Problem adding Windows 2003 server to 2000 Active directory

By thomas, 19 January, 2006
When trying to add a Windows 2003 server to a 2000 domain, adprep would fail with this error: F:I386>adprep /forestPrep ADPREP WARNING: Before running adprep, all Windows 2000 domain controllers in the forest should be upgraded to Windows 2000 Service Pack 1 (SP1) with QFE 265089, or to Windows 2000 SP2 (or later). QFE 265089 (included in Windows 2000 SP2 and later) is required to prevent poten tial domain controller corruption. For more information about preparing your forest and domain see KB article Q3311 61 at http://support.microsoft.com. [User Action] If ALL your existing Windows 2000 domain controllers meet this requirement, type C and then press ENTER to continue. Otherwise, type any other key and press ENTER to quit. C Adprep was unable to check the forest update status. [Status/Consequence] Adprep queries the directory to see if the forest has already been prepared. If the information is unavailable or unknown, Adprep proceeds without attempting this operation. [User Action] Restart Adprep and check the Adprep.log file. Verify in the log file that this forest has already been successfully prepared. Adprep encountered an LDAP error. Error code: 0x20. Server extended error code: 0x208d, Server error message: 0000 208D: NameErr: DSID-031001BD, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=org' . We ran dcdiag and got this error: F:I386>dcdiag DC Diagnosis Performing initial setup: Done gathering initial info. Doing initial non skippeable tests Testing server: Default-First-Site-NameJAKARTA Starting test: Connectivity ......................... JAKARTA passed test Connectivity Doing primary tests Testing server: Default-First-Site-NameJAKARTA Starting test: Replications ......................... JAKARTA passed test Replications Starting test: NCSecDesc ......................... JAKARTA passed test NCSecDesc Starting test: NetLogons ......................... JAKARTA passed test NetLogons Starting test: Advertising ......................... JAKARTA passed test Advertising Starting test: KnowsOfRoleHolders Warning: CN="NTDS Settings DEL:0251b58f-c99c-4680-bf7a-7b6a6233de27",CN="CORDOBA DEL:c1f9f786-3aca-4db5-9655-c82d0c9cde07",CN=Servers,CN=Default-First-Site-Name, CN=Sites,CN=Configuration,DC=example,DC=org is the Schema Owner, but is dele ted. ......................... JAKARTA failed test KnowsOfRoleHolders Starting test: RidManager ......................... JAKARTA passed test RidManager Starting test: MachineAccount ......................... JAKARTA passed test MachineAccount Starting test: Services ......................... JAKARTA passed test Services Starting test: ObjectsReplicated ......................... JAKARTA passed test ObjectsReplicated Starting test: frssysvol ......................... JAKARTA passed test frssysvol Starting test: kccevent ......................... JAKARTA passed test kccevent Starting test: systemlog ......................... JAKARTA passed test systemlog Running enterprise tests on : example.org Starting test: Intersite ......................... example.org passed test Intersite Starting test: FsmoCheck ......................... example.org passed test FsmoCheck The solution was to seize the role of schema master from cordoba. F:I386>ntdsutil ntdsutil: roles fsmo maintenance: connections server connections: connect to server jakarta Binding to jakarta ... Connected to jakarta using credentials of locally logged on user server connections: q fsmo maintenance: seize schema master Attempting safe transfer of schema FSMO before seizure. ldap_modify_sW error 0x34(52 (Unavailable). Ldap extended error message is 000020AF: SvcErr: DSID-03210211, problem 5002 (UN AVAILABLE), data 8 Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.) ) Depending on the error code this may indicate a connection, ldap, or role transfer error. Transfer of schema FSMO failed, proceeding with seizure ... Server "jakarta" knows about 5 roles Schema - CN=NTDS Settings,CN=JAKARTA,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=example,DC=org Domain - CN=NTDS Settings,CN=JAKARTA,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=example,DC=org PDC - CN=NTDS Settings,CN=JAKARTA,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=example,DC=org RID - CN=NTDS Settings,CN=JAKARTA,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=example,DC=org Infrastructure - CN=NTDS Settings,CN=JAKARTA,CN=Servers,CN=Default-First-Site-Na me,CN=Sites,CN=Configuration,DC=example,DC=org fsmo maintenance: q ntdsutil: q Disconnecting from jakarta ... Adprep works fine after this: F:I386>adprep /forestPrep ADPREP WARNING: Before running adprep, all Windows 2000 domain controllers in the forest should be upgraded to Windows 2000 Service Pack 1 (SP1) with QFE 265089, or to Windows 2000 SP2 (or later). QFE 265089 (included in