We help IT Professionals succeed at work.

Windows 2003 server in Windows 2000 domain: adprep

Lord_Mainframe
on
1,549 Views
Last Modified: 2010-04-13
We recently purchased a new 2003 server unaware of the tasks that were in store for us.  After reading the manual and determining the steps to add a 2003 to an existing 2000 domain we located the schema master and infrastructure master (which are the same machine).  We made a backup of this machine and then proceeded with the steps of using : adprep /forestprep  on the 2003 server cd.
This gave us the follwing error.

Error: failed to transfer the schema fsmo role: 52 <unavaliable>

This DC and all of the other DCs think that this machine is in fact the schema master.  What should I try now?
Thank you for your help in advance.
Comment
Watch Question

Pete LongTechnical Architect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Hi Lord_Mainframe,
go to another Domain Controller and seize the FSMO roles

To move the FSMO roles from one computer to another, you can use two different methods. The first method is a transfer and is the method that is recommended. You can use the first method if both computers are running. Use the second method if the FSMO roles holder is offline. The second method requires you to use the Ntdsutil.exe tool to seize the roles.

Note Only seize the FSMO roles to the remaining Active Directory domain controllers if you are removing the FSMO role holder from the domain or forest.

To seize or transfer the FSMO roles by using Ntdsutil, follow these steps:
1.      On any domain controller, click Start, click Run, type ntdsutil in the Open box, and then click OK.

Note Microsoft recommends that you use the domain controller that is taking the FSMO roles.
2.      Type roles, and then press ENTER.

To see a list of available commands at any of the prompts in the Ntdsutil tool, type ?, and then press ENTER.
3.      Type connections, and then press ENTER.
4.      Type connect to server servername, where servername is the name of the server you want to use, and then press ENTER.
5.      At the server connections: prompt, type q, and then press ENTER again.
6.      Type seize role, where role is the role you want to seize. For a list of roles that you can seize, type ? at the Fsmo maintenance: prompt, and then press ENTER, or consult the list of roles at the beginning of this article. For example, to seize the RID Master role, you would type seize rid master. The one exception is for the PDC Emulator role, whose syntax would be "seize pdc" and not "seize pdc emulator".

PeteL

Commented:
Hello,
verify that the user you are performing this operation is a member of the schema admins.
If it is not then add this user directly to this group then try again after replication has taken place

Also, what service packs do you have on the existing 2000DCs?

Author

Commented:
The server on which I am performing this ADPREP controlls all of the roles at this time.  I checked to see if I am member of schema admins and as I suspected I am, I am using the network administrator account which is a member of just about everything I should need.

Commented:
Hello,

I think you should put yourself directly in the schema admins group.
Its worth a try.

Did adprep finish doing its job?

run adsiedit and look for these values that will be present after adprep/forestprep
Expand the Configuration container and verify that CN=ForestUpdates has been created.
Expand CN=ForestUpdates and verify that CN=Windows2003Upgrade ( or CN=Windows2003Update) is present

these values will be present after adprep/domainprep has finished
expand the Domain container, and then go to DC=domainname,DC=com, CN=System, CN=DomainUpdates. Verify that CN=Windows2003Upgrade is present

Check this location for the adprep log file:
%systemroot%\System32\Debug\Adprep

Is there anythinhg not working correctly?
Any replication errors in Event log?

If the values I gave you above are present, and there are no errors in the event log then it is starting to sound like a non-problem.
Especially considering the fact that it DID transfer the schema role

Let us know what you find...

Author

Commented:
I checked my membership under the schema admins group again just to make sure.  I am in fact a member of the schema admins group.  

Just to be sure, is there something I can do to test to see if I am truly a member of the schema admins instead of just looking under the users and computers?

Back to the ADPREP /FORESTPREP.  It did not complete.  Those values were not created.  The ADPREP /DOMAINPREP also confirmed that when it said the forestprep had not been completed.

If you can get back to me as to how to check to make sure my schema admins priveleges are working that would be great and we can go from there to start narrowing the problem.

Thank you
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Commented:
Thanks goatman1..thats good to know.
I'm sure it will keep coming up as a problem for people.

Its such an obvious step :o)

Commented:
I know this may seem like a silly question, but did you remember to enable changing the Schema on the Schema master?

Click Start.. Run..  Type MMC and hit ENTER
Click Console.. and Choose Add/Remove Snap-In
Click Add.. Highlight "Active Directory Schema"
Click Add.. Click Close.. Click OK
Highlight "Active Directory Schema"
Right-Click "Active Directory Schema"
Choose "Operations Master"
Check "The Schema may be modified on this Domain Controller"
Click OK

Now try to run adprep

jbiggs

Commented:
jbiggs

We did perform the steps you outlined as part of our troubleshooting procedures and confirmed that the DC had the proper settings.

A good idea to check it though, sometimes you can miss the obvious.

Thanks for the input.

Author

Commented:
I didn't end up actually doing this on MY domain but now that several of you gave me great information i started analyzing the problem that occured.  I tested it on another domain with a simulated problem like the one i was having.  jbiggs had a great suggestion but the solution to the problem was given by goatman.  

But for anyone else that reads this forum please take a look at jbigg's post aswell

Commented:
Lord Mainframe,

I'm glad things worked out for you.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.