Error when trying to add a domain controller that's Server 2012 R2 in a Server 2003 functional level forest

Below is errors in adprep log on Server 2012 R2

[2015/06/19:08:33:31.926]
LDAP API ldap_search_s finished, return code is 0x0
[2015/06/19:08:33:31.926]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
[2015/06/19:08:33:31.927]
LDAP API ldap_search_ext_s finished, return code is 0x0
[2015/06/19:08:33:31.927]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
[2015/06/19:08:33:31.927]
LDAP API ldap_search_s finished, return code is 0x0
[2015/06/19:08:33:31.927]
Adprep does not find the tokenGroups attribute on the RootDSE object of the Active Directory Domain Controller. This attribute is not avaliable on Windows Server 2003 or lower version of Windows. Adprep will try to obtain token groups from the User object.
[2015/06/19:08:33:31.927]
The parameters /userdomain and /user are not specified. Using current logon user's domain ...
[2015/06/19:08:33:31.934]
Adprep failed to verify whether schema master has completed a replication cycle after last reboot.

[Status/Consequence]

The schema is not upgraded.

[User Action]

Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20150619083331-test directory for possible cause of failure.
[2015/06/19:08:33:31.934]
Adprep encountered an LDAP error.

Error code: 0x32. Server extended error code: 0x2098, Server error message: 00002098: SecErr: DSID-03151D80, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0



DSID Info:
DSID: 0x180f0972
ldap error = 0x32
NT BUILD: 9600
NT BUILD: 16384
LVL 3
Nathan KaufmanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
(INSUFF_ACCESS_RIGHTS), data 0
Is your account part of the following groups..
- Domain Admins
- Enterprise Admins
- Schema Admins

Make sure that your account you are using to perform the ADPrep has the correct access. Also check your AD replication to make sure that everything is working properly.

Repadmin /replsum
Repadmin /showrepl
Repadmin /bridgeheads
DCDiag /v

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
it_saigeDeveloperCommented:
This can also be caused by a problem in the component services configuration on the Windows Server 2003 DC.  Please refer to this EE PAQ for additional assitance - http:/Q_28584877.html#a40514872.

-saige-
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.