Promoting 2012 to domain controller in 2003 environment

Log file is not attached.  Also are you getting the error on the Windows 2012 server or on a Windows 2003 server?

-saige-

Hi,

what is the Forest functional level? It should be at least Windows 2003 as I recall. When you want to promote 2012r2 to a DC, you first need to prepare schema on Windows 2003 DC with /adprep, and then you should be able to promote windows 2012r2 to a additional DC.

Regards,

Sorry forgot to attach log file.  I was told that running adprep from the 2003 domain controller would work but I was later advised to run the promo of the 2012 server and this would run the adprep all in the same sequence saving the step of the 2003 route.  I have a concern that if this had errors then it would have similar error running from 2003 domain controller.  As i mentioned, the 2012 server is able to recognize the other servers and in addition, it has the users and domain option there along with the other active directory components so it looks like it is part of active directory which is nice.  Is this because i had run active directory domain portion of setup on the 2012 server already?
ADPrep.log

Are you running it as a Enterpriser  administrator?
Error code: 0x5 Error message: Access is denied.

Im believe as domain admin but how would i confirm if i was enterprise admin?  I simply joined it to our domain which is a single domain.  It did mention about access denied on the wmi.

Also, i could not remote desktop into the server from internally and gave error about network level access.  I enabled remote desktop and administrator is allowed access it lists.  I installed logmein for now so i can at least get in remotely.

You cannot go directly from 2003 server to 2012 server. You MUST have a 2008 domain controller that hosts all the FMSO roles during your migration from 2003 to 2012. Once you have a 2008 (or R2) machine in place transfer your FSMO roles to that 2008 server. Then bring your 2012 server into the domain and it will work just fine. Once the 2012 is a DC, you move the FSMO roles to that server and can remove the 2008 server (all in one day).

The way that you can verify membership is by checking the Enterprise Admins group in Active Directory Users and Computers to ensure that you, directly, or a group that you are a member of is enrolled in this group.  However, I don't think that Enterprise Admin membership applies here but Schema Admins membership definately does.  Actually after reading over the ADPREP requirements, I find:

Make sure that you can log on to the schema master with an account that has sufficient credentials to run adprep /forestprep. You must be a member of the Schema Admins group, the Enterprise Admins group, and the Domain Admins group of the domain that hosts the schema master, which is, by default, the forest root domain.

Source

Another EE PAQ discusses this, and yes the original author did add an intermediary to solve the problem, however, another poster mentioned that they were able to resolve the error by modifying the Component Services on the 2003 DC.

I was able to fix by going into Component Services on 2003 server, right click 'my computer', properties, on 'default properties' tab 'enable distributed COM on this computer' was unchecked.  I checked it and reboot both servers, I was then able to promote the 2012 server to DC, adprep went thru with no issues.

EE PAQ 28168026

Another poster also mentions this article: http://www.kickassnetwork.net/?p=431

-saige-

I agree with what you are saying so will try correcting the schema and enterprise admin issue first and will reattempt from the 2012 server again and if it doesn't work I will run the adprep from the 2003 domain controller holding the fsmo roles. If it does work eventually, after transferring the fsmo roles from the 2003 server to the promoted 2012 domain controller, if I demote the remaining 3 2003 domain controllers, then could I raise the forest functional level to a higher level than the current 2003 level?

Once you have removed all 2003 DC's you can raise the forest/domain functional levels to the highest supported by your DC's.  In other words, if you have all 2012 DC's then you can raise the levels to Server 2012.  If, however, you have a 2008 DC, then your levels can only go as high as Server 2008.

Don't forget to check out the links with regards to Component Services and WMI.

-saige-

Ok sounds good, will give the whole process a try again tonite and hope it gets through.  Any idea why i wouldnt be able to remote desktop to the 2012 server even though i had enabled it and am using admin to login?

Could be a variety of reasons.  RDP settings on the 2012 server, firewall settings on the 2012 server, network access rules on the domain, firewall settings on the local network, etc.

-saige-

Ok im here at office and so I had to copy the contents of the 2012 server dvd into hard drive of 2003 server/domain controller where I attempted to run adprep from support folder and it looks like adprep32 and adprep both don't work.  I was told that adprep will not run on 2003 server and must be run remotely from the 2012 server.  Is this correct?  If so, then I will have to correct that wmi error after all.

ADPREP can be ran on the 2003 Server, but you are probably running the wrong one.  ADPREP is the 64-bit version and since your Windows 2003 Server is most likely the 32-bit version, you need to run ADPREP32.

Remember though, that ADPREP is exposing the WMI error.

-saige-

Hi again, ok was able to complete the domain controller role on the 2012 server using the roles wizard and initially got error about schema master not completing a replication cycle after reboot which i had done after checking the box on 2003 server for components under computer management as you cited in your excerpt so that cured the wmi issue without too much pain.  I then ran replication in sites and services on the 2003 server and after that, the prerequisites check ran without errors and the message that the 2012 server was successfully promoted to a domain controller came up at the end which was great.  Everything seems ok except that i cannot replicate the new 2012 server yet under sites and services although it does show up as a domain controller.  I checked dns and all the entries look the same as the one on the 2003 server.  I will wait a week to make sure things are ok dns wise before making the 2012 server the primary dns.  I think i probably have to wait a few more minutes or more before the 2012 will be able to replicate.  Aside from that, i think im almost home with this project thanks to all your help which was including from when you helped me in my previous question as well.

Just checked the new 2012 domain controller and now it was able to replicate with all the other domain controllers so all good.  Thanks again for all the help.