Were running adprep on our Windows 2000 domain controller, so we can add a 2003 domain controller into a child domain.
adprep /forestprep ran with no problems, everything completed successfully.
adprep /domainprep produced the following error:
This is the error returned at the command prompt:
Adprep was unable to modify some attributes on object DC=XXX(editedout) ,DC=LOCAL.
Check the log file Adprep.log in the system root System32\Debug\Adprep\Logs directory for more information.
Adprep encountered an LDAP error.
Error code: 0x32. Server extended error code: 0x2098, Server error message: 00002098: SecErr: DSID-03150646, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Adprep was unable to update domain-wide information.
Adprep requires access to existing domain-wide information from the infrastructure master in order to complete this operation.
Check the log file, Adprep.log, in the C:\WINNT\system32\debug\adprep\logs\20041023155507 directory for more information.
I've verified that the administrator account is a member of domain admins, schema admins, and enterprise admins. I'm not sure where the insuffcient rights part of that is coming from.
Anyone have any ideas why forestprep ran fine, but domain prep errored out?