ADPrep /forestPrep fails preparing Win2K domain for Win2K3 DC's
Posted on 2005-03-14
I have a domain with three Win2KSP4 Domain controllers: Server1 is a DC/DNS AD Int with all FSMO roles and is the global catalog server. Server 2 and 3 are both DC/DNS AD Int. I took Server1 offline to run ADPrep /forestprep after running DCDiag, etc. to pre-verify readiness. After booting and running ADPrep /forestPrep form the Win2K3 CD, it updated the schema but stopped the process without returning the schema to it's original state. I don't have a good system state from Server1 to restore AD from. I am not sure if this is part of the issue but, but Server1 is the only DC that was upgraded from NT to 2000.
I attempted the same process in our test area with litlle trouble in comparison (only a small DNS issue fixed with help from dnslint.exe) and successfully added a Win2K3 DC to our test domain.
It seems at this point my only option is to use ntdsutil and asdiedit to seize the roles, GCS and clean up the failed DC data from AD. However, if I have other options, I'd like to hear them. Below I will include abbreviated output of the ADPrep.log and the schupgr.log. Thanks in advance for any assistance.
Adprep was about to call the following LDAP API. ldap_search_s(). The base
entry to start the search is
LDAP API ldap_search_s() finished, return code is 0x20
Adprep successfully determined whether Microsoft Windows Services for UNIX
(SFU) is installed or not. If adprep detected SFU, adprep also verified that
Microsoft hotfix Q293783 for SFU has been applied.
Adprep was unable to upgrade the schema on the schema master.
[Status/Consequence] The schema will not be restored to its original state.
[User Action] Check the Ldif.err log file in the
C:\WINNT\system32\debug\adprep\logs\20050311143717 directory for detailed
Adprep was unable to update forest-wide information. [Status/Consequence]
Adprep requires access to existing forest-wide information from the schema
master in order to complete this operation. [User Action] Check the log
file, Adprep.log, in the C:\WINNT\system32\debug\adprep\logs\20050311143717
directory for more information.
Opened Connection to VABEACH5 SSPI Bind succeeded Found Naming Context
DC=vb,DC=vdh,DC=virginia,DC=gov Found Naming Context
CN=Schema,CN=Configuration,DC=vb,DC=vdh,DC=virginia,DC=gov Found Naming
Context CN=Configuration,DC=vb,DC=vdh,DC=virginia,DC=gov Current Schema
Version is 13 Upgrading schema to version 30 ERROR: Failed to transfer the
schema FSMO role: 52 (Unavailable). If the error code is "Insufficient
Rights", make sure you are logged in as a member of the schema admin group.