adprep /forestprep There is a schema conflict with Exchange 2000

Hi Guys,

I'm adding a new windows 2k3 server to my 2k windows domain i want the new server to be a DC

When i ran /forestprep i got the follwing error

"Adprep was unable to extend the schema.
[Status/Consequence]
There is a schema conflict with Exchange 2000. The schema is not updated.
[User Action]
The schema conflict must be resolved before running adprep. Resolve the schema conflict, allow the change to replicate between all replication partners, and then run Adprep. For information on resolving the conflict, see Microsoft Knowledge
Base article Q325379."

I have a windows 2000 SP4 server which is the main domain controller as well as the schema master
I have a separate windows 2000 SP4 server which has exchange 2000 and is a BDC
I have another Windows 2000 SP4 server which is just a member server
There is windows 2003 server SP1 which is just a member server no AD in it.
And the new windows 2003 SP1 server which I want to make a DC

After i got the above error i did some reading and found some articles covering from InetOrgPerson to Mangled Attributes in windows 2000 forest

Here is what I have tried

Microsoft Article ID : 324392
Enhancements to Adprep.exe in Windows Server 2003 Service Pack 1 and in hotfix 324392

I'm using what i beleive is the latest adprep from the windows server 2003 SP1 Disc

adprep.exe 432KB (442,880bytes) March 25 2005 7:00:00 AM
the error message directs me to see article Q325379 which is no longer available instead shows article 324392
I read this article from beginning to end and do not see a solution other that running InetOrgPerson Fix.


Microsoft Article ID : 314649
Windows Server 2003 adprep/forestprep command causes mangled attributes in windows 2000 forest containing exchange 2000 servers
 
In this article there were three scenarios and i tried number 2 and 3 here is what microsoft said in the 2 scenarios I'm not sure if i'm doing something wrong with this procedures or if there is something wrong elsewhere but i still get the same original error.

I don't even see any records being mangled in the schema

Any help would appreciated.

Wilson J

********************************************************************************************************************************************************************************************************************
Microsoft Article ID : 314649

Scenario 2: Exchange 2000 Schema Changes Are Installed Before You Run the Windows Server 2003 adprep /forestprep Command
If Exchange 2000 schema changes have already been installed, but you have not run the adprep /forestprep command in Windows Server 2003, consider the following action plan: 1. Log on to the console of the schema operations master by using an account that is a member of the schema administrators enterprise administrators groups.  
2. Enable Schema Updates on the schema master. For additional information about how to permit updates to the Active Directory schema, click the following article number to view the article in the Microsoft Knowledge Base:
285172 (http://support.microsoft.com/kb/285172/EN-US/) Schema Updates Require Write Access to Schema in Active Directory  
3. Click Start, click Run, type notepad.exe, and then click OK.
4. Copy the following text that appears between [start copy here] and [end copy here] (including the trailing "-" characters), and then paste this text into Notepad.

[start copy here]
dn: CN=ms-Exch-Assistant-Name,CN=Schema,CN=Configuration,DC=X
changetype: Modify
replace: lDAPDisplayName
lDAPDisplayName: msExchAssistantName
-

dn: CN=ms-Exch-LabeledURI,CN=Schema,CN=Configuration,DC=X
changetype: Modify
replace: lDAPDisplayName
lDAPDisplayName: msExchLabeledURI
-

dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=X
changetype: Modify
replace: lDAPDisplayName
lDAPDisplayName: msExchHouseIdentifier
-

dn:
changetype: Modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
[end copy here]
5. Save the contents of the Notepad file as %systemdrive%\IOP\Inetorgpersonprevent.ldf (where %systemdrive% is the logical drive that is hosting the Windows 2000 operating system and \IOP is a folder that you create in the Save dialog box of Notepad. Quit Notepad.
6. Run the InetOrgPersonPrevent.ldf script: a.  Click Start, click Run, type cmd, and then click OK.
b.  At a command prompt, type :
cd %systemdrive%\iop
and then press ENTER.
c.  Type the following command:
ldifde -i -f inetorgpersonprevent.ldf -v -c DC=X "dn path for forest root domain"
where X is a case-sensitive constant and dn path for forest root domain is the domain name path for the root domain of the forest enclosed in quotation marks ("dc=corp,dc=tailspintoys,dc=com") is the domain name path for the root domain of the forest. (Include the quotation marks.) Press ENTER.
 
