[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


adprep /rodcprep errors

Posted on 2011-02-17
Medium Priority
Last Modified: 2012-05-11
I'm trying to install a Server 2008 DC into our domain.  All the current DCs are running Server 2003, so I am trying to prepare the domain to accept a 2008 DC.  The forestprep and domainprep ran successfully.  When I try to run adprep /rodcprep on the current DC that has the FSMO roles, I get the errors below.  I have already tried the script in this MS KB article:
The FSMO roles all appear to be assigned correctly, and when I went back through another metadata cleanup process, I didn't find anything that needed to be removed.  Any suggestions for where to go from here would be greatly appreciated, as I am far from being an AD expert.
Adprep connected to the domain FSMO: 2701print.nstarmpls.mds.

Adprep found partition DC=DomainDnsZones,DC=nstarmpls,DC=mds, and is about to update the permissions.

Adprep could not contact a replica for partition DC=DomainDnsZones,DC=nstarmpls,DC=mds.

Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).

Adprep failed the operation on partition DC=DomainDnsZones,DC=nstarmpls,DC=mds.
Skipping to next partition.
Adprep found partition DC=ForestDnsZones,DC=nstarmpls,DC=mds, and is about to update the permissions.

Adprep could not contact a replica for partition DC=ForestDnsZones,DC=nstarmpls,DC=mds.

Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).

Adprep failed the operation on partition DC=ForestDnsZones,DC=nstarmpls,DC=mds.
Skipping to next partition.

Adprep detected the operation on partition DC=nstarmpls,DC=mds has been performed. Skipping to next partition.

Adprep completed with errors. Not all partitions are updated. See the ADPrep.log
 in the C:\WINDOWS\debug\adprep\logs\20110217134132 directory for more information.

To successfully update all partititions, the current logged on user needs to be a member of Enterprise Admins group.  If that is not the case, please correct the problem, and then restart Adprep.
Question by:boyerm25
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 57

Expert Comment

by:Mike Kline
ID: 34919904
Have you looked at this article   http://support.microsoft.com/kb/949257

Out of curiosity are you planning to deploy RODCs?



Author Comment

ID: 34919978
Yes, I have already looked at that KB article (please see original post for more details).  We may be deploying RODCs, as we have several domain controllers in branch offices.
LVL 21

Accepted Solution

snusgubben earned 2000 total points
ID: 34921556
I participated in a thread with a similar problem. The problem was a broken delegation and a tombstoned DC.


If the KB didn't help you I guess a DCDIAG might give you some hints.
Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

LVL 59

Expert Comment

by:Darius Ghassem
ID: 34922370

Author Comment

ID: 34926229
DCDiag led me to some FRS errors on one of my branch office domain controllers.  I've fixed those.  I also realized that I may not have run the script from the MS article on both of the partitions that were showing up in my errors, so I ran it again.  I'm now giving everything some time to replicate and I'll see what happens then.

Author Comment

ID: 34927076
Ok, after giving it a couple of hours to replicate, it all works now.  Thanks for the suggestions!

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question