Solved

Adprep /domainprep

Posted on 2006-06-13
24
1,612 Views
Last Modified: 2012-06-21
ok so I have read all the posts on here about this and it still will not finish. I have a problem though there is nol onger a win2k dc in the site. It crashed and I'm awaitng replacement parts from dell. We currently have a 2003 DC up and running with Exchange 2003 on it and thankfully it had all the roles transfered to it. I would like to promote one of the 2003 servers to be an DC but domain prep will not run. Below is a copy of the log.

Adprep created the log file ADPrep.log under C:\WINDOWS\system32\debug\adprep\logs\20060613115739 directory.



Adprep copied file C:\I386\schema.ini from installation point to local machine under directory C:\WINDOWS.



Adprep successfully made the LDAP connection to the local domain controller CALLAHAN-EX01.



Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).



LDAP API ldap_search_s() finished, return code is 0x0



Adprep successfully retrieved information from the local directory service.



Adprep successfully initialized global variables.
[Status/Consequence]
Adprep is continuing.



Domain-wide information has already been updated.
[Status/Consequence]
Adprep did not attempt to rerun this operation.



Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=446f24ea-cfd5-4c52-8346-96e170bcb912,cn=Operations,cn=DomainUpdates,cn=System,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com.



LDAP API ldap_search_s() finished, return code is 0x0



Adprep checked to verify whether operation cn=446f24ea-cfd5-4c52-8346-96e170bcb912,cn=Operations,cn=DomainUpdates,cn=System,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com has completed.
[Status/Consequence]
The operation GUID already exists so Adprep did not attempt to rerun this operation but is continuing.



Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=51cba88b-99cf-4e16-bef2-c427b38d0767,cn=Operations,cn=DomainUpdates,cn=System,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com.



LDAP API ldap_search_s() finished, return code is 0x20



Adprep verified the state of operation cn=51cba88b-99cf-4e16-bef2-c427b38d0767,cn=Operations,cn=DomainUpdates,cn=System,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com.
[Status/Consequence]
The operation has not run or is not currently running. It will be run next.

I did dbl check all the permissions and dns ect.

Do i need a w2k dc in place for this to work?



0
Comment
Question by:localrich
  • 10
  • 9
  • 3
  • +1
24 Comments
 
LVL 13

Expert Comment

by:Kini pradeep
Comment Utility
are you trying to promote a win2k3 r2 as a DC ?

adprep /forestprep is used to update the schema version of a win2k to be compatible with windows 2003 schema. the domain prep for upgrade to a 2k3 domain. so incase you already have a window 2003 Dc then its already on the higher schema level and the domain already has a 2k3 Dc.
0
 
LVL 13

Expert Comment

by:Kini pradeep
Comment Utility
adprep is used only the first time and not during introduction of every DC.
if you promote the Dc without the adprep what is the message it give ya.
0
 

Author Comment

by:localrich
Comment Utility
yes it is a win2k3 r2

well it keeps telling me that i need to run adprep when I try to dcpromo it, I understand it's just the first time.  There was a 2k DC that crashed and a 2k3 r1 DC that had all the roles on it and exchange, it is still working but i can not dcpromo any other 2k3 servers in the domain they all say that i need to run adprep which is not completing.
0
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 250 total points
Comment Utility
with windows 2003 R2 (release 2) you will need to run the adprep tools from the second cd supplied in the 2 cd set!

\CMPNENTS\R2\ADPREP

you can also download here
http://www.microsoft.com/downloads/details.aspx?familyid=5B73CF03-84DD-480F-98F9-526EC09E9BA8&displaylang=en

this boosts the schema up to cope with R2 functionality
http://www.microsoft.com/windowsserver2003/r2/whatsnewinr2.mspx
0
 

Author Comment

by:localrich
Comment Utility
run it from the cd did forestprep first completed successfully then ran domainprep and here is the log file

Adprep created the log file ADPrep.log under C:\WINDOWS\system32\debug\adprep\logs\20060613153156 directory.



Adprep copied file c:\ADPREP\schema.ini from installation point to local machine under directory C:\WINDOWS.



Adprep successfully made the LDAP connection to the local domain controller CALLAHAN-EX01.



Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).



LDAP API ldap_search_s() finished, return code is 0x0



Adprep successfully retrieved information from the local directory service.



Adprep successfully initialized global variables.
[Status/Consequence]
Adprep is continuing.



Domain-wide information has already been updated.
[Status/Consequence]
Adprep did not attempt to rerun this operation.



Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=446f24ea-cfd5-4c52-8346-96e170bcb912,cn=Operations,cn=DomainUpdates,cn=System,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com.



LDAP API ldap_search_s() finished, return code is 0x0



Adprep checked to verify whether operation cn=446f24ea-cfd5-4c52-8346-96e170bcb912,cn=Operations,cn=DomainUpdates,cn=System,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com has completed.
[Status/Consequence]
The operation GUID already exists so Adprep did not attempt to rerun this operation but is continuing.



Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=51cba88b-99cf-4e16-bef2-c427b38d0767,cn=Operations,cn=DomainUpdates,cn=System,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com.