7. Verify that the LDAPDisplaynames for the CN=ms-Exch-Assistant-Name, the CN=ms-Exch-LabeledURI, and the CN=ms-Exch-House-Identifier attributes in the schema naming context now appear as msExchAssistantName, msExchLabeledURI, and msExchHouseIdentifier before you run the Windows Server 2003 adprep /forestprep command.
8. Run the adprep /forestprep command and the /domainprep command.

For more information, view the "Overview: Upgrading Windows 2000 Domain Controllers to Windows Server2003" section of the following Microsoft Knowledge Base article:
325379 (http://support.microsoft.com/kb/325379/) How to Upgrade Windows 2000 Domain Controllers to Windows Server 2003  


********************************************************************************************************************************************************************************************************************

Scenario 3: You Did Not Run InetOrgPersonfix Before You Ran the Windows Server 2003 adprep /forestprep Command
If you run the Windows Server 2003 adprep /forestprep command in a Windows 2000 forest that contains the Exchange 2000 schema changes, the LdapDisplayname attributes for houseIdentier, Secretary, and labeledURI become mangled. To identify mangled names, use Ldp.exe to locate the affected attributes: 1. Install Ldp.exe from the Support\Tools folder of the Windows 2000 or the Windows Server 2003 media.  
2. Start Ldp.exe from a domain controller or a member computer in the forest. a.  On the Connection menu, click Connect, leave the Server box empty, type 389 in the Port box, and then click OK.
b.  On the Connection menu, click Bind, leave all the boxes empty, and then click OK.
 
3. Record the distinguished name path for the SchemaNamingContext attribute.

For example, for a domain controller in the CORP.ADATUM.COM forest, the distinguished name path would be CN=Schema,CN=Configuration,DC=corp,DC=adatum,DC=com.
4. On the Browse menu, click Search.
5. Configure the following settings: • Base DN: Type the distinguished name path for the schema naming context that is identified in step 3.
• Filter: Type (ldapdisplayname=dup*).
• Scope: Click Subtree.
 
6. Mangled HouseIdentifier, Secretary, and LabeledURI attributes have LDAPDisplayName attributes that are similar to the following format:
lDAPDisplayName: DUP-labeledURI-9591bbd3-d2a6-4669-afda-48af7c35507d;
lDAPDisplayName: DUP-secretary-c5a1240d-70c0-455c-9906-a4070602f85f
lDAPDisplayName: DUP-houseIdentifier-354b0ca8-9b6c-4722-aae7-e66906cc9eef
If the LDAP Display names for LabeledURI, Secretary and HouseIdentifier were mangled, run the Windows Server 2003 InetOrgPersonfix.ldf script to recover:a.  Create a folder named %Systemdrive%\IOP, and then extract the InetOrgPersonfix.ldf file to this folder.  
b.  At a command prompt, type cd %systemdrive%\iop, and then press ENTER.
c.  Extract the InetOrgPersonfix.ldf file from the Support.cab file that is located in the Support\Tools folder of the Windows Server 2003 installation media.
d.  From the console of the schema operations master, load the InetOrgPersonfix.ldf file by using Ldifde.exe to correct the LdapDisplayName attribute of the houseIdentifier, the Secretary, and the labeledURI attributes. To do this, type the following command, where X is a case-sensitive constant and dn path for forest root domain is the domain name path for the root domain of the forest wrapped in quotation marks:
ldifde -i -f inetorgpersonfix.ldf -v -c DC=X "dn path for forest root domain"
 
7. Verify that the houseIdentifier, the Secretary, and the labeledURI attributes in the schema naming context are not mangled.
8. Use Winnnt32.exe to upgrade the Windows 2000 domain controllers.

