Problem with ADPrep RODCPrep

Posted on 2009-04-09
Last Modified: 2012-05-06
ADPrep RODCPrep gets an error:
Adprep could not contact a replica for partition DC=DomainDnsZones,DC=Domain,DC=com.
Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).
Adprep failed the operation on partition DC=DomainDnsZones,DC=Domain,DC=com. Skipping to n
ext partition.
Oringinally the fsmoRoleOwner in:
cn=Infrastructure,dc=domaindnszones,dc=domain,dc=com was pointing to a deleted server.  

I used NTDSutil to check the replicas for the partition ...
domain management
connect to server DcName
list nc replicas "dc=DomainDnsZones,DC=Domain,DC=com"

Then I set the fsmoRoleOwner to a server in the list as follows:
(cut and pasted from the NtDSUtil output).
CN=NTDS Settings,CN=servername,CN=Servers,CN=sitename,CN=Sites,CN=Configuration,DC=rootdomain,DC=local

The above has not corrected the problem.
I looked at the partition with ADSIedit on the DC I pointed it to and it looks valid.

The error is:
Adprep could not contact a replica for partition DC=DomainDnsZones,DC=Domain,DC=com.
Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).

Anyone have any ideas what to look at next???
Question by:brhahne
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 15

Assisted Solution

zelron22 earned 25 total points
ID: 24108779
Run a DCDIAG and see if anything errors out.
Is the machine you're running it on pointing to an AD aware DNS server?
How many DC's do you have?

Try running it directly on the schema master.
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 25 total points
ID: 24108793
Have you seen this TechNet article

Did you run a  metadata cleanup on that old deleted server?

Accepted Solution

brhahne earned 0 total points
ID: 24109598
The server was demoted properly and does not show up in the metadata.

yes I have seen kb article 949257 but since we have a lot of DCs I decided to set it manually.  I did comment the script to see where it would have set the fsmoRoleOwner though.

I had initially set the fsmoRoleOwner to a Windows 2008 DC but changed it to a Windows 2003 DC.  After doing that the RODCPrep completed successfully on the DomainDNSZones partition.

Now I just have to do the ForestDNSZones partition...  All the rest of them have already succeeded.

Author Comment

ID: 24163285
ForestDNSZones worked as well.  All issues resolved.

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question