LDAP API ldap_search_s() finished, return code is 0x20



Adprep verified the state of operation cn=51cba88b-99cf-4e16-bef2-c427b38d0767,cn=Operations,cn=DomainUpdates,cn=System,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com.
[Status/Consequence]
The operation has not run or is not currently running. It will be run next.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
let me just clarify - this is from the R2 disc location showed above yes?
0
 

Author Comment

by:localrich
Comment Utility
yes fron the 2nd R2 cd
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
ah crap, i have no idea how to resolve this, i have seen one other answer and netman66 was able to help him role back the schema to the old level and rerun the updates
0
 

Author Comment

by:localrich
Comment Utility
LOL that's why I posted it up i've tried everything that I can think of and find on the net.
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 250 total points
Comment Utility
Open up ADUC on the DC for the domain (currently).
Click View>Advanced View

Find this GUID:

cn=51cba88b-99cf-4e16-bef2-c427b38d0767,cn=Operations,cn=DomainUpdates,cn=System,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com.

Right-click it and select Properties.
On the Security tab make sure Domain Admins, Enterprise Admins and SYSTEM (if they're there) have Full Control.

Rerun ADPREP /domainprep /gpprep from Disk 2 of R2.

Let me know the results.

0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
Sorry... it's Advanced Features.

You'll find that GUID under System>DomainUpdates>Operations.


It's critical that your Group Policies DO NOT deny or exclude any of the default groups or default permissions.  What you are seeing is the end result of denying or removing permissions from one (or more) of the GPOs so they don't apply to certain Administrative Groups.  This is not the right way to filter them.  Always leave the default permissions on all GPOs.  The only exception is when you do not want a policy (other than the Default policies) to APPLY to everyone, but rather be filtered out.  In this case you simply uncheck the box beside Authenticated Users for Apply Group Policy underneath the Allow column.

If you find that permissions are not correct, the best thing to do to check them all is to create a new GPO and do not make any changes to the content or the Security.  Open up the ACL and write down what the default Security permissions are for each group.  Use this list to check the rest.

The most critical thing is that those 3 admin groups (and maybe a 4th) are granted the MINIMUM of Read.  They are as follows: Administrators (Domain\Administrators), Domain Admins, Enterprise Admins and SYSTEM.

0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
One more addition to the last line of the post above - those groups *should* have Full Control - otherwise, changes cannot be made.

0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 51

Expert Comment

by:Netman66
Comment Utility
If all that fails....

Please post this log:  schupgr.log



0
 

Author Comment

by:localrich
Comment Utility
OK, i can not find that GUID anywhere.

All the Group polices are the standard out of the box so only one "Default Domain Policy"


LOG FILE BELOW

 
Opened Connection to CALLAHAN-EX01
SSPI Bind succeeded
Found Naming Context DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com
Found Naming Context CN=Schema,CN=Configuration,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com
Found Naming Context CN=Configuration,DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com
Current Schema Version is 30
Upgrading schema to version 31
The command line passed to ldifde is C:\WINDOWS\system32\ldifde -i -f C:\WINDOWS\system32\sch31.ldf -s CALLAHAN-EX01 -c DC=X DC=CALLAHAN,DC=CALLAHAN-LAW,DC=com -j .


THANKS FOR ALL THE HELP EVERYONE!!!!
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
This GUID:  51cba88b-99cf-4e16-bef2-c427b38d0767

cannot be found in Active Directory Users and Computers with Advanced Features checked in the View menu?  

It should be under System>DomainUpdates>Operations.

If you don't see this, then check another DC by changing the focus of ADUC to connect to another DC.  If it shows up on another DC, then you have an inconsistent SYSVOL and replication is probably not working properly.
0
 

Author Comment

by:localrich
Comment Utility
That's probably the problem, the other DC crashed and the parts for it should be here today or tommorow, but it has to be rebuilt since it was the raid controller/backplane. I have come to the conclusion that the preivous I.T. Manager did not create any backups and he was only backing up data :(

So am I out of luck?
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
Not necessarily.

You need to find the 5 FSMO roles and check to see if this DC is a Global Catalog.  Let me know if you can find them all.

http://support.microsoft.com/kb/255690/en-us

Now, you won't be able to transfer any roles, but we need to determine what is located where.

You had more than one DC - right?

0
 

Author Comment

by:localrich
Comment Utility
it is a GC and it has all five roles

we had two DC's one 2k and one 2k3 with exchange 03  

the 2k DC crashed and is inop
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
Well...if that GUID is not there and domainprep doesn't finish properly because of this, then you'll need to get the other server up and running.

After the correct forestprep was run are you able to join the R2 server now?
0
 

Author Comment

by:localrich
Comment Utility
I can join the sever to the domain but i can not run dcpromo on it.

So I have to join a 2k server and make it a dc then run adprep?  If so time to make a 2k vm I guess aftet lunch.

Thanks for your help.
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
I don't think that will help if the remaining DC doesn't have a complete SYSVOL.

0
 

Author Comment

by:localrich
Comment Utility
So what should I do, there is 55 users and I really don't want to create a new domain and figure out all the problems....

I did not create the 2k server yet it seems the previous I.T. manager decided that he no longer needed the media............. so i need to find my media at home.

I'm almost to the point of calling MS to see if they can help. Just trying to get the approval of funds from the boss who doesn't understand why we need another domain controller.
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
Is there no possible way to bring the other server to life long enough to fix this problem?
0
 

Author Comment

by:localrich
Comment Utility
I doubt it since the raid/backplane is being replaced I have to recreate the raid 5 arry and I was told by Dell that with out the emergency cd's it would not boot and I would have to doa complete reinstall. Obvisouly once the part get delivered today I'm going to try to boot it up first.  

It woud seem to me that there must be a well this isn't going to work so lets force it way to do this...........

I'll report back in the after the parts install.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

I have never ceased to be amazed how many problems you can encounter on a fresh install of a Windows operating system.  This is certainly case in point& Unable to complete ANY MSI installation.  This means Windows Updates are failing and I can't …
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now