For additional information about how to upgrade a Windows 2000 domain controller with Winnt32.exe, click the following article number to view the article in the Microsoft Knowledge Base:
325379 (http://support.microsoft.com/kb/325379/EN-US/) How to Upgrade Windows 2000 Domain Controllers to Windows Server 2003  

**********************************************************************************************************
**********************************************************************************************************

WilsonJAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ron MalmsteadInformation Services ManagerCommented:
Sounds to me like your two DC's are not replicating properly.
Check your event logs on both DC's for AD replication errors.

Check your Active directory sites and services snap-in for any problems.
tonyteriCommented:
Exactly as above the issues are replication issues.  I had this issue once and what I did was assured that the 2 could reach each other via dns

WilsonJAuthor Commented:
Well I think we are in the right track here, when i checked the event log on the BDC this what i got (read below) there are no events regarding file replication errors on the PDC.

I need some guidance on how to force a replication and diagnose that everything is correct on both domain controllers, i'm not sure what are the steps to follow.

Thanks for your help

******************
My event log in the BDC
******************

The File Replication Service is having trouble enabling replication from PDC to BDC C:\winnt\sysvol\domain using the DNS name PDCSERVERNAME.domainname.com. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name PDCSERVERNAME.domainname.com. from this computer.
 [2] FRS is not running on PDCSERVERNAME.domainname.com..
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

Joseph NyaemaIndependednt ConsultantCommented:
Make sure that the first defined DNS Server setting in TCP/IP Settings
points to an internal DNS server (Windows 2000 DC)

Make sure domainname.com exists and is active directory integrated.
Make sure that domainname.com accepts dynamic updates.

On each DC do the following

start->run

IPConfig /All                                       (Confirm first DNS Server IP)

IPConfig /FlushDNS
IPConfig /RegisterDNS

net stop netlogon
net start netlogon


Force replication by using The "Active Directory Sites and Services" snap in.
Expand "Default-First-Site-Name"->Servers->ServerName->NTDS Settings

Right Click on "NTDS Setting"
Click on Check Replication Topology.

On the "NTDS Settings" Object
Right click on "<automatically generated>"
and select "replicate now"

Repeat for other servers in the site.

Then run the InetOrgPersonfix tool
Then the updated ADPrep /Forestprep
and ADPrep /DomainPrep
rajeshgkamathCommented:
Hi,

I faced a problem once of AD replication between 2 DCs and in that case the DNS and the name resolution was working perfectly fine. So even if DNS is fine sometimes AD replication issues arise if the secure channel between the DCs is broken. In my case that was the problem, following solution worked for me. It restores the secure channel between DCs and then initiates the AD replication.

-->Stop KDC service
-->Disable KDC service
-->Reboot server
-->Execute following command
netdom resetpwd /server:<servername> /userd:<domain\user> /passwordd:<password>
-->Reboot server
-->Set KDC to automatic
-->Start KDC

Netdom.exe is available on W2K3 CD or download it from internet.
 
Refer: http://support.microsoft.com/default.aspx?scid=kb;en-us;288167
WilsonJAuthor Commented:
First I want to thank everybody who is participating in helping me resolve this issue.
and i'm sorry for my slow response but there was a lot to test, to try and to of course document.

Lots of reading guys :0

I tried your suggestion  (Nyaema)

****Make sure that the first defined DNS Server setting in TCP/IP Settings ****
****points to an internal DNS server (Windows 2000 DC)******

Here is the TCP/IP configuration of the main DC i'm a bit counfused with the cofiguration. I have two NIC's enable

The main server has a fix IP as it should .
First NIC
IP       192.168.1.2
SM     255.255.255.0
DG      192.168.1.1 (which is my firewall router)

This is the confusing part for me. the Primary DNS Server is pointing to 127.0.0.1 and there is nothing on the Secondary DNS
I'm not sure but this setting must be correct since I have never change anything and everything else is working fine.

