localrich
asked on
Adprep /domainprep
ok so I have read all the posts on here about this and it still will not finish. I have a problem though there is nol onger a win2k dc in the site. It crashed and I'm awaitng replacement parts from dell. We currently have a 2003 DC up and running with Exchange 2003 on it and thankfully it had all the roles transfered to it. I would like to promote one of the 2003 servers to be an DC but domain prep will not run. Below is a copy of the log.
Adprep created the log file ADPrep.log under C:\WINDOWS\system32\debug\
Adprep copied file C:\I386\schema.ini from installation point to local machine under directory C:\WINDOWS.
Adprep successfully made the LDAP connection to the local domain controller CALLAHAN-EX01.
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
LDAP API ldap_search_s() finished, return code is 0x0
Adprep successfully retrieved information from the local directory service.
Adprep successfully initialized global variables.
[Status/Consequence]
Adprep is continuing.
Domain-wide information has already been updated.
[Status/Consequence]
Adprep did not attempt to rerun this operation.
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=446f24ea-cfd5-4c52-8346
LDAP API ldap_search_s() finished, return code is 0x0
Adprep checked to verify whether operation cn=446f24ea-cfd5-4c52-8346
[Status/Consequence]
The operation GUID already exists so Adprep did not attempt to rerun this operation but is continuing.
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=51cba88b-99cf-4e16-bef2
LDAP API ldap_search_s() finished, return code is 0x20
Adprep verified the state of operation cn=51cba88b-99cf-4e16-bef2
[Status/Consequence]
The operation has not run or is not currently running. It will be run next.
I did dbl check all the permissions and dns ect.
Do i need a w2k dc in place for this to work?
Adprep created the log file ADPrep.log under C:\WINDOWS\system32\debug\
Adprep copied file C:\I386\schema.ini from installation point to local machine under directory C:\WINDOWS.
Adprep successfully made the LDAP connection to the local domain controller CALLAHAN-EX01.
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
LDAP API ldap_search_s() finished, return code is 0x0
Adprep successfully retrieved information from the local directory service.
Adprep successfully initialized global variables.
[Status/Consequence]
Adprep is continuing.
Domain-wide information has already been updated.
[Status/Consequence]
Adprep did not attempt to rerun this operation.
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=446f24ea-cfd5-4c52-8346
LDAP API ldap_search_s() finished, return code is 0x0
Adprep checked to verify whether operation cn=446f24ea-cfd5-4c52-8346
[Status/Consequence]
The operation GUID already exists so Adprep did not attempt to rerun this operation but is continuing.
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=51cba88b-99cf-4e16-bef2
LDAP API ldap_search_s() finished, return code is 0x20
Adprep verified the state of operation cn=51cba88b-99cf-4e16-bef2
[Status/Consequence]
The operation has not run or is not currently running. It will be run next.
I did dbl check all the permissions and dns ect.
Do i need a w2k dc in place for this to work?
adprep is used only the first time and not during introduction of every DC.
if you promote the Dc without the adprep what is the message it give ya.
if you promote the Dc without the adprep what is the message it give ya.
ASKER
yes it is a win2k3 r2
well it keeps telling me that i need to run adprep when I try to dcpromo it, I understand it's just the first time. There was a 2k DC that crashed and a 2k3 r1 DC that had all the roles on it and exchange, it is still working but i can not dcpromo any other 2k3 servers in the domain they all say that i need to run adprep which is not completing.
well it keeps telling me that i need to run adprep when I try to dcpromo it, I understand it's just the first time. There was a 2k DC that crashed and a 2k3 r1 DC that had all the roles on it and exchange, it is still working but i can not dcpromo any other 2k3 servers in the domain they all say that i need to run adprep which is not completing.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
run it from the cd did forestprep first completed successfully then ran domainprep and here is the log file
Adprep created the log file ADPrep.log under C:\WINDOWS\system32\debug\
Adprep copied file c:\ADPREP\schema.ini from installation point to local machine under directory C:\WINDOWS.
Adprep successfully made the LDAP connection to the local domain controller CALLAHAN-EX01.
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
LDAP API ldap_search_s() finished, return code is 0x0
Adprep successfully retrieved information from the local directory service.
Adprep successfully initialized global variables.
[Status/Consequence]
Adprep is continuing.
Domain-wide information has already been updated.
[Status/Consequence]
Adprep did not attempt to rerun this operation.
