Solved

Adprep /domainprep

Posted on 2006-06-13
24
1,627 Views
Last Modified: 2012-06-21
ok so I have read all the posts on here about this and it still will not finish. I have a problem though there is nol onger a win2k dc in the site. It crashed and I'm awaitng replacement parts from dell. We currently have a 2003 DC up and running with Exchange 2003 on it and thankfully it had all the roles transfered to it. I would like to promote one of the 2003 servers to be an DC but domain prep will not run. Below is a copy of the log.

Adprep created the log file ADPrep.log under C:\WINDOWS\system32\debug\adprep\logs\20060613115739 directory.



Adprep copied file C:\I386\schema.ini from installation point to local machine under directory C:\WINDOWS.



Adprep successfully made the LDAP connection to the local domain controller CALLAHAN-EX01.



Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).



LDAP API ldap_search_s() finished, return code is 0x0



Adprep successfully retrieved information from the local directory service.



Adprep successfully initialized global variables.
[Status/Consequence]
Adprep is continuing.



Domain-wide information has already been updated.
[Status/Consequence]
Adprep did not attempt to rerun this operation.



Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=446f24ea-cfd5-4c52-8346-96e170bcb912,cn=Operations,cn=DomainUpdates,cn=System,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com.



LDAP API ldap_search_s() finished, return code is 0x0



Adprep checked to verify whether operation cn=446f24ea-cfd5-4c52-8346-96e170bcb912,cn=Operations,cn=DomainUpdates,cn=System,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com has completed.
[Status/Consequence]
The operation GUID already exists so Adprep did not attempt to rerun this operation but is continuing.



Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=51cba88b-99cf-4e16-bef2-c427b38d0767,cn=Operations,cn=DomainUpdates,cn=System,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com.



LDAP API ldap_search_s() finished, return code is 0x20



Adprep verified the state of operation cn=51cba88b-99cf-4e16-bef2-c427b38d0767,cn=Operations,cn=DomainUpdates,cn=System,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com.
[Status/Consequence]
The operation has not run or is not currently running. It will be run next.

I did dbl check all the permissions and dns ect.

Do i need a w2k dc in place for this to work?



0
Comment
Question by:localrich
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 9
  • 3
  • +1
24 Comments
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 16898069
are you trying to promote a win2k3 r2 as a DC ?

adprep /forestprep is used to update the schema version of a win2k to be compatible with windows 2003 schema. the domain prep for upgrade to a 2k3 domain. so incase you already have a window 2003 Dc then its already on the higher schema level and the domain already has a 2k3 Dc.
0
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 16898079
adprep is used only the first time and not during introduction of every DC.
if you promote the Dc without the adprep what is the message it give ya.
0
 

Author Comment

by:localrich
ID: 16898227
yes it is a win2k3 r2

well it keeps telling me that i need to run adprep when I try to dcpromo it, I understand it's just the first time.  There was a 2k DC that crashed and a 2k3 r1 DC that had all the roles on it and exchange, it is still working but i can not dcpromo any other 2k3 servers in the domain they all say that i need to run adprep which is not completing.
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 250 total points
ID: 16898314
with windows 2003 R2 (release 2) you will need to run the adprep tools from the second cd supplied in the 2 cd set!

\CMPNENTS\R2\ADPREP

you can also download here
http://www.microsoft.com/downloads/details.aspx?familyid=5B73CF03-84DD-480F-98F9-526EC09E9BA8&displaylang=en

this boosts the schema up to cope with R2 functionality
http://www.microsoft.com/windowsserver2003/r2/whatsnewinr2.mspx
0
 

Author Comment

by:localrich
ID: 16898378
run it from the cd did forestprep first completed successfully then ran domainprep and here is the log file

Adprep created the log file ADPrep.log under C:\WINDOWS\system32\debug\adprep\logs\20060613153156 directory.



Adprep copied file c:\ADPREP\schema.ini from installation point to local machine under directory C:\WINDOWS.



Adprep successfully made the LDAP connection to the local domain controller CALLAHAN-EX01.



Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).



LDAP API ldap_search_s() finished, return code is 0x0



Adprep successfully retrieved information from the local directory service.



Adprep successfully initialized global variables.
[Status/Consequence]
Adprep is continuing.



Domain-wide information has already been updated.
[Status/Consequence]
Adprep did not attempt to rerun this operation.



Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=446f24ea-cfd5-4c52-8346-96e170bcb912,cn=Operations,cn=DomainUpdates,cn=System,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com.



LDAP API ldap_search_s() finished, return code is 0x0



Adprep checked to verify whether operation cn=446f24ea-cfd5-4c52-8346-96e170bcb912,cn=Operations,cn=DomainUpdates,cn=System,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com has completed.
[Status/Consequence]
The operation GUID already exists so Adprep did not attempt to rerun this operation but is continuing.



Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=51cba88b-99cf-4e16-bef2-c427b38d0767,cn=Operations,cn=DomainUpdates,cn=System,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com.