Second NIC
IP       10.0.0.1
SM      255.255.255.0
DG      192.168.1.1
PDNS  127.0.0.1

On the other DC the one wth Exchange 2000 here are the settings
Only one NIC enable

IP       192.168.1.3
SM     255.255.255.0
DG     192.168.1.1
PDNS 192.168.1.3 why is it pointing to itself ?????????????????         Again this setting has never change

*******************************************************
*******************************************************
On your second suggestion.

****Make sure domainname.com exists and is active directory integrated.
****Make sure that domainname.com accepts dynamic updates.

I checked  the DNS settings and look into the forward lookup zones the name of our domain is there the type is ActiveDirectory-Integrated, the Status is Active.
In the Accept dynamic updates is set to Only Secure Updates.

*****Then I ran the other 8 steps*****

IPConfig /FlushDNS
IPConfig /RegisterDNS
net stop netlogon
net start netlogon
Force replication
Check Replication Topology.
On the "NTDS Settings" Object
Right click on "<automatically generated>"
and select "replicate now"
Repeat for other servers in the site.


Everything worked without errors BUT

When I tried to run the InetOrgPersonFix tool I'm getting an error and there are no mangle records.  Below are the errors i got,
i'm not sure if i'm making a mistake in the syntax of the Schema Name Context i ran it in different ways as you will see below
One thing i noticed since i was not sure if the syntax was right i put a period at the end of the schema context inside the quotes and that gave me an error of (Add error on line 3: Referral) and when i did not use the period i got an (Add error on line 3: No Such Object)

I use the instructions on Microsoft Article 314649 to run the inetorgpersonfix.ldf page 3 specifies the command

I hope this can give you guys a better idea of what's happening.

If the syntax is correct and there are no mangled records then I would try what rajeshgkamath has suggested the only problem is that i don't think i'll be able to reboot the server until tonight, or i might have to wait for the weekend.

One more thing i noticed is that, when i update and forced the replication i checked the event viewer in both servers and there are no new logs telling me that it is running or that it is NOT. That was a bit frustrating.


Again Thanks for your help.






Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator>CD\

C:\>CD IOP

C:\Iop>ldifde -i -f inetorgpersonfix.ldf -v -c DC=X "DC=servername,DC=domainname,DC=com"
Connecting to "servername.domainname.com"
Logging in as current user using SSPI
Importing directory from file "inetorgpersonfix.ldf"
Loading entries
1: CN=secretary,CN=Schema,CN=Configuration,DC=servername,DC=domainname,DC=com

Add error on line 3: No Such Object
The server side error is "Directory object not found."
0 entries modified successfully.
An error has occurred in the program

C:\Iop>ldifde -i -f inetorgpersonfix.ldf -v -c DC=X "DC=servername,DC=domainname,DC=com."
Connecting to "servername.domainname.com"
Logging in as current user using SSPI
Importing directory from file "inetorgpersonfix.ldf"
Loading entries
1: CN=secretary,CN=Schema,CN=Configuration,DC=servername,DC=domainname,DC=com.

Add error on line 3: Referral
The server side error is "A referral was returned from the server."
0 entries modified successfully.
An error has occurred in the program

C:\Iop>ldifde -i -f inetorgpersonfix.ldf -v -c DC=X "DC=domainname,DC=com."
Connecting to "servername.domainname.com"
Logging in as current user using SSPI
Importing directory from file "inetorgpersonfix.ldf"
Loading entries
1: CN=secretary,CN=Schema,CN=Configuration,DC=domainname,DC=com.

