x20af ( the requested fsmo operation failed. The current fsmo holder could not be contacted.)

Can anyone assist?

 

[Roadki11]

You will need to seize the FSMO roles if you cant transfer them.

http://support.microsoft.com/kb/255504

RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

 

[ceil32]

OK I was able to seize the two remaining roles successfully.

I re-ran ADPrep /forest and the following error:

"Adprep was unable to extend the schema. [Status/Consequence] The schema master did not complete a replication cycle after the last reboot. The schema master must complete at least one replication cycle before the schema can be extended. [User Action] Verify that the schema master is connected to the network and can communicate with other domain controllers. Use the Sites and Services snap-in to replicate between the schema operations master and at least one replication partner. After replication has succeeded, run adprep again."

There is only one DC at the moment - how can I get past this??

 

[ceil32]

I had a power spike and had to restart the Windows 2000 DC.

Some Clients are not getting an error when trying to logon to the domain:

'The system cannot log you on as the system's computer account in it's primary domain'

I ran NETDOM Query from the DC in question and it finds and connects to the DC in question as the PDC

I know I can probably resolve individually by unjoining the clients from the domain or renaming the pc's, but is there a way of fixing centrally?

 

[Roadki11]

You will probably have to clean up the metadata concerning the long lost DC. Is one or both of the remaining 2k DC's a GC? Here is a link for metadata cleanup. You should probably run a DCDIAG and NETDIAG checking for errors.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

 

[ceil32]

Here is the killer - the old DC came back up when the power spiked - I can replicate b/w the two DC's under AD Sites & Services.

I was able to get three clients back on the LAN by unjoining from domain, renaming and rejoining

Is there an easy method as DC/Domain level I can do??

Thanks

 

[Roadki11]

Umm, im starting to get a bit confused. You say the OLD DC came up after the power spike? Not the DC you seized the 2 FMSO roles from i hope?

RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

 

[ceil32]

Yes - the old DC that had the roles seized from it - I couldn't get it to power on at all and then when the UPS went awry today, it powered on - should I shut it down?

 

[Roadki11]

Yes i would shut it down.

RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

 

[ceil32]

Ok I've shut that 'rogue' DC - is there a way of automatically resyncing all the pc accounts with the PDC now, so I don't have to go through the unjoining etc??

 

[Roadki11]

Start by making sure your FSMO roles are all accounted for and are being held by current production DC's. Make sure you have at least 1 GC also. Here is a link for how to do that:

http://www.petri.co.il/determining_fsmo_role_holders.htm

RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

 

[ceil32]

That worked - thanks for the help.

Getting back on track, I need a newer version of ADPrep - I can't find it on the MS Download site - can anyone advise where I can find it?

 

[Roadki11]

Its on the 2nd CD of W2k3 R2 media.

RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

 

[ceil32]

OK I ran the updated version of ADPREP and got the following error:

ADPREP WARNING: Before running adprep, all Windows 2000 domain controllers in the forest should be upgraded to Windows 2000 Service Pack 1 (SP1) with QFE 265089, or to Windows 2000 SP2 (or later). QFE 265089 (included in Windows 2000 SP2 and later) is required to prevent potential domain controller corruption. For more information about preparing your forest and domain see KB article Q331161 at

http://support.microsoft.com.

[User Action] If ALL your existing Windows 2000 domain controllers meet this requirement, type C and then press ENTER to continue. Otherwise, type any other key and press ENTER to quit.



Adprep was unable to extend the schema.[Status/Consequence]There is a schema conflict with Exchange 2000. The schema is not upgraded.[User Action]The schema conflict must be resolved before running adprep. Resolve the schema conflict, allow the change to replicate between all replication partners, and then run Adprep. For information on resolving the conflict, see Microsoft Knowledge Base article Q325379.


-------

I then ran Ldifde outputting to inetOrgPersonFix.ldf and got the following error:

Connecting to "ceilexchange.messerec.com"
Logging in as current user using SSPI
Importing directory from file "inetorgpersonfix.ldf"
Error occured during initialization
File operation failure
0 entries modified successfully.
An error has occurred in the program


----------

Can anyone assist?

 

[Roadki11]

The user you are using, is it a member of Schema Admins?


RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen