windows server r2 2008 Creating new dc on existing forest 2003
I am trying to install new ms server 2008 r2 DC into the ms server 2003 enviroment. When running "adprep /forestprep" I am getting the below message.
Adprep was unable to extend the schema.
[Status/Consequence]
The schema master did not complete a replication cycle after the last reboot. Th
e schema master must complete at least one replication cycle before the schema c
an be extended.
[User Action]
Verify that the schema master is connected to the network and can communicate wi
th other Active Directory Domain Controllers. Use the Sites and Services snap-i
n to replicate between the schema operations master and at least one replication
partner. After replication has succeeded, run adprep again.
what is wierd...is that there is only one DC in my enviroment. so i just dont understand what is going on.
the windows server 2003 is my DC/DNS/AD/exchange.
PLEASE HELP EXPERTS!!!
Adprep was unable to extend the schema.
[Status/Consequence]
The schema master did not complete a replication cycle after the last reboot. Th
e schema master must complete at least one replication cycle before the schema c
an be extended.
[User Action]
Verify that the schema master is connected to the network and can communicate wi
th other Active Directory Domain Controllers. Use the Sites and Services snap-i
n to replicate between the schema operations master and at least one replication
partner. After replication has succeeded, run adprep again.
what is wierd...is that there is only one DC in my enviroment. so i just dont understand what is going on.
the windows server 2003 is my DC/DNS/AD/exchange.
PLEASE HELP EXPERTS!!!
Is your 2003 box 32 or 64 bit. If 32 bit use adprep32
Wer there ever any other DCs on the network?
Thanks
Mike
Wer there ever any other DCs on the network?
Thanks
Mike
As mkline suggests it's possible that your one and only DC believes there is another one it should have replicated with. Try running repadmim /showreps from your DC to see. If an old DC is listed, search the Microsoft KB for metadata cleanup.
ASKER
I am using adprep32 below is my command line:
C:\Temp\adprep>adprep32 /forestprep
i want to keep both DC. i just want the second server(win server 2008) as some type of redunancy.
C:\Temp\adprep>adprep32 /forestprep
i want to keep both DC. i just want the second server(win server 2008) as some type of redunancy.
ASKER
Below is: .repadmin /showreps
C:\Program Files\Support Tools>repadmin /showreps
Default-First-Site-Name\EX
DC Options: IS_GC
Site Options: (none)
DC object GUID: a5c258fd-73f5-4119-aaac-e5
DC invocationID: 85f6980b-812d-4a42-ae1e-bf
==== INBOUND NEIGHBORS ==========================
DC=dawsonjames,DC=local
Default-First-Site-Name\SE
DC object GUID: adc142a2-fe7a-4867-9642-f1
Last attempt @ 2011-10-05 20:55:07 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
33752 consecutive failure(s).
Last success @ 2007-11-30 16:58:14.
Default-First-Site-Name\FI
DC object GUID: 8941e33e-d29e-40b5-b79c-e4
Last attempt @ 2011-10-05 20:55:22 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
9870 consecutive failure(s).
Last success @ 2010-08-21 10:48:12.
CN=Configuration,DC=dawson
Default-First-Site-Name\SE
DC object GUID: adc142a2-fe7a-4867-9642-f1
Last attempt @ 2011-10-05 20:55:09 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
33751 consecutive failure(s).
Last success @ 2007-11-30 16:21:04.
Default-First-Site-Name\FI
DC object GUID: 8941e33e-d29e-40b5-b79c-e4
Last attempt @ 2011-10-05 20:55:13 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
9870 consecutive failure(s).
Last success @ 2010-08-21 10:34:44.
CN=Schema,CN=Configuration
Default-First-Site-Name\SE
DC object GUID: adc142a2-fe7a-4867-9642-f1
Last attempt @ 2011-10-05 20:55:11 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
33751 consecutive failure(s).
Last success @ 2007-11-30 15:59:19.
Default-First-Site-Name\FI
DC object GUID: 8941e33e-d29e-40b5-b79c-e4
Last attempt @ 2011-10-05 20:55:16 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
9871 consecutive failure(s).
Last success @ 2010-08-21 08:55:52.
DC=DomainDnsZones,DC=dawso
Default-First-Site-Name\SE
DC object GUID: adc142a2-fe7a-4867-9642-f1
Last attempt @ 2011-10-05 20:55:18 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
33752 consecutive failure(s).
Last success @ 2007-11-30 15:59:20.
Default-First-Site-Name\FI
DC object GUID: 8941e33e-d29e-40b5-b79c-e4
Last attempt @ 2011-10-05 20:55:25 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
9870 consecutive failure(s).
Last success @ 2010-08-21 10:46:15.