Add error on line 3: Referral
The server side error is "A referral was returned from the server."
0 entries modified successfully.
An error has occurred in the program

C:\Iop>ldifde -i -f inetorgpersonfix.ldf -v -c DC=X "CN=secretary,CN=Schema,CN=C
onfiguration,DC=servername,DC=domainname,DC=com."
Connecting to "servername.domainname.com"
Logging in as current user using SSPI
Importing directory from file "inetorgpersonfix.ldf"
Loading entries
1: CN=secretary,CN=Schema,CN=Configuration,CN=secretary,CN=Schema,CN=Configurati
on,DC=servername,DC=domainname,DC=com.

Add error on line 3: Referral
The server side error is "A referral was returned from the server."
0 entries modified successfully.
An error has occurred in the program

C:\Iop>ldifde -i -f inetorgpersonfix.ldf -v -c DC=X "CN=secretary,CN=Schema,CN=C
onfiguration,DC=servername,DC=domainname,DC=com"
Connecting to "servername.domainname.com"
Logging in as current user using SSPI
Importing directory from file "inetorgpersonfix.ldf"
Loading entries
1: CN=secretary,CN=Schema,CN=Configuration,CN=secretary,CN=Schema,CN=Configurati
on,DC=servername,DC=domainname,DC=com

Add error on line 3: No Such Object
The server side error is "Directory object not found."
0 entries modified successfully.
An error has occurred in the program

C:\Iop>ldifde -i -f inetorgpersonfix.ldf -v -c DC=X "CN=secretary,CN=Schema,CN=Configuration,DC=servername,DC=domainname,DC=com"
Connecting to "servername.domainname.com"
Logging in as current user using SSPI
Importing directory from file "inetorgpersonfix.ldf"
Loading entries
1: CN=secretary,CN=Schema,CN=Configuration,CN=secretary,CN=Schema,CN=Configuration,DC=servername,DC=domainname,DC=com

Add error on line 3: No Such Object
The server side error is "Directory object not found."
0 entries modified successfully.
An error has occurred in the program

C:\Iop>ldifde -i -f inetorgpersonfix.ldf -v -c DC=X "CN=Schema,CN=Configuration,
DC=servername,DC=domainname,DC=com"
Connecting to "servername.domainname.com"
Logging in as current user using SSPI
Importing directory from file "inetorgpersonfix.ldf"
Loading entries
1: CN=secretary,CN=Schema,CN=Configuration,CN=Schema,CN=Configuration,DC=servernameL,DC=domainname,DC=com

Add error on line 3: No Such Object
The server side error is "Directory object not found."
0 entries modified successfully.
An error has occurred in the program

C:\Iop>
Joseph NyaemaIndependednt ConsultantCommented:
Hi Wilson J,

The DNS settings are set to point to self because the Server is a DC and holds
a copy of a active directory integrated zone.

To avoid replication probelms do the following
Change the DNS settings on the The main server as follows .
First NIC
IP       192.168.1.2
SM     255.255.255.0
DG      192.168.1.1 (which is my firewall router)
PDNS  192.168.0.2

Second NIC
IP       10.0.0.1
SM      255.255.255.0
DG      192.168.1.1
No DNS
Disable the "Register this connections addresses in DNS" in Advanced->DNS
(This could have been the cause of replication problems
because 10.0.0.1 is the registered host name in DNS for the primar server.
Look for the host record with 10.0.0.1 in DNs and delete it.

On the other DC the one wth Exchange 2000 point it to the Main Server
IP       192.168.1.3
SM     255.255.255.0
DG     192.168.1.1
PDNS 192.168.1.2


You are entering the wrong parameters for the ldifde command
C:\Iop>ldifde -i -f inetorgpersonfix.ldf -v -c DC=X "DC=servername,DC=domainname,DC=com"

Servername should not be included in the domain parameter.
The correct command line should look like this...