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=446f24ea-cfd5-4c52-8346
LDAP API ldap_search_s() finished, return code is 0x0
Adprep checked to verify whether operation cn=446f24ea-cfd5-4c52-8346
[Status/Consequence]
The operation GUID already exists so Adprep did not attempt to rerun this operation but is continuing.
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=51cba88b-99cf-4e16-bef2
LDAP API ldap_search_s() finished, return code is 0x20
Adprep verified the state of operation cn=51cba88b-99cf-4e16-bef2
[Status/Consequence]
The operation has not run or is not currently running. It will be run next.
Adprep created the log file ADPrep.log under C:\WINDOWS\system32\debug\
Adprep copied file c:\ADPREP\schema.ini from installation point to local machine under directory C:\WINDOWS.
Adprep successfully made the LDAP connection to the local domain controller CALLAHAN-EX01.
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
LDAP API ldap_search_s() finished, return code is 0x0
Adprep successfully retrieved information from the local directory service.
Adprep successfully initialized global variables.
[Status/Consequence]
Adprep is continuing.
Domain-wide information has already been updated.
[Status/Consequence]
Adprep did not attempt to rerun this operation.
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=446f24ea-cfd5-4c52-8346
LDAP API ldap_search_s() finished, return code is 0x0
Adprep checked to verify whether operation cn=446f24ea-cfd5-4c52-8346
[Status/Consequence]
The operation GUID already exists so Adprep did not attempt to rerun this operation but is continuing.
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=51cba88b-99cf-4e16-bef2
LDAP API ldap_search_s() finished, return code is 0x20
Adprep verified the state of operation cn=51cba88b-99cf-4e16-bef2
[Status/Consequence]
The operation has not run or is not currently running. It will be run next.
let me just clarify - this is from the R2 disc location showed above yes?
ASKER
yes fron the 2nd R2 cd
ah crap, i have no idea how to resolve this, i have seen one other answer and netman66 was able to help him role back the schema to the old level and rerun the updates
ASKER
LOL that's why I posted it up i've tried everything that I can think of and find on the net.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry... it's Advanced Features.
You'll find that GUID under System>DomainUpdates>Opera
It's critical that your Group Policies DO NOT deny or exclude any of the default groups or default permissions. What you are seeing is the end result of denying or removing permissions from one (or more) of the GPOs so they don't apply to certain Administrative Groups. This is not the right way to filter them. Always leave the default permissions on all GPOs. The only exception is when you do not want a policy (other than the Default policies) to APPLY to everyone, but rather be filtered out. In this case you simply uncheck the box beside Authenticated Users for Apply Group Policy underneath the Allow column.
If you find that permissions are not correct, the best thing to do to check them all is to create a new GPO and do not make any changes to the content or the Security. Open up the ACL and write down what the default Security permissions are for each group. Use this list to check the rest.
The most critical thing is that those 3 admin groups (and maybe a 4th) are granted the MINIMUM of Read. They are as follows: Administrators (Domain\Administrators), Domain Admins, Enterprise Admins and SYSTEM.
You'll find that GUID under System>DomainUpdates>Opera
It's critical that your Group Policies DO NOT deny or exclude any of the default groups or default permissions. What you are seeing is the end result of denying or removing permissions from one (or more) of the GPOs so they don't apply to certain Administrative Groups. This is not the right way to filter them. Always leave the default permissions on all GPOs. The only exception is when you do not want a policy (other than the Default policies) to APPLY to everyone, but rather be filtered out. In this case you simply uncheck the box beside Authenticated Users for Apply Group Policy underneath the Allow column.
If you find that permissions are not correct, the best thing to do to check them all is to create a new GPO and do not make any changes to the content or the Security. Open up the ACL and write down what the default Security permissions are for each group. Use this list to check the rest.
The most critical thing is that those 3 admin groups (and maybe a 4th) are granted the MINIMUM of Read. They are as follows: Administrators (Domain\Administrators), Domain Admins, Enterprise Admins and SYSTEM.
One more addition to the last line of the post above - those groups *should* have Full Control - otherwise, changes cannot be made.
If all that fails....
Please post this log: schupgr.log
Please post this log: schupgr.log
ASKER
OK, i can not find that GUID anywhere.
All the Group polices are the standard out of the box so only one "Default Domain Policy"
LOG FILE BELOW
Opened Connection to CALLAHAN-EX01
SSPI Bind succeeded
Found Naming Context DC=CALLAHAN,DC=CALLAHAN-LA
Found Naming Context CN=Schema,CN=Configuration
Found Naming Context CN=Configuration,DC=CALLAH
Current Schema Version is 30
Upgrading schema to version 31
The command line passed to ldifde is C:\WINDOWS\system32\ldifde
THANKS FOR ALL THE HELP EVERYONE!!!!
