cheto06
asked on
Adprep /rodcprep fils
When trying to run the forest prep for a RODC i run this command:
d:\sources\adprep\adprep /rodcprep and get some thing like this? I recently seiezed all the fsmo roles from a w2k3 dc to a wk8dc.
Adprep could not contact a replica for partition DC=DomainDnsZones,DC=Conto so,DC=com
Adprep failed the operation on partition DC=DomainDnsZones,DC=Conto so,DC=com Skipping to next partition.
Adprep could not contact a replica for partition DC=ForestDnsZones,DC=Conto so,DC=com
Adprep encountered an LDAP error. Error code: 0x0. Server extended error code: 0x0, Server error message: (null).
Adprep failed the operation on partition DC=ForestDnsZones,DC=Conto so,DC=com Skipping to next partition.
Adprep completed with errors. Not all partitions are updated.
d:\sources\adprep\adprep /rodcprep and get some thing like this? I recently seiezed all the fsmo roles from a w2k3 dc to a wk8dc.
Adprep could not contact a replica for partition DC=DomainDnsZones,DC=Conto
Adprep failed the operation on partition DC=DomainDnsZones,DC=Conto
Adprep could not contact a replica for partition DC=ForestDnsZones,DC=Conto
Adprep encountered an LDAP error. Error code: 0x0. Server extended error code: 0x0, Server error message: (null).
Adprep failed the operation on partition DC=ForestDnsZones,DC=Conto
Adprep completed with errors. Not all partitions are updated.
ASKER
The DC didn't die. It is still a win2k3 DC and running, I just seized the transferred the roles from it to a win2k8 dc. I am planning on demoting it once i get everything ready to raise my domain/forest functional level to 2008.
Wait did you seize the roles or did you gracefully transfer them?
Seizing the IM role may have caused an issue. May require a metadata cleanup. Check this article... http://support.microsoft.com/kb/949257
ASKER
I transfer them by going to ADUC. right click on Domain and select Operations Master, then changed them from one to another.
It might be worth trying to transfer the IM role back to the 2003 server and running rodcprep again.
ASKER
ok so once i transfer the role back to i run rodcprep on the 2k3 dc or on the w2k8 DC?
Technically from any computer in the forest, but as the command will try and contact the IM then I would run it from the 2003 DC.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is the error I am getting. I just found out that there was a DC that died a couple years ago. I looked at the metadata but i don't see i there. I did find, however, some records aunder the _msdcs records in DNS. Could this be part of the problem?
I transferred the IM role back to the 2k3 dc should i move it back to 2k8 dc again?
C:\Windows\system32>d:\sou rces\adpre p\adprep /rodcprep
Adprep connected to the domain FSMO: dc01-v.Contoso.com.
========================== ========== ========== ========== ========== ========== ==
Adprep found partition DC=ForestDnsZones,DC=Conto so,DC=com, and is about to update the
permissions.
Adprep could not contact a replica for partition DC=ForestDnsZones,DC=Conto so,DC=com.
Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).
Adprep failed the operation on partition DC=ForestDnsZones,DC=Conto so,DC=com. Skipping
to next partition.
========================== ========== ========== ========== ========== ========== ==
========================== ========== ========== ========== ========== ========== ==
Adprep found partition DC=DomainDnsZones,DC=Conto so,DC=com, and is about to update the
permissions.
Adprep could not contact a replica for partition DC=DomainDnsZones,DC=Conto so,DC=com.
Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).
Adprep failed the operation on partition DC=DomainDnsZones,DC=Conto so,DC=com. Skipping
to next partition.
========================== ========== ========== ========== ========== ========== ==
Adprep detected the operation on partition DC=Contoso,DC=com has been performed. Skippi
ng to next partition.
========================== ========== ========== ========== ========== ========== ==
Adprep completed with errors. Not all partitions are updated. See the ADPrep.log in the C:\Windows\d
ebug\adprep\logs\201106301 65642 directory for more information.
To successfully update all partititions, the current logged on user needs to be a member of Enterpri
se Admins group. If that is not the case, please correct the problem, and then restart Adprep.
I transferred the IM role back to the 2k3 dc should i move it back to 2k8 dc again?
C:\Windows\system32>d:\sou
Adprep connected to the domain FSMO: dc01-v.Contoso.com.
==========================
Adprep found partition DC=ForestDnsZones,DC=Conto
permissions.
Adprep could not contact a replica for partition DC=ForestDnsZones,DC=Conto
Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).
Adprep failed the operation on partition DC=ForestDnsZones,DC=Conto
to next partition.
==========================
==========================
Adprep found partition DC=DomainDnsZones,DC=Conto
permissions.
Adprep could not contact a replica for partition DC=DomainDnsZones,DC=Conto
Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).
Adprep failed the operation on partition DC=DomainDnsZones,DC=Conto
to next partition.
==========================
Adprep detected the operation on partition DC=Contoso,DC=com has been performed. Skippi
ng to next partition.
==========================
Adprep completed with errors. Not all partitions are updated. See the ADPrep.log in the C:\Windows\d
ebug\adprep\logs\201106301
To successfully update all partititions, the current logged on user needs to be a member of Enterpri
se Admins group. If that is not the case, please correct the problem, and then restart Adprep.
ASKER
So I've run the scrip and got no error messages. It only says it change IM role to w2k8 dc.
Have you transfered the IM role on 2003 DC?
The IM role shold be transfered to win 2008 DC and then ran the above script.
Also check that replication between the DC are OK.Ran dcdiag /q on both the dc to check for any errors.
The IM role shold be transfered to win 2008 DC and then ran the above script.
Also check that replication between the DC are OK.Ran dcdiag /q on both the dc to check for any errors.
ASKER
So this is what i get after running dcdiag /q. I also get a some other errors but related to printer drivers.
C:\Windows\system32>dcdiag .exe /q
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=conto so,DC=com
......................... SDOCHQ05-V failed test NCSecDesc
An Error Event occurred. EventID: 0x00000457
Time Generated: 07/05/2011 07:47:03
C:\Windows\system32>dcdiag
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=conto
......................... SDOCHQ05-V failed test NCSecDesc
An Error Event occurred. EventID: 0x00000457
Time Generated: 07/05/2011 07:47:03
ASKER
Anybody?
From the dcdiag /q log there is no issue with the DC.Are you still facing the issue with the adprep/rodcprep?
ASKER
yes still same error posted above.
ASKER
not quite the correct answer,
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Thanks
Mike