troubleshooting Question

ADPREP /forestprep Fails, x500uniqueIdentifier

Avatar of WindhamSD
WindhamSDFlag for United States of America asked on
DatabasesWindows Server 2003Active Directory
44 Comments3 Solutions966 ViewsLast Modified:
Hello,

I have been trying to prep my domain so I can add server 2003 R2 and Server 2008 boxes to the domain. The current domain function level is Windows 2000 Mixed. All of our DC's are now 2003 Service Pack 2. I have a few more servers that I need to join the domain that will be 2003 R2 and possible a 2008 server. So I copied the ADPREP folder from my 2003 R2 disk to the c:/ of the server that holds all of the FSMO roles for the domain. When I run adprep /forestprep I get a failure message..well actually two:

"lDAPDisplayName" attribute value for objects defined in Windows 2000
schema and
 extended schema do not match.


A previous schema extension has defined the attribute value as
"OldunixIDWithDup
OID" for object
"CN=x500uniqueIdentifier,CN=Schema,CN=Configuration,DC=windhamsd
,DC=org" differently than the schema extension needed for Windows 2003
server .
[Status/Consequence]
Adprep cannot extend your existing schema
[User Action]
Contact the vendor of the application that previously extended the schema
to res
olve the inconsistency. Then run adprep again.




=============================================================================
"isSingleValued" attribute value for objects defined in Windows 2000
schema and
extended schema do not match.


A previous schema extension has defined the attribute value as "TRUE" for
object
 "CN=x500uniqueIdentifier,CN=Schema,CN=Configuration,DC=windhamsd,DC=org" differently than the schema extension needed for Windows 2003 server .
[Status/Consequence]
Adprep cannot extend your existing schema
[User Action]
Contact the vendor of the application that previously extended the schema
to res
olve the inconsistency. Then run adprep again.

Now the top one was from earlier attempts at fixing the issue, the bottom was was the origional issue. I saw a post that said to do a regedit then change the value to FALSE but honestly doing ADSI and things of that nature go over my head and I am timid when it comes to setting registry entries on DC's. The regedit being:

HKLM\system\CurrentControlSet\Services\NTDS\Parameters
Value Name: Schema Update Allowed
Value Type: REG_DWORD
Value Data:1

So here is where my question comes in. Does anyone know how to remedy this issue? And what does this really mean?

I really don't want to have to create a whole new domain and start from scratch, that would be miserable. I did try to fix this one time before on EE but I was pulled off the task and the question became stale, but now I have no choice but to fix this issue. I appreciate any help offered.

I attached all the info from my previous post so you know what I have already tried. It is very long (72 pages) but it may help.

Thank You.

adprep-fails.doc
ASKER CERTIFIED SOLUTION
Awinish
Senior Solution Architect

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 3 Answers and 44 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 3 Answers and 44 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros