Solved

"change schema master" window shows the old server in both the "current" and the "change to" fields.

Posted on 2007-03-22
7
482 Views
Last Modified: 2008-05-31
I need to upgrade a 1 server NT Domain to a new 1 server 2003 AD Domain. I upgraded the NT server to Windows 2003 (w/out R2) and the new server is Windows 2003 R2. The upgrade of the NT server went fine. I realized I had to run the adprep.exe from the R2 CD on the 2003 Server w/out R2. That went fine too.
I then ran dcpromo on the new server, and that went well too.

I now need to transfer the FSMO roles to he 2003 R2 server. I registered schmmgmt.dll and added the snap-in, but when I go to Operation Master to transfer the Schema Master to the new 2003 R2 server, the "change schema master" window shows the old server in both the "current" and the "change to" fields. Meaning, I can't change the Schema Master to the new server.

Anyone know why? Thanks!
0
Comment
Question by:Dopher
  • 5
  • 2
7 Comments
 
LVL 13

Expert Comment

by:strongline
ID: 18776922
where do your run the snap-in? how about run it on the other one?

If neither server works, forget about transfer, just go ahead and seize the role.
0
 

Author Comment

by:Dopher
ID: 18776937
I did try the snap-in from both servers and both had the same results. They snap-in had the same server in both fields, and the server in those fields is always the NT server that  upgraded to 2003.

I guess I could sieze the role, but am not sure what negative effect, if any, it will have on the migration, do you?
0
 
LVL 13

Expert Comment

by:strongline
ID: 18777002
seizing itself doesn't present any issue, but the fact that the GUI shows wrong name may indicate something wrong underlying. run "dcdiag /v" on both servers, search for any error/failures. If the report looks good, I will go for seizing anyways.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 13

Expert Comment

by:strongline
ID: 18777184
further to my last email, both fields show the same old server name may mean the new server has never been a real DC. Check if replication, especially SYSVOL replication, works. Unless sysvol is replicated, new "DC" won't share it out and advertise itself as a DC.
0
 

Author Comment

by:Dopher
ID: 18779357
I ran dcdiag /v on both servers, and everything tested successfully. Before I start seizing things, would mind confirming that replication looks OK? (Thanks for your help, by the way!)
Here is the results from the new Server (Srv03):


Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine SRV03, is a DC.
   * Connecting to directory service on server SRV03.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\SRV03
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... SRV03 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\SRV03
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
         ......................... SRV03 passed test Replications
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC SRV03.
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=WOODHILL,DC=local
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=WOODHILL,DC=local
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=WOODHILL,DC=local
            (Domain,Version 2)
         ......................... SRV03 passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\SRV03\netlogon
         Verified share \\SRV03\sysvol
         ......................... SRV03 passed test NetLogons
      Starting test: Advertising
         The DC SRV03 is advertising itself as a DC and having a DS.
         The DC SRV03 is advertising as an LDAP server
         The DC SRV03 is advertising as having a writeable directory
         The DC SRV03 is advertising as a Key Distribution Center
         The DC SRV03 is advertising as a time server
         ......................... SRV03 passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WOODHILL,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WOODHILL,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WOODHILL,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WOODHILL,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=SRV01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WOODHILL,DC=local
         ......................... SRV03 passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 2153 to 1073741823
         * srv01.WOODHILL.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 1653 to 2152
         * rIDPreviousAllocationPool is 1653 to 2152
         * rIDNextRID: 1653
         ......................... SRV03 passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC SRV03 on DC SRV03.
         * SPN found :LDAP/SRV03.WOODHILL.local/WOODHILL.local
         * SPN found :LDAP/SRV03.WOODHILL.local
         * SPN found :LDAP/SRV03
         * SPN found :LDAP/SRV03.WOODHILL.local/WOODHILL
         * SPN found :LDAP/01cdff07-2191-4446-b04b-d476a40f255b._msdcs.WOODHILL.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/01cdff07-2191-4446-b04b-d476a40f255b/WOODHILL.local
         * SPN found :HOST/SRV03.WOODHILL.local/WOODHILL.local
         * SPN found :HOST/SRV03.WOODHILL.local
         * SPN found :HOST/SRV03
         * SPN found :HOST/SRV03.WOODHILL.local/WOODHILL
         * SPN found :GC/SRV03.WOODHILL.local/WOODHILL.local
         ......................... SRV03 passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... SRV03 passed test Services
      Test omitted by user request: OutboundSecureChannels
      Starting test: ObjectsReplicated
         SRV03 is in domain DC=WOODHILL,DC=local
         Checking for CN=SRV03,OU=Domain Controllers,DC=WOODHILL,DC=local in domain DC=WOODHILL,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=SRV03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WOODHILL,DC=local in domain CN=Configuration,DC=WOODHILL,DC=local on 1 servers
            Object is up-to-date on all servers.
         ......................... SRV03 passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... SRV03 passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test
         ......................... SRV03 passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... SRV03 passed test kccevent
      Starting test: systemlog
         * The System Event log test
         Found no errors in System Event log in the last 60 minutes.
         ......................... SRV03 passed test systemlog
      Test omitted by user request: VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)

         CN=SRV03,OU=Domain Controllers,DC=WOODHILL,DC=local and backlink on

         CN=SRV03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WOODHILL,DC=local

         are correct.
         The system object reference (frsComputerReferenceBL)

         CN=SRV03,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=WOODHILL,DC=local

         and backlink on CN=SRV03,OU=Domain Controllers,DC=WOODHILL,DC=local

         are correct.
         The system object reference (serverReferenceBL)

         CN=SRV03,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=WOODHILL,DC=local

         and backlink on

         CN=NTDS Settings,CN=SRV03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WOODHILL,DC=local

         are correct.
         ......................... SRV03 passed test VerifyReferences
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: CheckSecurityError
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : WOODHILL
      Starting test: CrossRefValidation
         ......................... WOODHILL passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... WOODHILL passed test CheckSDRefDom
   
   Running enterprise tests on : WOODHILL.local
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided.
         ......................... WOODHILL.local passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\srv01.WOODHILL.local
         Locator Flags: 0xe00003fd
         PDC Name: \\srv01.WOODHILL.local
         Locator Flags: 0xe00003fd
         Time Server Name: \\SRV03.WOODHILL.local
         Locator Flags: 0xe00001f8
         Preferred Time Server Name: \\srv01.WOODHILL.local
         Locator Flags: 0xe00003fd
         KDC Name: \\SRV03.WOODHILL.local
         Locator Flags: 0xe00001f8
         ......................... WOODHILL.local passed test FsmoCheck
      Test omitted by user request: DNS
      Test omitted by user request: DNS
0
 
LVL 13

Accepted Solution

by:
strongline earned 500 total points
ID: 18779769
The dcdiag looks perfectly good. But in Schema snap-in, right click "active directory schema", you should see "change domain controller", and that is where you change the role holder.
0
 
LVL 13

Expert Comment

by:strongline
ID: 18788174
Actually I don't really deserve the credit. I should have find out the correct to transfer schema master role at the first place. Not to mention that for schema master, what you saw is expected...
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now