Solved

Cannot add Windows 2003 Server as DC to a Windows 2003 Domain that already has two DC's

Posted on 2006-11-30
11
243 Views
Last Modified: 2011-10-03
This one's could get a bit confusing.  Overall, I can't add a new Windows Server 2003 machine to an existing 2003 domain (all forest and domain levels are 2003 on all other DC's) because of the following error:

"The Active Directory Installation Wizard cannot continue because the forest is not prepared for installing Windows Server 2003. Use the Adprep command-line tool to prepare both the forest and the domain."

I already ready through the MS KB http://support.microsoft.com/?kbid=278875 and had no luck.  The STRANGE thing is that my forrest and domain function levels are all 2003 and have been.  Of course I can't run ADPREP if they already at the highest level (I already tried anyway).

The only thing that COULD be confusing this, is the fact that our PDC and BDC (though these terms "technically" don't exist in 2003) were renamed a month ago.  Same domain, but new machine names.  The NETDOM went fine and we didn't have any errors.  I searched the registry and ADSIEDIT.MSC and all items (FRS References, etc) and everything has the new names.  Replication is working and both machines act well as DC's when one or the other is offline.

So... I can't figure out why I wouldn't be able to add a new 2003 DC to a 2003 Domain.  Once upon a time (6 months back) it was in mixed mode, but they were all promoted and things went OK.

Here's a snipped more from my DCPROMO.LOG:

11/30 21:55:45 [INFO] Installing the Directory Service
11/30 21:55:45 [INFO] Calling NtdsInstall for BRECKGROUP.LOCAL
11/30 21:55:45 [INFO] Starting Active Directory installation
11/30 21:55:45 [INFO] Validating user supplied options
11/30 21:55:45 [INFO] Determining a site in which to install
11/30 21:55:45 [INFO] Examining an existing Active Directory forest
11/30 21:55:45 [INFO] Error - The Active Directory Installation Wizard cannot continue because the forest is not prepared for installing Windows Server 2003. Use the Adprep command-line tool to prepare both the forest and the domain. For more information about using the Adprep, see Active Directory Help. (8467)
11/30 21:55:45 [INFO] NtdsInstall for BRECKGROUP.LOCAL returned 8467
11/30 21:55:45 [INFO] DsRolepInstallDs returned 8467
11/30 21:55:45 [ERROR] Failed to install to Directory Service (8467)


Thanks!
0
Comment
Question by:jgantes
  • 6
  • 5
11 Comments
 
LVL 31

Expert Comment

by:Toni Uranjek
Comment Utility
Sorry for asking but is it possible that you are trying to add W2003 R2 and not just W2003 SP1?

If your answer is yes: http://technet2.microsoft.com/WindowsServer/en/library/5022eea0-54bc-422f-b98b-ddb836c8ee851033.mspx?mfr=true
0
 

Author Comment

by:jgantes
Comment Utility
Yes, both other DC's are 2003 SP1, the one I'm adding is 2003 R2.  I think you've found it... now I need to read to figure out what to do... oh boy this looks long and  fun :-(  

Is there a short version :-P
0
 
LVL 31

Expert Comment

by:Toni Uranjek
Comment Utility
To update the schema, on the schema master domain controller, insert Disc 2 and open the command prompt. Then, change to the Cmpnents\R2\Adprep folder of Disc 2, and type: adprep.exe /forestprep.

Is that short enough? :D
0
 

Author Comment

by:jgantes
Comment Utility
yea... thanks.  I just read that.  I wonder, could this have any adverse effects on my current domain controllers?  I guess their forest functions goes to an "R2" Forest function?

Do I need to do on both my DC's I'm assuming?  Sounds risky-- or am I over-reacting.

I found this too... http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21988432.html  


Thanks!
0
 

Author Comment

by:jgantes
Comment Utility
This is really the answer... but I'm still confused... can I simply update the schema on my existing 2003 SP1 DC's or do I have actually upgrade them to R2?

See this article to see what I'm saying....

http://support.microsoft.com/kb/917385  
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 31

Expert Comment

by:Toni Uranjek
Comment Utility
There should be no issues - I believe that you are over-reacting. :D
You should run adprep only on your domain controller which is FSMO holder and the replicate changes to other domain controllers
0
 
LVL 31

Accepted Solution

by:
Toni Uranjek earned 350 total points
Comment Utility
From article:

To resolve this issue, run the adprep.exe /forestprep command from the Windows Server 2003 R2 installation disk 2 on the schema master. To do this, insert the Windows Server 2003 R2 installation disk 2, and then type the following command:
Drive:\CMPNENTS\R2\ADPREP\adprep.exe /forestprep

That's it!

Of course backup system state data on all domain controllers first -  standard procedure.
0
 

Author Comment

by:jgantes
Comment Utility
Thanks a ton :-)

What's the best way to backup data?  Usually I take images, but that seems like overkill in this instance.


0
 
LVL 31

Expert Comment

by:Toni Uranjek
Comment Utility
Imaging is not supported backup method for domain controllers. Use Windows Backup, backup everything!
0
 

Author Comment

by:jgantes
Comment Utility
NT Backup?
0
 
LVL 31

Expert Comment

by:Toni Uranjek
Comment Utility
Yes
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now