DC=ForestDnsZones,DC=dawso
Default-First-Site-Name\SE
DC object GUID: adc142a2-fe7a-4867-9642-f1
Last attempt @ 2011-10-05 20:55:20 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
33752 consecutive failure(s).
Last success @ 2007-11-30 15:59:20.
Default-First-Site-Name\FI
DC object GUID: 8941e33e-d29e-40b5-b79c-e4
Last attempt @ 2011-10-05 20:55:27 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
9871 consecutive failure(s).
Last success @ 2010-08-21 08:55:52.
Source: Default-First-Site-Name\FI
******* 9871 CONSECUTIVE FAILURES since 2010-08-21 10:48:12
Last error: 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
Source: Default-First-Site-Name\SE
******* 33752 CONSECUTIVE FAILURES since 2007-11-30 16:58:14
Last error: 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
C:\Program Files\Support Tools>
Those server dont exist those server are DIED...Any ideas guys
C:\Program Files\Support Tools>repadmin /showreps
Default-First-Site-Name\EX
DC Options: IS_GC
Site Options: (none)
DC object GUID: a5c258fd-73f5-4119-aaac-e5
DC invocationID: 85f6980b-812d-4a42-ae1e-bf
==== INBOUND NEIGHBORS ==========================
DC=dawsonjames,DC=local
Default-First-Site-Name\SE
DC object GUID: adc142a2-fe7a-4867-9642-f1
Last attempt @ 2011-10-05 20:55:07 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
33752 consecutive failure(s).
Last success @ 2007-11-30 16:58:14.
Default-First-Site-Name\FI
DC object GUID: 8941e33e-d29e-40b5-b79c-e4
Last attempt @ 2011-10-05 20:55:22 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
9870 consecutive failure(s).
Last success @ 2010-08-21 10:48:12.
CN=Configuration,DC=dawson
Default-First-Site-Name\SE
DC object GUID: adc142a2-fe7a-4867-9642-f1
Last attempt @ 2011-10-05 20:55:09 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
33751 consecutive failure(s).
Last success @ 2007-11-30 16:21:04.
Default-First-Site-Name\FI
DC object GUID: 8941e33e-d29e-40b5-b79c-e4
Last attempt @ 2011-10-05 20:55:13 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
9870 consecutive failure(s).
Last success @ 2010-08-21 10:34:44.
CN=Schema,CN=Configuration
Default-First-Site-Name\SE
DC object GUID: adc142a2-fe7a-4867-9642-f1
Last attempt @ 2011-10-05 20:55:11 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
33751 consecutive failure(s).
Last success @ 2007-11-30 15:59:19.
Default-First-Site-Name\FI
DC object GUID: 8941e33e-d29e-40b5-b79c-e4
Last attempt @ 2011-10-05 20:55:16 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
9871 consecutive failure(s).
Last success @ 2010-08-21 08:55:52.
DC=DomainDnsZones,DC=dawso
Default-First-Site-Name\SE
DC object GUID: adc142a2-fe7a-4867-9642-f1
Last attempt @ 2011-10-05 20:55:18 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
33752 consecutive failure(s).
Last success @ 2007-11-30 15:59:20.
Default-First-Site-Name\FI
DC object GUID: 8941e33e-d29e-40b5-b79c-e4
Last attempt @ 2011-10-05 20:55:25 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
9870 consecutive failure(s).
Last success @ 2010-08-21 10:46:15.
DC=ForestDnsZones,DC=dawso
Default-First-Site-Name\SE
DC object GUID: adc142a2-fe7a-4867-9642-f1
Last attempt @ 2011-10-05 20:55:20 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
33752 consecutive failure(s).
Last success @ 2007-11-30 15:59:20.
Default-First-Site-Name\FI
DC object GUID: 8941e33e-d29e-40b5-b79c-e4
Last attempt @ 2011-10-05 20:55:27 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
9871 consecutive failure(s).
Last success @ 2010-08-21 08:55:52.
Source: Default-First-Site-Name\FI
******* 9871 CONSECUTIVE FAILURES since 2010-08-21 10:48:12
Last error: 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
Source: Default-First-Site-Name\SE
******* 33752 CONSECUTIVE FAILURES since 2007-11-30 16:58:14
Last error: 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
C:\Program Files\Support Tools>
Those server dont exist those server are DIED...Any ideas guys
Even if the server is no longer in use, if it was at one point a DC, it has to be removed from the directory (metadata clenaup)
ASKER
How do I run metadata cleanup if server doesnt exisit?
Did a second server ever exist at some point in the past?
http://technet.microsoft.com/en-us/library/cc736378(WS.10).aspx
Dust-off ntdsutil
http://technet.microsoft.com/en-us/library/cc736378(WS.10).aspx
Dust-off ntdsutil
This error indicates that there are AD replication problems in the environment. In order to continue the replication issue must be resolved.
