[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Problem with ADPrep RODCPrep

Posted on 2009-04-09
4
Medium Priority
?
5,058 Views
Last Modified: 2012-05-06
ADPrep RODCPrep gets an error:
-----
Adprep could not contact a replica for partition DC=DomainDnsZones,DC=Domain,DC=com.
Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).
Adprep failed the operation on partition DC=DomainDnsZones,DC=Domain,DC=com. Skipping to n
ext partition.
-----
Oringinally the fsmoRoleOwner in:
cn=Infrastructure,dc=domaindnszones,dc=domain,dc=com was pointing to a deleted server.  

I used NTDSutil to check the replicas for the partition ...
NTDSUtil
domain management
connections
connect to server DcName
quit
list nc replicas "dc=DomainDnsZones,DC=Domain,DC=com"

Then I set the fsmoRoleOwner to a server in the list as follows:
(cut and pasted from the NtDSUtil output).
CN=NTDS Settings,CN=servername,CN=Servers,CN=sitename,CN=Sites,CN=Configuration,DC=rootdomain,DC=local

The above has not corrected the problem.
I looked at the partition with ADSIedit on the DC I pointed it to and it looks valid.

The error is:
Adprep could not contact a replica for partition DC=DomainDnsZones,DC=Domain,DC=com.
Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).

Anyone have any ideas what to look at next???
0
Comment
Question by:brhahne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 15

Assisted Solution

by:zelron22
zelron22 earned 100 total points
ID: 24108779
Run a DCDIAG and see if anything errors out.
Is the machine you're running it on pointing to an AD aware DNS server?
How many DC's do you have?

Try running it directly on the schema master.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 100 total points
ID: 24108793
Have you seen this TechNet article

http://support.microsoft.com/kb/949257

Did you run a  metadata cleanup on that old deleted server?
Thanks
Mike
0
 

Accepted Solution

by:
brhahne earned 0 total points
ID: 24109598
The server was demoted properly and does not show up in the metadata.

yes I have seen kb article 949257 but since we have a lot of DCs I decided to set it manually.  I did comment the script to see where it would have set the fsmoRoleOwner though.

I had initially set the fsmoRoleOwner to a Windows 2008 DC but changed it to a Windows 2003 DC.  After doing that the RODCPrep completed successfully on the DomainDNSZones partition.

Now I just have to do the ForestDNSZones partition...  All the rest of them have already succeeded.
0
 

Author Comment

by:brhahne
ID: 24163285
ForestDNSZones worked as well.  All issues resolved.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question