rsoxhater
asked on
Windows 2000 adprep /domainprep error
Were running adprep on our Windows 2000 domain controller, so we can add a 2003 domain controller into a child domain.
adprep /forestprep ran with no problems, everything completed successfully.
adprep /domainprep produced the following error:
This is the error returned at the command prompt:
Adprep was unable to modify some attributes on object DC=XXX(editedout) ,DC=LOCAL.
[User Action]
Check the log file Adprep.log in the system root System32\Debug\Adprep\Logs
Adprep encountered an LDAP error.
Error code: 0x32. Server extended error code: 0x2098, Server error message: 00002098: SecErr: DSID-03150646, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
.
Adprep was unable to update domain-wide information.
[Status/Consequence]
Adprep requires access to existing domain-wide information from the infrastructure master in order to complete this operation.
[User Action]
Check the log file, Adprep.log, in the C:\WINNT\system32\debug\ad
-----------------------
I've verified that the administrator account is a member of domain admins, schema admins, and enterprise admins. I'm not sure where the insuffcient rights part of that is coming from.
Anyone have any ideas why forestprep ran fine, but domain prep errored out?
Thanks,
Patrick
adprep /forestprep ran with no problems, everything completed successfully.
adprep /domainprep produced the following error:
This is the error returned at the command prompt:
Adprep was unable to modify some attributes on object DC=XXX(editedout) ,DC=LOCAL.
[User Action]
Check the log file Adprep.log in the system root System32\Debug\Adprep\Logs
Adprep encountered an LDAP error.
Error code: 0x32. Server extended error code: 0x2098, Server error message: 00002098: SecErr: DSID-03150646, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
.
Adprep was unable to update domain-wide information.
[Status/Consequence]
Adprep requires access to existing domain-wide information from the infrastructure master in order to complete this operation.
[User Action]
Check the log file, Adprep.log, in the C:\WINNT\system32\debug\ad
-----------------------
I've verified that the administrator account is a member of domain admins, schema admins, and enterprise admins. I'm not sure where the insuffcient rights part of that is coming from.
Anyone have any ideas why forestprep ran fine, but domain prep errored out?
Thanks,
Patrick
stafi
is this account a member of the Enterprise Admins Universal group?
ASKER
Whats the difference? We currently only have one domain that I'm trying to create a child one off of - I'm on the Primary DC and administrator is located in the enteprise admin group - is there another group I'm missing somewhere?
I had very similar errors. Open schema snap-in and make sure that updates enabled on this domain controller.
Maybe you will have to reboot after this.
Maybe you will have to reboot after this.
is the server schema that you are trying to upgrade is main server itself ? where infrastructure master is located ? or is it on another server ?
try to move the infrastructure master to the server where you want to perform the adprep
try to move the infrastructure master to the server where you want to perform the adprep
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
When you bring up active directory snap in you have at the top of the tree domainname.local - I right clicked on it, brought up properties and security and saw that there was no admins in the security setting. I added the domain admin account and gave it full control. Domain prep ran perfect after that.
Thanks for the help and pointing me in the right direction guys.
Thanks for the help and pointing me in the right direction guys.