1. Make sure that user is schema admin or log on as a Schema Admin (the Administrator of the forest root domain has this role by default).
2. As other said, you need to run ADPREP or ADPREP32(If 2k3 DC is 32bit) on existing 2003 domain controller.
3. To check what replication problems you are having install your Windows Support tools and run Repadmin /Showrepl or Repadmin /Showreps on the Schema Master. This should show you which DC’s you are having problems with.
Once you have determined the DC (s) that has the problem, check to see if you can connect to \\server(servername) and \\FQDN(servername)
If both are unsuccessful then you may have a networking problem, a broken secure channel or a 5 minute time difference between the two machines.
If one is unsuccessful you have a networking problem involving DNS or Netbios name resolution.
If both are successful:
On both the DC that is not replicating with the Schema Master as well as the Schema Master: On both DC's TCP Nic properties point DNS to iteslf or local DNS server , On 2003 At a cmd prompt type Netdiag /fix
Also run ipconfig /all, dcdiag /q , netdiag /q and repadmin /replsum on 2003 DC post result.
Regards,
Abhijit Waikar.
1. Make sure that user is schema admin or log on as a Schema Admin (the Administrator of the forest root domain has this role by default).
2. As other said, you need to run ADPREP or ADPREP32(If 2k3 DC is 32bit) on existing 2003 domain controller.
3. To check what replication problems you are having install your Windows Support tools and run Repadmin /Showrepl or Repadmin /Showreps on the Schema Master. This should show you which DC’s you are having problems with.
Once you have determined the DC (s) that has the problem, check to see if you can connect to \\server(servername) and \\FQDN(servername)
If both are unsuccessful then you may have a networking problem, a broken secure channel or a 5 minute time difference between the two machines.
If one is unsuccessful you have a networking problem involving DNS or Netbios name resolution.
If both are successful:
On both the DC that is not replicating with the Schema Master as well as the Schema Master: On both DC's TCP Nic properties point DNS to iteslf or local DNS server , On 2003 At a cmd prompt type Netdiag /fix
Also run ipconfig /all, dcdiag /q , netdiag /q and repadmin /replsum on 2003 DC post result.
Regards,
Abhijit Waikar.
ASKER
Dust-off ntdsutil ? not sure how to run that command
ASKER
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator.dom
ntdsutil:
ntdsutil: metadata cleanup
metadata cleanup:
metadata cleanup: remove selected server
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
Unable to determine the domain hosted by the DC (1). Please use the connection m
enu to specify it.
metadata cleanup: remove selected server server
A global connection already exists. No arguments should be specified.
metadata cleanup: remove selected server fileserver
A global connection already exists. No arguments should be specified.
metadata cleanup: ntd^C
C:\Documents and Settings\Administrator.dom
ntdsutil: metadata cleanup
metadata cleanup: remove selected server server
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001BA, problem 2006 (B
AD_NAME), data 8350, best match of:
'CN=Ntds Settings,server'
Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the DC (5). Please use the connection m
enu to specify it.
Disconnecting from localhost...
metadata cleanup: remove selected server fileserver
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001BA, problem 2006 (B
AD_NAME), data 8350, best match of:
'CN=Ntds Settings,fileserver'
Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the DC (5). Please use the connection m
enu to specify it.
Disconnecting from localhost...
metadata cleanup:
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator.dom
ntdsutil:
ntdsutil: metadata cleanup
metadata cleanup:
metadata cleanup: remove selected server
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
Unable to determine the domain hosted by the DC (1). Please use the connection m
enu to specify it.
metadata cleanup: remove selected server server
A global connection already exists. No arguments should be specified.
metadata cleanup: remove selected server fileserver
A global connection already exists. No arguments should be specified.
metadata cleanup: ntd^C
C:\Documents and Settings\Administrator.dom
ntdsutil: metadata cleanup
metadata cleanup: remove selected server server
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001BA, problem 2006 (B
AD_NAME), data 8350, best match of:
'CN=Ntds Settings,server'
Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the DC (5). Please use the connection m
enu to specify it.
Disconnecting from localhost...
metadata cleanup: remove selected server fileserver
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001BA, problem 2006 (B
AD_NAME), data 8350, best match of:
'CN=Ntds Settings,fileserver'
Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the DC (5). Please use the connection m
enu to specify it.
Disconnecting from localhost...
metadata cleanup:
Check this to perform metadata cleanup: http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Regards,
Abhijit Waikar.
Regards,
Abhijit Waikar.
You need to remove the old Dc's which are not in the network by performing metadata cleanup
follow this Microsoft KB http://support.microsoft.com/kb/216498.
