?
Solved

unable to use adprep /rodcprep

Posted on 2008-10-09
9
Medium Priority
?
3,854 Views
Last Modified: 2012-06-27
C:\adprep>adprep /rodcprep
Adprep connected to the domain FSMO: DC03.LOCALDOMAIN.COM.


Adprep detected the operation on partition DC=ForestDnsZones,DC=LOCALDOMAIN,DC=COM has be
en performed. Skipping to next partition.
==============================================================================


==============================================================================
Adprep found partition DC=DomainDnsZones,DC=LOCALDOMAIN,DC=COM, and is about to update th
e permissions.


Adprep could not contact a replica for partition DC=DomainDnsZones,DC=LOCALDOMAIN,DC=COM.


Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).



Adprep failed the operation on partition DC=DomainDnsZones,DC=LOCALDOMAIN,DC=COM. Skippin
g to next partition.

As stated in the KB949257 I searched for the fsmorolesowner:
CN=NTDS Settings,CN=S2008DC06,CN=Servers,CN=LOCALDOMAIN,CN=Sites,CN=Configuration,DC=LOCALDOMAIN,DC=COM
0
Comment
Question by:quadrumane
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 

Author Comment

by:quadrumane
ID: 22686100
It doesn't help.  As far as I know the following value

CN=NTDS Settings,CN=S2008DC06,CN=Servers,CN=LOCALDOMAIN,CN=Sites,CN=Configuration,DC=LOCALDOMAIN,DC=COM

is not a bad value as
CN=NTDS SettingsADEL:0db95bd9-0a15-46d8-9665-951689a3c7f9,CN=PFCSRDC1ADEL:5bcf835e-adb2-4eba-9a3e-bccc9611fc78,CN=Servers,CN=PFCS,CN=Sites,CN=Configuration,DC=pfcs,DC=farm

But I don't see the term DC=DomainDnsZones anywhere,  I rather see DC=domain,DC=suffix

Maybe it's the way I'm connected to ADSI Edit.  

thanks
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22686379
Hi,
Were you able to verify the following:
  • Make sure that your Infrastructure Master is reachable from the Server where your are running adprep
  • Also try running the script to update the attribute.
  • If you are unable to see can you provide the screenshot of your ADSIEDIT so that we can comment furrther
THanks
Nitin
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 

Author Comment

by:quadrumane
ID: 22686476
1 - Yes I can reach the infrastructure from the DC running ADSI Edit.  

2 - I don't know what script you're talkking about

3 - here it is
adsi-1.jpg
0
 
LVL 32

Accepted Solution

by:
gupnit earned 2000 total points
ID: 22686744
Hi,
The following script sample modifies the fSMORoleOwner attribute on the infrastructure object of the specified Non-Domain Naming Context (NDNC) to an active, or contactable, server. The NDNC in this sample is the DomainDnsZones,DC=contoso,DC=com NDNC naming context. The script uses the following command: cscript fixfsmo.vbs DC=DomainDnsZones,DC=contoso,DC=com
==============================================
const ADS_NAME_INITTYPE_GC = 3
const ADS_NAME_TYPE_1779 = 1
const ADS_NAME_TYPE_CANONICAL = 2

set inArgs = WScript.Arguments

if (inArgs.Count = 1) then
    ' Assume the command line argument is the NDNC (in DN form) to use.
    NdncDN = inArgs(0)
Else
    Wscript.StdOut.Write "usage: cscript fixfsmo.vbs NdncDN"
End if

if (NdncDN <> "") then

    ' Convert the DN form of the NDNC into DNS dotted form.
    Set objTranslator = CreateObject("NameTranslate")
    objTranslator.Init ADS_NAME_INITTYPE_GC, ""
    objTranslator.Set ADS_NAME_TYPE_1779, NdncDN
    strDomainDNS = objTranslator.Get(ADS_NAME_TYPE_CANONICAL)
    strDomainDNS = Left(strDomainDNS, len(strDomainDNS)-1)
     
    Wscript.Echo "DNS name: " & strDomainDNS

    ' Find a domain controller that hosts this NDNC and that is online.
    set objRootDSE = GetObject("LDAP://" & strDomainDNS & "/RootDSE")
    strDnsHostName = objRootDSE.Get("dnsHostName")
    strDsServiceName = objRootDSE.Get("dsServiceName")
    Wscript.Echo "Using DC " & strDnsHostName