C:\Iop>ldifde -i -f inetorgpersonfix.ldf -v -c DC=X "DC=domainname,DC=com"


Joseph NyaemaIndependednt ConsultantCommented:
After running the other 8 steps

Set the DCs to point to each other

First NIC
IP       192.168.1.2
SM     255.255.255.0
DG      192.168.1.1 (which is my firewall router)
PDNS  192.168.0.3
SDNS  192.168.0.2

Second NIC
IP       10.0.0.1
SM      255.255.255.0
DG      192.168.1.1
No DNS
Disable the "Register this connections addresses in DNS" in Advanced->DNS
(This could have been the cause of replication problems
because 10.0.0.1 is the registered host name in DNS for the primar server.
Look for the host record with 10.0.0.1 in DNs and delete it.

On the other DC the one wth Exchange 2000 point it to the Main Server
IP       192.168.1.3
SM     255.255.255.0
DG     192.168.1.1
PDNS 192.168.1.2
SDNS  192.168.0.3

If the Primary DNS the secondary is used
The servers point to each other to avoid causing an island.
(that is a situation where the servers only update themselves
and the changes are not replicated to each other)

WilsonJAuthor Commented:
Ok  i did the changes to the tcp/ip and the dns in both DC's

I ran the 8 steps no errors whatsoever

but when get to that inetorgpersonfix.ldf part i get the following error

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator>cd\

C:\>cd iop

C:\Iop>ldifde -i -f inetorgpersonfix.ldf -v -c DC=X "DC=domain,DC=com"
Connecting to "servername.domain.com"
Logging in as current user using SSPI
Importing directory from file "inetorgpersonfix.ldf"
Loading entries
1: CN=secretary,CN=Schema,CN=Configuration,DC=sevillewatch,DC=com

Add error on line 3: No Such Object
The server side error is "Directory object not found."
0 entries modified successfully.
An error has occurred in the program

WHAT AM I DOING WRONG I ENTER THE COMMAND EXACTLY AS YOU WROTE IT.

Jezzz i'm going to go crazy here

I did not follow your second post to have the DC's point to each other since i'm stuck here.

What should i do next ?

WilsonJAuthor Commented:
Just a thought,

Nyaema I'm running the adprep /forestprep command on my main controller not the one running exchange?
i believe this is the correct way to do things, that DC has to be prep first right?

How do i know if the replication is working, I don't have any new logs in the event viewer. On the main DC the last thing I have on the FRS is from 12/5/2005 and on the Second DC the Exchange one the last thing i have is from 12/6/2005 I really don't understand I think i should be seeing some new logs after all the changes i made?

Thanks again for your Help.

WilsonJ

Joseph NyaemaIndependednt ConsultantCommented:
You can ignore the errors If the latest Adprep is running without errors,
you can ignore the ldifde errors
WilsonJAuthor Commented:
That's the problem when i ran the adprep command i'm still getting the same error i'm waiting for the end of the day to see if i could reboot the server tonight, I am going to try what rajeshgkamath suggested, I feel i hit a dead end here.

I will keep keep you guys posted on any changes.

Thanks

WilsonJ
Joseph NyaemaIndependednt ConsultantCommented:
Hi WilsonJ...

Sorry for taking so long to get back to you (Long holiday back here)...

OK Now...

The reason why the inetorgpersonfix.ldf  is bacause we have been using the wrong script!!!

My fault... should have noticed... no harm done though.

We have been using the script to fix mangled attributes instead of the one to prevent them.

The correct script is Inetorgpersonprevent.ldf



You are supposed to do the following to create the correct inetorgperonfix.ldf as per your first scenario.



1. Log on to the console of the schema operations master by using an account that is a member of the schema administrators enterprise administrators groups.  
2. Enable Schema Updates on the schema master. For additional information about how to permit updates to the Active Directory schema, click the following article number to view the article in the Microsoft Knowledge Base:
285172 (http://support.microsoft.com/kb/285172/EN-US/) Schema Updates Require Write Access to Schema in Active Directory  
3. Click Start, click Run, type notepad.exe, and then click OK.
4. Copy the following text that appears between [start copy here] and [end copy here] (including the trailing "-" characters), and then paste this text into Notepad.