All the Group polices are the standard out of the box so only one "Default Domain Policy"
LOG FILE BELOW
Opened Connection to CALLAHAN-EX01
SSPI Bind succeeded
Found Naming Context DC=CALLAHAN,DC=CALLAHAN-LA
Found Naming Context CN=Schema,CN=Configuration
Found Naming Context CN=Configuration,DC=CALLAH
Current Schema Version is 30
Upgrading schema to version 31
The command line passed to ldifde is C:\WINDOWS\system32\ldifde
THANKS FOR ALL THE HELP EVERYONE!!!!
This GUID: 51cba88b-99cf-4e16-bef2-c4
cannot be found in Active Directory Users and Computers with Advanced Features checked in the View menu?
It should be under System>DomainUpdates>Opera
If you don't see this, then check another DC by changing the focus of ADUC to connect to another DC. If it shows up on another DC, then you have an inconsistent SYSVOL and replication is probably not working properly.
cannot be found in Active Directory Users and Computers with Advanced Features checked in the View menu?
It should be under System>DomainUpdates>Opera
If you don't see this, then check another DC by changing the focus of ADUC to connect to another DC. If it shows up on another DC, then you have an inconsistent SYSVOL and replication is probably not working properly.
ASKER
That's probably the problem, the other DC crashed and the parts for it should be here today or tommorow, but it has to be rebuilt since it was the raid controller/backplane. I have come to the conclusion that the preivous I.T. Manager did not create any backups and he was only backing up data :(
So am I out of luck?
So am I out of luck?
Not necessarily.
You need to find the 5 FSMO roles and check to see if this DC is a Global Catalog. Let me know if you can find them all.
http://support.microsoft.com/kb/255690/en-us
Now, you won't be able to transfer any roles, but we need to determine what is located where.
You had more than one DC - right?
You need to find the 5 FSMO roles and check to see if this DC is a Global Catalog. Let me know if you can find them all.
http://support.microsoft.com/kb/255690/en-us
Now, you won't be able to transfer any roles, but we need to determine what is located where.
You had more than one DC - right?
ASKER
it is a GC and it has all five roles
we had two DC's one 2k and one 2k3 with exchange 03
the 2k DC crashed and is inop
we had two DC's one 2k and one 2k3 with exchange 03
the 2k DC crashed and is inop
Well...if that GUID is not there and domainprep doesn't finish properly because of this, then you'll need to get the other server up and running.
After the correct forestprep was run are you able to join the R2 server now?
After the correct forestprep was run are you able to join the R2 server now?
ASKER
I can join the sever to the domain but i can not run dcpromo on it.
So I have to join a 2k server and make it a dc then run adprep? If so time to make a 2k vm I guess aftet lunch.
Thanks for your help.
So I have to join a 2k server and make it a dc then run adprep? If so time to make a 2k vm I guess aftet lunch.
Thanks for your help.
I don't think that will help if the remaining DC doesn't have a complete SYSVOL.
ASKER
So what should I do, there is 55 users and I really don't want to create a new domain and figure out all the problems....
I did not create the 2k server yet it seems the previous I.T. manager decided that he no longer needed the media............. so i need to find my media at home.
I'm almost to the point of calling MS to see if they can help. Just trying to get the approval of funds from the boss who doesn't understand why we need another domain controller.
I did not create the 2k server yet it seems the previous I.T. manager decided that he no longer needed the media............. so i need to find my media at home.
I'm almost to the point of calling MS to see if they can help. Just trying to get the approval of funds from the boss who doesn't understand why we need another domain controller.
Is there no possible way to bring the other server to life long enough to fix this problem?
ASKER
I doubt it since the raid/backplane is being replaced I have to recreate the raid 5 arry and I was told by Dell that with out the emergency cd's it would not boot and I would have to doa complete reinstall. Obvisouly once the part get delivered today I'm going to try to boot it up first.
It woud seem to me that there must be a well this isn't going to work so lets force it way to do this...........
I'll report back in the after the parts install.
It woud seem to me that there must be a well this isn't going to work so lets force it way to do this...........
I'll report back in the after the parts install.
adprep /forestprep is used to update the schema version of a win2k to be compatible with windows 2003 schema. the domain prep for upgrade to a 2k3 domain. so incase you already have a window 2003 Dc then its already on the higher schema level and the domain already has a 2k3 Dc.