    ' Get the current infrastructure fsmo.
    strInfraDN = "CN=Infrastructure," & NdncDN
    set objInfra = GetObject("LDAP://" & strInfraDN)
    Wscript.Echo "infra fsmo is " & objInfra.fsmoroleowner

    ' If the current fsmo holder is deleted, set the fsmo holder to this domain controller.

    if (InStr(objInfra.fsmoroleowner, "\0ADEL:") > 0) then

        ' Set the fsmo holder to this domain controller.
        objInfra.Put "fSMORoleOwner",  strDsServiceName
        objInfra.SetInfo

        ' Read the fsmo holder back.
        set objInfra = GetObject("LDAP://" & strInfraDN)
        Wscript.Echo "infra fsmo changed to:" & objInfra.fsmoroleowner

    End if

End if
0
 

Author Comment

by:quadrumane
ID: 22691253
I'm not sure to follow, what the NDNC stands for ?  
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22691471
The script modifies the fSMORoleOwner attribute on the infrastructure object of the specified Non-Domain Naming Context (NDNC) to an active, or contactable, server. The NDNC in your case is DomainDnsZones,DC=LOCALDOMAIN,DC=COM
  • Copy Paste the Script in txt file and save as sriptfsmo.vbs
  • Goto Start --> Run --> Cmd --> cscript scriptfsmo.vbs DC=DomainDnsZones,DC=LOCALDOMAIN,DC=COM
Let me know if you face issues
Cheers
Nitin
0
 

Author Comment

by:quadrumane
ID: 22693772
It worked.  The ADPREP /RODCPREP command has been executed without errors, all partitions have been updated.  

The script has identified a server that is no longer used as infra fsmo (SR2DC02) and changed it to the server I was running the script at (SR2DC05)

But SR2DC05 is no longer playing the Infrastructure role, I transfered the infra to another DC. (S2008DC06) a week ago from operations masters in AD Users and Computers.  

here is the script I ran, down bellow adprep /rodcprep    I'd like to get a better understanding, but thanks for the solution.  

C:\FSMOSCRIPT>cscript scriptfsmo.vbs DC=DomainDnsZones,DC=LOCALDOMAIN,DC=COM
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

DNS name: DomainDnsZones.LOCALDOMAIN.COM
Using DC sr2dc05.LOCALDOMAIN.COM
infra fsmo is CN=NTDS Settings\0ADEL:18142bbc-7e42-48fa-9e56-ff2ef508479c,CN=SR2
DC02\0ADEL:9c3fb94a-0ce8-4033-a0dd-86e32a26df8d,CN=Servers,CN=LOCALDOMAIN,CN=Sites,CN=Co
nfiguration,DC=LOCALDOMAIN,DC=COM
infra fsmo changed to:CN=NTDS Settings,CN=SR2DC05,CN=Servers,CN=LOCALDOMAIN,CN=Sites,CN=
Configuration,DC=LOCALDOMAIN,DC=COM

C:\FSMOSCRIPT>

C:\adprep>adprep /rodcprep
Adprep connected to the domain FSMO: DC03.LOCALDOMAIN.COM.


Adprep detected the operation on partition DC=ForestDnsZones,DC=LOCALDOMAIN,DC=COM  has be
en performed. Skipping to next partition.
==============================================================================


==============================================================================
Adprep found partition DC=DomainDnsZones,DC=MSD,DC=CA, and is about to update th
e permissions.


Adprep connected to a replica DC sr2dc05.MSD.CA that holds partition DC=DomainDn
sZones,DC=LOCALDOMAIN,DC=COM.


The operation on partition DC=DomainDnsZones,DC=LOCALDOMAIN,DC=COM  was successful.
==============================================================================


Adprep detected the operation on partition DC=LOCALDOMAIN,DC=COM  has been performed. Skip
ping to next partition.
==============================================================================


Adprep completed without errors. All partitions are updated. See the ADPrep.log
in directory C:\WINDOWS\debug\adprep\logs\20081011083701 for more information.


0
 
LVL 32

Expert Comment

by:gupnit
ID: 22693782
Glad it helped...!!
Cheers
Nitin
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question