[start copy here]
dn: CN=ms-Exch-Assistant-Name,CN=Schema,CN=Configuration,DC=X
changetype: Modify
replace: lDAPDisplayName
lDAPDisplayName: msExchAssistantName
-

dn: CN=ms-Exch-LabeledURI,CN=Schema,CN=Configuration,DC=X
changetype: Modify
replace: lDAPDisplayName
lDAPDisplayName: msExchLabeledURI
-

dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=X
changetype: Modify
replace: lDAPDisplayName
lDAPDisplayName: msExchHouseIdentifier
-

dn:
changetype: Modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
[end copy here]



5. Save the contents of the Notepad file as %systemdrive%\IOP\Inetorgpersonprevent.ldf (where %systemdrive% is the logical drive that is hosting the Windows 2000 operating system and \IOP is a folder that you create in the Save dialog box of Notepad. Quit Notepad.
6. Run the InetOrgPersonPrevent.ldf script: a.  Click Start, click Run, type cmd, and then click OK.
b.  At a command prompt, type :
cd %systemdrive%\iop
and then press ENTER.
c.  Type the following command:

ldifde -i -f inetorgpersonprevent.ldf -v -c DC=X "DC=sevillewatch,DC=com"


Once again, please accept my apology for missing that.



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
WilsonJAuthor Commented:
NYAEMA

I really don't know how to thank you, forget about being late, it was worth the wait.

I dont know if i'm gonna run into problems later on, but the command adprep /forestprep is running as i'm typing this.

I couldn't wait to say THANK YOU.


WilsonJ
Joseph NyaemaIndependednt ConsultantCommented:
You're welcome WilsonJ =)
mbrenesCommented:
I want to thank you too. Today this works for me!
phylaxictCommented:
This also worked for me. Thanks a lot
ddameoCommented:
Worked for me, too. I can't believe I missed this one. Thanks!
KOTiSCommented:
Worked perfectly... You saved me hours of searching... Thank you!!!
MiJaMuCommented:
This is exactly what i needed.  THANK YOU!!!
itbasementCommented:
one extra thing which may help people,
this worked for me other then the fact that i needed to allow schema updates in registry
without it, it didnt work.
To Enable Schema Updates by Means of the Registry:
It is not recommended to enable schema updates by directly editing the "Schema Update Allowed" registry key. Schema updates should be enabled through the console method, whenever possible. If for some reason the console method cannot be used, the following registry key may be edited directly:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

To directly edit this registry key, perform the following steps:
Click Start, click Run, and then in the Open box, type:

regedit

Then press ENTER.
Locate and click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
On the Edit menu, click New, and then click DWORD Value.
Enter the value data when the following registry value is displayed:
Value Name: Schema Update Allowed
Data Type: REG_DWORD
Base: Binary
Value Data: Type 1 to enable this feature, or 0 (zero) to disable it.
Quit Registry Editor.
The schema may now be updated on the domain controller that holds the schema operations
jamie177Commented:
This solution was spot on!  The inetorgpersonprevent.ldf file fixed my issue and I'm happily running adprep /forestprep on this crusty old Windows 2000 network so I can DCPROMO some 2008 DCs!  Woooo hooo, I love Experts Exchange!

Thanks to all who contributed to the solution!
CharlieShirkCommented:
I have tried the suggested methods, except the Inetorgpersonprevent. That is next on my list to do.
My issue is that exchange has been removed from the server completely but still in the AD some where as i still get the error with trying to run adprepd /forestprep telling me that Exchange schema conflict. This is driving me nuts?
itwarlordSenior Engineer/OwnerCommented:
This solution has helped me with migratiing from win2K exchange 5.5 to w2k3 exhange 2003.  It rocks!
neamuserCommented:
Thank you so much Nyaema! It worked for me!!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Languages and Standards

From novice to tech pro — start learning today.