Solved

unable to use adprep /rodcprep

Posted on 2008-10-09
9
3,836 Views
Last Modified: 2012-06-27
C:\adprep>adprep /rodcprep
Adprep connected to the domain FSMO: DC03.LOCALDOMAIN.COM.


Adprep detected the operation on partition DC=ForestDnsZones,DC=LOCALDOMAIN,DC=COM has be
en performed. Skipping to next partition.
==============================================================================


==============================================================================
Adprep found partition DC=DomainDnsZones,DC=LOCALDOMAIN,DC=COM, and is about to update th
e permissions.


Adprep could not contact a replica for partition DC=DomainDnsZones,DC=LOCALDOMAIN,DC=COM.


Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).



Adprep failed the operation on partition DC=DomainDnsZones,DC=LOCALDOMAIN,DC=COM. Skippin
g to next partition.

As stated in the KB949257 I searched for the fsmorolesowner:
CN=NTDS Settings,CN=S2008DC06,CN=Servers,CN=LOCALDOMAIN,CN=Sites,CN=Configuration,DC=LOCALDOMAIN,DC=COM
0
Comment
Question by:quadrumane
  • 4
  • 4
9 Comments
 
LVL 13

Expert Comment

by:ach_patil
ID: 22685555
0
 

Author Comment

by:quadrumane
ID: 22686100
It doesn't help.  As far as I know the following value

CN=NTDS Settings,CN=S2008DC06,CN=Servers,CN=LOCALDOMAIN,CN=Sites,CN=Configuration,DC=LOCALDOMAIN,DC=COM

is not a bad value as
CN=NTDS SettingsADEL:0db95bd9-0a15-46d8-9665-951689a3c7f9,CN=PFCSRDC1ADEL:5bcf835e-adb2-4eba-9a3e-bccc9611fc78,CN=Servers,CN=PFCS,CN=Sites,CN=Configuration,DC=pfcs,DC=farm

But I don't see the term DC=DomainDnsZones anywhere,  I rather see DC=domain,DC=suffix

Maybe it's the way I'm connected to ADSI Edit.  

thanks
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22686379
Hi,
Were you able to verify the following:
  • Make sure that your Infrastructure Master is reachable from the Server where your are running adprep
  • Also try running the script to update the attribute.
  • If you are unable to see can you provide the screenshot of your ADSIEDIT so that we can comment furrther
THanks
Nitin
0
 

Author Comment

by:quadrumane
ID: 22686476
1 - Yes I can reach the infrastructure from the DC running ADSI Edit.  

2 - I don't know what script you're talkking about

3 - here it is
adsi-1.jpg
0
Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

 
LVL 32

Accepted Solution

by:
gupnit earned 500 total points
ID: 22686744
Hi,
The following script sample modifies the fSMORoleOwner attribute on the infrastructure object of the specified Non-Domain Naming Context (NDNC) to an active, or contactable, server. The NDNC in this sample is the DomainDnsZones,DC=contoso,DC=com NDNC naming context. The script uses the following command: cscript fixfsmo.vbs DC=DomainDnsZones,DC=contoso,DC=com
==============================================
const ADS_NAME_INITTYPE_GC = 3
const ADS_NAME_TYPE_1779 = 1
const ADS_NAME_TYPE_CANONICAL = 2

set inArgs = WScript.Arguments

if (inArgs.Count = 1) then
    ' Assume the command line argument is the NDNC (in DN form) to use.
    NdncDN = inArgs(0)
Else
    Wscript.StdOut.Write "usage: cscript fixfsmo.vbs NdncDN"
End if

if (NdncDN <> "") then

    ' Convert the DN form of the NDNC into DNS dotted form.
    Set objTranslator = CreateObject("NameTranslate")
    objTranslator.Init ADS_NAME_INITTYPE_GC, ""
    objTranslator.Set ADS_NAME_TYPE_1779, NdncDN
    strDomainDNS = objTranslator.Get(ADS_NAME_TYPE_CANONICAL)
    strDomainDNS = Left(strDomainDNS, len(strDomainDNS)-1)
     
    Wscript.Echo "DNS name: " & strDomainDNS

    ' Find a domain controller that hosts this NDNC and that is online.
    set objRootDSE = GetObject("LDAP://" & strDomainDNS & "/RootDSE")
    strDnsHostName = objRootDSE.Get("dnsHostName")
    strDsServiceName = objRootDSE.Get("dsServiceName")
    Wscript.Echo "Using DC " & strDnsHostName