LDAP API ldap_search_s() finished, return code is 0x20



Adprep verified the state of operation cn=51cba88b-99cf-4e16-bef2-c427b38d0767,cn=Operations,cn=DomainUpdates,cn=System,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com.
[Status/Consequence]
The operation has not run or is not currently running. It will be run next.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16898607
let me just clarify - this is from the R2 disc location showed above yes?
0
 

Author Comment

by:localrich
ID: 16898747
yes fron the 2nd R2 cd
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16898765
ah crap, i have no idea how to resolve this, i have seen one other answer and netman66 was able to help him role back the schema to the old level and rerun the updates
0
 

Author Comment

by:localrich
ID: 16898778
LOL that's why I posted it up i've tried everything that I can think of and find on the net.
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 250 total points
ID: 16899145
Open up ADUC on the DC for the domain (currently).
Click View>Advanced View

Find this GUID:

cn=51cba88b-99cf-4e16-bef2-c427b38d0767,cn=Operations,cn=DomainUpdates,cn=System,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com.

Right-click it and select Properties.
On the Security tab make sure Domain Admins, Enterprise Admins and SYSTEM (if they're there) have Full Control.

Rerun ADPREP /domainprep /gpprep from Disk 2 of R2.

Let me know the results.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 16899210
Sorry... it's Advanced Features.

You'll find that GUID under System>DomainUpdates>Operations.


It's critical that your Group Policies DO NOT deny or exclude any of the default groups or default permissions.  What you are seeing is the end result of denying or removing permissions from one (or more) of the GPOs so they don't apply to certain Administrative Groups.  This is not the right way to filter them.  Always leave the default permissions on all GPOs.  The only exception is when you do not want a policy (other than the Default policies) to APPLY to everyone, but rather be filtered out.  In this case you simply uncheck the box beside Authenticated Users for Apply Group Policy underneath the Allow column.

If you find that permissions are not correct, the best thing to do to check them all is to create a new GPO and do not make any changes to the content or the Security.  Open up the ACL and write down what the default Security permissions are for each group.  Use this list to check the rest.

The most critical thing is that those 3 admin groups (and maybe a 4th) are granted the MINIMUM of Read.  They are as follows: Administrators (Domain\Administrators), Domain Admins, Enterprise Admins and SYSTEM.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 16899219
One more addition to the last line of the post above - those groups *should* have Full Control - otherwise, changes cannot be made.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 16899241
If all that fails....

Please post this log:  schupgr.log



0
 

Author Comment

by:localrich
ID: 16899815
OK, i can not find that GUID anywhere.

All the Group polices are the standard out of the box so only one "Default Domain Policy"


LOG FILE BELOW

 
Opened Connection to CALLAHAN-EX01
SSPI Bind succeeded
Found Naming Context DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com
Found Naming Context CN=Schema,CN=Configuration,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com
Found Naming Context CN=Configuration,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com
Current Schema Version is 30
Upgrading schema to version 31
The command line passed to ldifde is C:\WINDOWS\system32\ldifde -i -f C:\WINDOWS\system32\sch31.ldf -s CALLAHAN-EX01 -c DC=X DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com -j .


THANKS FOR ALL THE HELP EVERYONE!!!!
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16901671
This GUID:  51cba88b-99cf-4e16-bef2-c427b38d0767

cannot be found in Active Directory Users and Computers with Advanced Features checked in the View menu?  

It should be under System>DomainUpdates>Operations.

If you don't see this, then check another DC by changing the focus of ADUC to connect to another DC.  If it shows up on another DC, then you have an inconsistent SYSVOL and replication is probably not working properly.
0
 

Author Comment

by:localrich
ID: 16903622
That's probably the problem, the other DC crashed and the parts for it should be here today or tommorow, but it has to be rebuilt since it was the raid controller/backplane. I have come to the conclusion that the preivous I.T. Manager did not create any backups and he was only backing up data :(

So am I out of luck?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16903775
Not necessarily.

You need to find the 5 FSMO roles and check to see if this DC is a Global Catalog.  Let me know if you can find them all.

http://support.microsoft.com/kb/255690/en-us

Now, you won't be able to transfer any roles, but we need to determine what is located where.

You had more than one DC - right?

0
 

Author Comment

by:localrich
ID: 16905006
it is a GC and it has all five roles

we had two DC's one 2k and one 2k3 with exchange 03  

the 2k DC crashed and is inop
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16905302
Well...if that GUID is not there and domainprep doesn't finish properly because of this, then you'll need to get the other server up and running.

After the correct forestprep was run are you able to join the R2 server now?
0
 

Author Comment

by:localrich
ID: 16905345
I can join the sever to the domain but i can not run dcpromo on it.

So I have to join a 2k server and make it a dc then run adprep?  If so time to make a 2k vm I guess aftet lunch.

Thanks for your help.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16913647
I don't think that will help if the remaining DC doesn't have a complete SYSVOL.

0
 

Author Comment

by:localrich
ID: 16913713
So what should I do, there is 55 users and I really don't want to create a new domain and figure out all the problems....

I did not create the 2k server yet it seems the previous I.T. manager decided that he no longer needed the media............. so i need to find my media at home.

I'm almost to the point of calling MS to see if they can help. Just trying to get the approval of funds from the boss who doesn't understand why we need another domain controller.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16914226
Is there no possible way to bring the other server to life long enough to fix this problem?
0
 

Author Comment

by:localrich
ID: 16914383
I doubt it since the raid/backplane is being replaced I have to recreate the raid 5 arry and I was told by Dell that with out the emergency cd's it would not boot and I would have to doa complete reinstall. Obvisouly once the part get delivered today I'm going to try to boot it up first.  

It woud seem to me that there must be a well this isn't going to work so lets force it way to do this...........

I'll report back in the after the parts install.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question