Dcpromo says I need to run adprep /forestprep, but I already have.

First of all, We already have a server as a DC running Windows Server 2008 R2, So I've obviously run adprep /forest prep on my Schema Master.

But, when trying to promote another Windows Server 2008 R2 Server, DCpromo said I should run it.  So I did run the version from that particular disc on my Schema Master, and it did indeed update the schema by a couple of versions.  HOWEVER, dcpromo is still demanding that I run adprep /forestprep and refusing to promote the server to a DC.

The schema master is running Windows 2000 Professional Server.
LVL 3
crumpledAsked:
Who is Participating?
 
crumpledConnect With a Mentor Author Commented:
I solved it.  
I transfered the Schema Master Role to one of my 2008 Servers.
0
 
ChandarSCommented:

Check "schema version" on the server, if updated wait till the time replication happen...

dsquery.exe * "CN=Schema,CN=Configuration,DC=contoso,DC=com" -scope base -attr objectversion

47 = Windows Server 2008 R2
44 = Windows Server 2008
31 = Windows Server 2003 R2
30 = Windows Server 2003
13 = Windows 2000

Ref: http://support.microsoft.com/kb/556086

Reg,
Chandar Singh
0
 
crumpledAuthor Commented:
I check that earlier in ADSI Edit. it read "47"
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
sfossupportCommented:
Is this other server is the same domain/forest or a different forest ? Was this just a member server ? Do you have exchange already installed on this system ?
0
 
crumpledAuthor Commented:
There is only one domain in one forest.  It was the Schema Master, which would mean it's a Domain Controller.

Exchange schmickshmange.  What would Exchange have to do with anything?
No, we aren't running that.
0
 
eridzoneCommented:
What are your Forest and Domain Functional levels? try to re-run the adrep with switches.
0
 
Darius GhassemCommented:
Run dcdiag on your current domain then post results. Make sure that the server is pointing to the existing DC for DNS only.

Are you running adprep32.exe?

0
 
crumpledAuthor Commented:
dcdiag is attached, below.

ADDS is the first role on this server, so it's looking to the existing DC for DNS.
I did run "adprep32" on the existing server as "adprep" wouldn't run.

Functional Levels are Windows 2000 Native.

@eridzone, which switches? can you be more specific.
Directory Server Diagnosis

Performing initial setup:
   * Identified AD Forest.
   Ldap search capabality attribute search failed on server CET-MRCD000, return
   value = 81
   Got error while checking if the DC is using FRS or DFSR. Error:
   Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
   because of this error.
   Done gathering initial info.

Doing initial required tests

   Testing server: Stockton\CET-STKN001
      Starting test: Connectivity
         ......................... CET-STKN001 passed test Connectivity

Doing primary tests

   Testing server: Stockton\CET-STKN001
      Starting test: Advertising
         ......................... CET-STKN001 passed test Advertising
      Starting test: FrsEvent
         ......................... CET-STKN001 passed test FrsEvent
      Starting test: DFSREvent
         ......................... CET-STKN001 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... CET-STKN001 failed test SysVolCheck
      Starting test: KccEvent
         ......................... CET-STKN001 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... CET-STKN001 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... CET-STKN001 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... CET-STKN001 passed test NCSecDesc
      Starting test: NetLogons
         [CET-STKN001] User credentials does not have permission to perform
         this operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... CET-STKN001 failed test NetLogons
      Starting test: ObjectsReplicated
         Failed to read object metadata on CET-STKN001, error
         Replication access was denied.
         Failed to read object metadata on CET-STKN001, error
         Replication access was denied.
         ......................... CET-STKN001 passed test ObjectsReplicated
      Starting test: Replications
         [Replications Check,CET-STKN001] DsReplicaGetInfo(NEIGHBORS,
         CN=Schema,CN=Configuration,DC=condor,DC=corp) failed, error 0x2105
         "Replication access was denied."
         ......................... CET-STKN001 failed test Replications
      Starting test: RidManager
         ......................... CET-STKN001 passed test RidManager
      Starting test: Services
         Warning: Could not verify whether this server has any SMTP replica
         links and therefore will not check for services required for SMTP
         replication.
         ......................... CET-STKN001 passed test Services
      Starting test: SystemLog
         ......................... CET-STKN001 passed test SystemLog
      Starting test: VerifyReferences
         ......................... CET-STKN001 passed test VerifyReferences


   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : condor
      Starting test: CheckSDRefDom
         ......................... condor passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... condor passed test CrossRefValidation

   Running enterprise tests on : domain.corp
      Starting test: LocatorCheck
         ......................... domain.corp passed test LocatorCheck
      Starting test: Intersite
         ......................... domain.corp passed test Intersite

Open in new window

0
 
Netman66Commented:
I'm going to reach a little here because there isn't a lot of info.

I suspect there might be some GPOs that have had their default security altered more than should have been by removing Enterprise Admins and Domain Admins from the ACE of the policy.  What this does is fail the adprep process from properly completing - without really telling you.

Of course, this is just a guess right now.

I wrote an article about this when 2003 server was born and although it isn't exactly what you are experiencing, it sounds suspiciously similar.

http://support.microsoft.com/kb/555055
0
 
crumpledAuthor Commented:
One thing to keep in mind is that I've already successfully deployed 2 Windows Server 2008 R2 x64 servers as Domain Controllers on this domain.  I had to run adprep /forestprep, and adprep /domainprep at that time.  and they both took to their roles fine.

That's why it's confusing that the third one thinks the forest isn't ready for it, when it clearly must be.
0
 
Netman66Connect With a Mentor Commented:
Check that DNS is functioning properly and replicating.  The new server may not be able to locate the SRV records it needs to show it the forest zone info.

Is this new server correctly pointing only at your DNS and no external influence?

0
All Courses

From novice to tech pro — start learning today.