Once done you can proceed with installation of 2008 DC below are the steps:
The installation of Windows 2008 into the domain and migration is quite simple.
First you need to Adprep your 2003 Domain by running
adprep /forestprep and
adprep /domainprep and
adprep /gpprep
from the 2008 DVD on the Windows 2003 DC - adprep is in the SOURCES folder on the DVD.
Next install 2008 server on the new machine. You need to assign the 2008 new computer an IP address and subnet mask on the existing network. Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)
Join the new 2008 machine to the existing domain as a member server
From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select "Additional Domain Controller in an existing Domain"
Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the"Global Catalog" checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)
If necessary install DNS on the new server. Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will automatically replicate to the new domain controller along with Active Directory. Set up forwarders as detailed at http://www.petri.co.il/configure_dns_forwarding.htm
You must transfer the FSMO roles to the 2008 machine then the process is as outlined at http://www.petri.co.il/transferring_fsmo_roles.htm
You then need to install DHCP on the new 2008 server (if used) and set up a scope, activate it and authorize the server.
Change all of the clients (and the new 2008 DC itself), to point to the 2008 DC for their preferred DNS server this may be in DHCP options or the TCP/IP settings.
You can then transfer any data to the new server.
Refernce article:
http://araihan.wordpress.com/2009/08/25/migrate-from-windows-2003-active-directory-to-windows-2008-active-directory-step-by-step/
http://markswinkels.nl/2009/01/08/how-to-migrate-a-domain-controller-from-windows-2003-to-windows-2008/
follow this Microsoft KB http://support.microsoft.com/kb/216498.
Once done you can proceed with installation of 2008 DC below are the steps:
The installation of Windows 2008 into the domain and migration is quite simple.
First you need to Adprep your 2003 Domain by running
adprep /forestprep and
adprep /domainprep and
adprep /gpprep
from the 2008 DVD on the Windows 2003 DC - adprep is in the SOURCES folder on the DVD.
Next install 2008 server on the new machine. You need to assign the 2008 new computer an IP address and subnet mask on the existing network. Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)
Join the new 2008 machine to the existing domain as a member server
From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select "Additional Domain Controller in an existing Domain"
Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the"Global Catalog" checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)
If necessary install DNS on the new server. Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will automatically replicate to the new domain controller along with Active Directory. Set up forwarders as detailed at http://www.petri.co.il/configure_dns_forwarding.htm
You must transfer the FSMO roles to the 2008 machine then the process is as outlined at http://www.petri.co.il/transferring_fsmo_roles.htm
You then need to install DHCP on the new 2008 server (if used) and set up a scope, activate it and authorize the server.
Change all of the clients (and the new 2008 DC itself), to point to the 2008 DC for their preferred DNS server this may be in DHCP options or the TCP/IP settings.
You can then transfer any data to the new server.
Refernce article:
http://araihan.wordpress.com/2009/08/25/migrate-from-windows-2003-active-directory-to-windows-2008-active-directory-step-by-step/
http://markswinkels.nl/2009/01/08/how-to-migrate-a-domain-controller-from-windows-2003-to-windows-2008/
ASKER
Sandeshdubey
that is my problem....how can i run metadata cleanup if i cant connect to old dc?
i get the below problem
C:\Documents and Settings\Administrator.dom
ntdsutil: metadata cleanup
metadata cleanup: remove selected server server
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001BA, problem 2006 (B
AD_NAME), data 8350, best match of:
'CN=Ntds Settings,server'
Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the DC (5). Please use the connection m
enu to specify it.
Disconnecting from localhost...
metadata cleanup: remove selected server fileserver
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001BA, problem 2006 (B
AD_NAME), data 8350, best match of:
'CN=Ntds Settings,fileserver'
Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the DC (5). Please use the connection m
enu to specify it.
Disconnecting from localho
that is my problem....how can i run metadata cleanup if i cant connect to old dc?
i get the below problem
C:\Documents and Settings\Administrator.dom
ntdsutil: metadata cleanup
metadata cleanup: remove selected server server
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001BA, problem 2006 (B
AD_NAME), data 8350, best match of:
'CN=Ntds Settings,server'
Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the DC (5). Please use the connection m
enu to specify it.
Disconnecting from localhost...
metadata cleanup: remove selected server fileserver
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001BA, problem 2006 (B
AD_NAME), data 8350, best match of:
'CN=Ntds Settings,fileserver'
Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the DC (5). Please use the connection m
enu to specify it.
Disconnecting from localho
To ran metadata cleanup you need to connect to online dc not offline dc.
Refer below article step by step details are given:
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
http://support.microsoft.com/kb/216498
Refer below article step by step details are given:
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
http://support.microsoft.com/kb/216498
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Perfect
http://technet.microsoft.com/en-us/library/cc771461(WS.10).aspx