adprep /rodcprep errors

Posted on 2011-02-17
Medium Priority
Last Modified: 2012-05-11
I'm trying to install a Server 2008 DC into our domain.  All the current DCs are running Server 2003, so I am trying to prepare the domain to accept a 2008 DC.  The forestprep and domainprep ran successfully.  When I try to run adprep /rodcprep on the current DC that has the FSMO roles, I get the errors below.  I have already tried the script in this MS KB article:
The FSMO roles all appear to be assigned correctly, and when I went back through another metadata cleanup process, I didn't find anything that needed to be removed.  Any suggestions for where to go from here would be greatly appreciated, as I am far from being an AD expert.
Adprep connected to the domain FSMO: 2701print.nstarmpls.mds.

Adprep found partition DC=DomainDnsZones,DC=nstarmpls,DC=mds, and is about to update the permissions.

Adprep could not contact a replica for partition DC=DomainDnsZones,DC=nstarmpls,DC=mds.

Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).

Adprep failed the operation on partition DC=DomainDnsZones,DC=nstarmpls,DC=mds.
Skipping to next partition.
Adprep found partition DC=ForestDnsZones,DC=nstarmpls,DC=mds, and is about to update the permissions.

Adprep could not contact a replica for partition DC=ForestDnsZones,DC=nstarmpls,DC=mds.

Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).

Adprep failed the operation on partition DC=ForestDnsZones,DC=nstarmpls,DC=mds.
Skipping to next partition.

Adprep detected the operation on partition DC=nstarmpls,DC=mds has been performed. Skipping to next partition.

Adprep completed with errors. Not all partitions are updated. See the ADPrep.log
 in the C:\WINDOWS\debug\adprep\logs\20110217134132 directory for more information.

To successfully update all partititions, the current logged on user needs to be a member of Enterprise Admins group.  If that is not the case, please correct the problem, and then restart Adprep.
Question by:boyerm25
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 57

Expert Comment

by:Mike Kline
ID: 34919904
Have you looked at this article   http://support.microsoft.com/kb/949257

Out of curiosity are you planning to deploy RODCs?



Author Comment

ID: 34919978
Yes, I have already looked at that KB article (please see original post for more details).  We may be deploying RODCs, as we have several domain controllers in branch offices.
LVL 21

Accepted Solution

snusgubben earned 2000 total points
ID: 34921556
I participated in a thread with a similar problem. The problem was a broken delegation and a tombstoned DC.


If the KB didn't help you I guess a DCDIAG might give you some hints.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

LVL 59

Expert Comment

by:Darius Ghassem
ID: 34922370

Author Comment

ID: 34926229
DCDiag led me to some FRS errors on one of my branch office domain controllers.  I've fixed those.  I also realized that I may not have run the script from the MS article on both of the partitions that were showing up in my errors, so I ran it again.  I'm now giving everything some time to replicate and I'll see what happens then.

Author Comment

ID: 34927076
Ok, after giving it a couple of hours to replicate, it all works now.  Thanks for the suggestions!

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month13 days, 14 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question