?
Solved

adprep ldap errors

Posted on 2012-09-17
5
Medium Priority
?
1,041 Views
Last Modified: 2012-09-18
I am trying to upgrade my active directory scheme from a windows 2003 version to support a windows 2008 R2 server.

When I run adprep /domainprep, I receive the following error:

Adprep encountered an LDAP error.
Error code: 0x20. Server extended error code: 0x208d, Server error message: 0000
208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
        'CN=GCS\0ADEL:d846d18f-b424-4d10-83fc-5c41108ad8ff,CN=Servers,CN=Default
-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=domain,DC=com'

From what little I can tell about the error, Ldap is looking for a domain controller (or record) that does not exist.  The domain controller in question (GCS) was forcibly removed from the domain after a catastrophic failure of the host.  The "metadata cleanup" procedures were used to remove this domain controller from the domain.

My Guess is that the bad domain controller has not been completely removed from the domain.  How do I cleanup / repair the domain so that the adprep command will run successfully?

--
Matthew Davis
0
Comment
Question by:AD-Novice
5 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38406491
Is your 2003 box 32 bit or 64 bit?

Thanks

Mike
0
 

Author Comment

by:AD-Novice
ID: 38406591
The 2003 box is 64 bit
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 38408238
You need to run metadata cleanup again

Make sure you have deleted all DNS records for this failed DC including any SRV records

You need to used adprep32 as well when upgrade schema

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_3644-Windows-2008-Server-R2-adprep-adprep32.html

Make sure all fsmo roles are on a functioning DC as well
0
 
LVL 18

Accepted Solution

by:
Sarang Tinguria earned 2000 total points
ID: 38410777
@ dariusg :- He is using Windows 2003 X64 so there is no need to use adprep32 ..

Author:- Please Use below link to completely remove the dead DC from domain Also make sure you have the user ID have Schema admin and enterprise admin rights on Domain

Check if all FSMO's are on your functional DC use netdom query fsmo to check and if you find any roles on dead DC seize them to working DC using below link

Metadata cleanup:
http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Seize FSMO role:
http://www.petri.co.il/seizing_fsmo_roles.htm
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 38412454
Totally missed the 64-bit part
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question