Re: Blank Forest Functional Level - Unable to fix
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Tue, 16 May 2006 13:58:06 -0400
That isn't the whole error that AD is sending back. Use the command that I specified.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
akeiii wrote:
Prior to the PDC failure replication worked perfectly and both DCs showed FFL2 and DFL2. It was only after the PDC failed and I had to force make the other DC the operations master (PDC) that the FFL disappeared. The complete LDP.EXE error was "Illegal modify operation. Some aspect of the modification is not permitted." as was the error from ADSIEDIT.MSC..
"Joe Richards [MVP]" wrote:
I find it odd that you were at FFL2 and the other DCs didn't know it, if that were the case, your forest wasn't replicating properly. It would be easier to believe you actually weren't at FFL2.
Anyway, not being in FFL2 won't prevent you from adding an R2 DC. Your thoughts that it interprets not set as mixed mode is true because not set IS mixed mode. You need to do a forest prep to prepare the schema for R2 prior to adding an R2 Domain Controller. Up until this afternoon I had one R2 forest that was entirely all R2 DCs in Windows 2000 mixed mode. It was a fresh forest I had just built for testing purposes and was never at any point anything but R2.
Anyway, you could be running into something odd when raising the forest functional level and even though it isn't required for R2, I will offer a command line mechanism to do it that will kick out an error message that can be used to work out the issue. LDP should have kicked out the error message as well, I expect you just didn't post the entire error.
Anyway here is the command (all one line)
admod -b CN=Partitions,CN=Configuration,DC=domain,DC=com msDS-Behavior-Version::2 -exterr
Run the command and post the ENTIRE error message.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
akeiii wrote:Set Forest Functional Level Manually Fails
I have a domain which had 2 domain controllers, both Windows Server 2003 fully patched.
The domain functional level was Windows Server 2003.
The forest functional level was Windows Server 2003.
The PDC failed catastrophically.
I had to use FSMO to transfer all operations to the remaining domain controller.
I acquired a new server with Windows Server 2003 R2. When I tried to promote it to be a domain controller the promotion failed, incompatible forest, because the new server interprets not set as mixed mode. Checking the new PDC I discovered that the domain functional level is still Windows Server 2003 however the forest functional level is blank. Ldp.exe and Adsiedit.msc both show that the attribute msDS-Behavior-Version on the CN=Partitions, CN=Configuration, DC=ForestRootDom, DC=tld object is NOT SET. If I try to raise the forest functional level on the domain controller using the MMC the console gets an error and closes. If I try to manually set the forest functional level using either Ldp.exe or Adsiedit.msc I receive the following error "Illegal modify operation. Some aspect of the modification is not permitted.". The Microsoft troubleshooting document says "Click OK to continue." however this does not work. The full Microsoft document follows.
"
View and Set Functional Levels Manually
LDAP tools such as Ldp.exe and Adsiedit.msc can be used to view and modify the current domain and forest functional level settings. When you modify the attributes manually, it is best to target the FSMO authoritative for the increase as the change is actually written to the authoritative FSMO then replicated.
Forest Level Setting
The attribute is msDS-Behavior-Version on the CN=Partitions, CN=Configuration, DC=ForestRootDom, DC=tld object.
• Value of 0 or not set=mixed level forest
• Value of 1=Windows Server 2003 interim forest level
• Value of 2=Windows Server 2003 forest level
Note When you increase the msDS-Behavior-Version attribute from 0 to 1 with ADSIEdit, you receive the following error message: Illegal modify operation. Some aspect of the modification is not permitted.
Click OK to continue. The attribute on the partitions container and the domain head are correctly increased. The error message is not reported by the Ldp.exe file. You can safely ignore the error message. To verify the level increase was successful, refresh the attribute list and check the current setting. This error message may also occur if you have already performed the level increase on the authoritative FSMO, but has not replicated to the local domain controller.
"
Suggestions?
- Follow-Ups:
- Re: Blank Forest Functional Level - Unable to fix
- From: akeiii
- Re: Blank Forest Functional Level - Unable to fix
- References:
- Re: Blank Forest Functional Level - Unable to fix
- From: Joe Richards [MVP]
- Re: Blank Forest Functional Level - Unable to fix
- From: akeiii
- Re: Blank Forest Functional Level - Unable to fix
- Prev by Date: Re: User Passwords
- Next by Date: Re: AD policies
- Previous by thread: Re: Blank Forest Functional Level - Unable to fix
- Next by thread: Re: Blank Forest Functional Level - Unable to fix
- Index(es):
Relevant Pages
|
Loading