Windows 2000 SP2 and later) is required to prevent poten tial domain controller corruption. For more information about preparing your forest and domain see KB article Q3311 61 at http://support.microsoft.com. [User Action] If ALL your existing Windows 2000 domain controllers meet this requirement, type C and then press ENTER to continue. Otherwise, type any other key and press ENT ER to quit. C Opened Connection to JAKARTA SSPI Bind succeeded Current Schema Version is 13 Upgrading schema to version 30 Connecting to "JAKARTA" Logging in as current user using SSPI Importing directory from file "C:WINNTsystem32sch14.ldf" Loading entries................................................................. ............................................... 111 entries modified successfully. The command has completed successfully Connecting to "JAKARTA" Logging in as current user using SSPI Importing directory from file "C:WINNTsystem32sch15.ldf" Loading entries................................................................. .... 68 entries modified successfully. The command has completed successfully Connecting to "JAKARTA" Logging in as current user using SSPI Importing directory from file "C:WINNTsystem32sch16.ldf" Loading entries.................................. 33 entries modified successfully. The command has completed successfully Connecting to "JAKARTA" Logging in as current user using SSPI Importing directory from file "C:WINNTsystem32sch17.ldf" Loading entries...................... 21 entries modified successfully. The command has completed successfully Connecting to "JAKARTA" Logging in as current user using SSPI Importing directory from file "C:WINNTsystem32sch18.ldf" Loading entries................................. 32 entries modified successfully. The command has completed successfully Connecting to "JAKARTA" Logging in as current user using SSPI Importing directory from file "C:WINNTsystem32sch19.ldf" Loading entries............................ 27 entries modified successfully. The command has completed successfully Connecting to "JAKARTA" Logging in as current user using SSPI Importing directory from file "C:WINNTsystem32sch20.ldf" Loading entries.................... 19 entries modified successfully. The command has completed successfully Connecting to "JAKARTA" Logging in as current user using SSPI Importing directory from file "C:WINNTsystem32sch21.ldf" Loading entries.............. 13 entries modified successfully. The command has completed successfully Connecting to "JAKARTA" Logging in as current user using SSPI Importing directory from file "C:WINNTsystem32sch22.ldf" Loading entries........................................ 39 entries modified successfully. The command has completed successfully Connecting to "JAKARTA" Logging in as current user using SSPI Importing directory from file "C:WINNTsystem32sch23.ldf" Loading entries........... 10 entries modified successfully. The command has completed successfully Connecting to "JAKARTA" Logging in as current user using SSPI Importing directory from file "C:WINNTsystem32sch24.ldf" Loading entries................ 15 entries modified successfully. The command has completed successfully Connecting to "JAKARTA" Logging in as current user using SSPI Importing directory from file "C:WINNTsystem32sch25.ldf" Loading entries.............................................. 45 entries modified successfully. The command has completed successfully Connecting to "JAKARTA" Logging in as current user using SSPI Importing directory from file "C:WINNTsystem32sch26.ldf" Loading entries............................. 28 entries modified successfully. The command has completed successfully Connecting to "JAKARTA" Logging in as current user using SSPI Importing directory from file "C:WINNTsystem32sch27.ldf" Loading entries................................................................. .... 68 entries modified successfully. The command has completed successfully Connecting to "JAKARTA" Logging in as current user using SSPI Importing directory from file "C:WINNTsystem32sch28.ldf" Loading entries...... 5 entries modified successfully. The command has completed successfully Connecting to "JAKARTA" Logging in as current user using SSPI Importing directory from file "C:WINNTsystem32sch29.ldf" Loading entries....... 6 entries modified successfully. The command has completed successfully Connecting to "JAKARTA" Logging in as current user using SSPI Importing directory from file "C:WINNTsystem32sch30.ldf" Loading entries................ 15 entries modified successfully. The command has completed successfully ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................................................................ ............................................................................ ........................................... Adprep successfully updated the forest-wide information.