Problem with ADPrep RODCPrep

Posted on 2009-04-09
Medium Priority
Last Modified: 2012-05-06
ADPrep RODCPrep gets an error:
Adprep could not contact a replica for partition DC=DomainDnsZones,DC=Domain,DC=com.
Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).
Adprep failed the operation on partition DC=DomainDnsZones,DC=Domain,DC=com. Skipping to n
ext partition.
Oringinally the fsmoRoleOwner in:
cn=Infrastructure,dc=domaindnszones,dc=domain,dc=com was pointing to a deleted server.  

I used NTDSutil to check the replicas for the partition ...
domain management
connect to server DcName
list nc replicas "dc=DomainDnsZones,DC=Domain,DC=com"

Then I set the fsmoRoleOwner to a server in the list as follows:
(cut and pasted from the NtDSUtil output).
CN=NTDS Settings,CN=servername,CN=Servers,CN=sitename,CN=Sites,CN=Configuration,DC=rootdomain,DC=local

The above has not corrected the problem.
I looked at the partition with ADSIedit on the DC I pointed it to and it looks valid.

The error is:
Adprep could not contact a replica for partition DC=DomainDnsZones,DC=Domain,DC=com.
Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).

Anyone have any ideas what to look at next???
Question by:brhahne
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 15

Assisted Solution

zelron22 earned 100 total points
ID: 24108779
Run a DCDIAG and see if anything errors out.
Is the machine you're running it on pointing to an AD aware DNS server?
How many DC's do you have?

Try running it directly on the schema master.
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 100 total points
ID: 24108793
Have you seen this TechNet article


Did you run a  metadata cleanup on that old deleted server?

Accepted Solution

brhahne earned 0 total points
ID: 24109598
The server was demoted properly and does not show up in the metadata.

yes I have seen kb article 949257 but since we have a lot of DCs I decided to set it manually.  I did comment the script to see where it would have set the fsmoRoleOwner though.

I had initially set the fsmoRoleOwner to a Windows 2008 DC but changed it to a Windows 2003 DC.  After doing that the RODCPrep completed successfully on the DomainDNSZones partition.

Now I just have to do the ForestDNSZones partition...  All the rest of them have already succeeded.

Author Comment

ID: 24163285
ForestDNSZones worked as well.  All issues resolved.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month8 days, 17 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question