    ' Get the current infrastructure fsmo.
    strInfraDN = "CN=Infrastructure," & NdncDN
    set objInfra = GetObject("LDAP://" & strInfraDN)
    Wscript.Echo "infra fsmo is " & objInfra.fsmoroleowner

    ' If the current fsmo holder is deleted, set the fsmo holder to this domain controller.

    if (InStr(objInfra.fsmoroleowner, "\0ADEL:") > 0) then

        ' Set the fsmo holder to this domain controller.
        objInfra.Put "fSMORoleOwner",  strDsServiceName
        objInfra.SetInfo

        ' Read the fsmo holder back.
        set objInfra = GetObject("LDAP://" & strInfraDN)
        Wscript.Echo "infra fsmo changed to:" & objInfra.fsmoroleowner

    End if

End if
0
 

Author Comment

by:quadrumane
ID: 22691253
I'm not sure to follow, what the NDNC stands for ?  
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22691471
The script modifies the fSMORoleOwner attribute on the infrastructure object of the specified Non-Domain Naming Context (NDNC) to an active, or contactable, server. The NDNC in your case is DomainDnsZones,DC=LOCALDOMAIN,DC=COM
  • Copy Paste the Script in txt file and save as sriptfsmo.vbs
  • Goto Start --> Run --> Cmd --> cscript scriptfsmo.vbs DC=DomainDnsZones,DC=LOCALDOMAIN,DC=COM
Let me know if you face issues
Cheers
Nitin
0
 

Author Comment

by:quadrumane
ID: 22693772
It worked.  The ADPREP /RODCPREP command has been executed without errors, all partitions have been updated.  

The script has identified a server that is no longer used as infra fsmo (SR2DC02) and changed it to the server I was running the script at (SR2DC05)

But SR2DC05 is no longer playing the Infrastructure role, I transfered the infra to another DC. (S2008DC06) a week ago from operations masters in AD Users and Computers.  

here is the script I ran, down bellow adprep /rodcprep    I'd like to get a better understanding, but thanks for the solution.  

C:\FSMOSCRIPT>cscript scriptfsmo.vbs DC=DomainDnsZones,DC=LOCALDOMAIN,DC=COM
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

DNS name: DomainDnsZones.LOCALDOMAIN.COM
Using DC sr2dc05.LOCALDOMAIN.COM
infra fsmo is CN=NTDS Settings\0ADEL:18142bbc-7e42-48fa-9e56-ff2ef508479c,CN=SR2
DC02\0ADEL:9c3fb94a-0ce8-4033-a0dd-86e32a26df8d,CN=Servers,CN=LOCALDOMAIN,CN=Sites,CN=Co
nfiguration,DC=LOCALDOMAIN,DC=COM
infra fsmo changed to:CN=NTDS Settings,CN=SR2DC05,CN=Servers,CN=LOCALDOMAIN,CN=Sites,CN=
Configuration,DC=LOCALDOMAIN,DC=COM

C:\FSMOSCRIPT>

C:\adprep>adprep /rodcprep
Adprep connected to the domain FSMO: DC03.LOCALDOMAIN.COM.


Adprep detected the operation on partition DC=ForestDnsZones,DC=LOCALDOMAIN,DC=COM  has be
en performed. Skipping to next partition.
==============================================================================


==============================================================================
Adprep found partition DC=DomainDnsZones,DC=MSD,DC=CA, and is about to update th
e permissions.


Adprep connected to a replica DC sr2dc05.MSD.CA that holds partition DC=DomainDn
sZones,DC=LOCALDOMAIN,DC=COM.


The operation on partition DC=DomainDnsZones,DC=LOCALDOMAIN,DC=COM  was successful.
==============================================================================


Adprep detected the operation on partition DC=LOCALDOMAIN,DC=COM  has been performed. Skip
ping to next partition.
==============================================================================


Adprep completed without errors. All partitions are updated. See the ADPrep.log
in directory C:\WINDOWS\debug\adprep\logs\20081011083701 for more information.


0
 
LVL 32

Expert Comment

by:gupnit
ID: 22693782
Glad it helped...!!
Cheers
Nitin
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now