W2008 AD Upgrade Problem

Posted on 2014-03-02
Medium Priority
Last Modified: 2014-05-02
I am looking to upgrade AD from W2008 SBS to W2012.
There are are 2 AD controllers - SBS2008 plus W2008 R2 at another site, permanently connected by a VPN.
I have run the command Dcdiag /v /c /d /e /s:DCName.
Part of the output says (note I have removed direct server and domain name references):

"      Starting test: VerifyEnterpriseReferences
       The following problems were found while verifying various important DN
       references.  Note, that  these problems can be reported because of
       latency in replication.  So follow up to resolve the following
       problems, only if the same problem is reported on all DCs for a given
       domain or if  the problem persists after replication has had
       reasonable time to replicate changes.
       [1] Problem: Missing Expected Value
            Base Object:
            CN="servername",OU=Domain Controllers,DC="domain name",DC=local
            Base Object Description: "DC Account Object"
            Value Object Attribute Name: msDFSR-ComputerReferenceBL
            Value Object Description: "SYSVOL FRS Member Object"
            Recommended Action: See Knowledge Base Article: Q312862
Now I believe this refers to missing FRS Objects and FRS attributes and I need the file "Topchk.cmd" to parse the output of "NtrfsUtl ds" command. It just isn't clear to me where I get "Topchk.cmd" from and why its access appears to be restricted?

Thanks for any help
Question by:ajmcqueen
  • 4
  • 2
LVL 40

Assisted Solution

Mahesh earned 668 total points
ID: 39898870
You don't need to find "Topchk.cmd" mentioned in KB article in question

Just go to adsiedit and go to domain.com\system\File replication services\domain System volume and check server properties and all related attributes are correct
For Ex:ServerReference
You need to find out missing \ invalid attributes mentioned in KB article and need to correct them according to steps provided in KB article

LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 1332 total points
ID: 39898881
While I think its a good idea to run the DCDIAG and diagnose whatever problems it comes up with, I've found that adding a Server 2012 DC to an existing domain is sometimes easier to do from the Server 2012 itself as the checks it does on the network provide fairly good feedback.


Once it gets added you can move the FSMO roles over to it and then be sure to fully uninstall Exchange from your SBS before demoting it so you don't leave any remnant Exchange objects in AD.


Author Comment

ID: 39898926

Actually, I have to migrate Exchange over to the 2012 Server - to Exchange 2013.
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39898997
I don't suggest that you run Exchange 2013 on a DC.  While this is not "unsupported" it's definitely not recommended.  Exchange on an SBS was a different story because of the way the wizards configured multiple services at the same time in order to ensure things would run well and be secure.

Since you will have virtualization rights with the Server 2012, you can install a Hyper-V host and then two separate Server 2012's -- one being the DC and the other for Exchange.  Of course, be sure you have a server with enough resources to do this.

Follow this checklist to do the Exchange Migration:

And still -- be sure to fully uninstall Exchange 2010 from your SBS before demoting it.  Otherwise you'll leave some nasty legacy stuff in your AD.

LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39898999

Author Comment

ID: 39899129
OK. I was aware of the issue of not running Exchange on a DC. The plan is to put a copy of W2012 on the SBS server hardware to run as a DC. Obviously I will need a 3rd server as a temporary stand-in to run as a DC until the SBS has been wiped.
LVL 74

Accepted Solution

Jeffrey Kane - TechSoEasy earned 1332 total points
ID: 39899526
That is just another reason that doing it virtually is the way to go.

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question