Re: Blank Forest Functional Level - Unable to fix
- From: akeiii <akeiii@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 17 May 2006 10:25:02 -0700
I still can not fix the FFL however I am closer to promoting the new server
to a domain controller. I promoted a Windows Server 2003 SP1 server to a
domain controller. I then transferred the three master roles (including
operations and infrastructure) to the new system and back. Now I could
promote the new server with Windows Server 2003x64 R2 to a domain controller
if I could run ADPREP. My CATCH22 is:
1.) ADPREP.EXE from CD2 of Windows Server 2003x64 R2 must be run to prep
the forest.
2.) ADPREP.EXE must be run on the operations master.
3.) The operations master is Windows Server 2003 SP1 (32 bit).
4.) The ADPREP.EXE from the Windows Server 2003x64 R2 will not run on the
current operations master!
I can not find a download for the version of ADPREP I need.
"akeiii" wrote:
AdMod V01.06.00cpp Joe Richards (...) June 2005.
Error 0xa (10) - Referral
Extended Error: 0000202B: RefErr: DSID-031006E0, data 0, 1 access points
ref 1: 'domain.com'
ERROR: Too many errors encountered, terminating...
The command did not complete successfully
"Joe Richards [MVP]" wrote:
That isn't the whole error that AD is sending back. Use the command that I
specified.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
akeiii wrote:
Prior to the PDC failure replication worked perfectly and both DCs showed
FFL2 and DFL2. It was only after the PDC failed and I had to force make the
other DC the operations master (PDC) that the FFL disappeared. The complete
LDP.EXE error was "Illegal modify operation. Some aspect of the modification
is not permitted." as was the error from ADSIEDIT.MSC.
"Joe Richards [MVP]" wrote:
I find it odd that you were at FFL2 and the other DCs didn't know it, if that
were the case, your forest wasn't replicating properly. It would be easier to
believe you actually weren't at FFL2.
Anyway, not being in FFL2 won't prevent you from adding an R2 DC. Your thoughts
that it interprets not set as mixed mode is true because not set IS mixed mode.
You need to do a forest prep to prepare the schema for R2 prior to adding an R2
Domain Controller. Up until this afternoon I had one R2 forest that was entirely
all R2 DCs in Windows 2000 mixed mode. It was a fresh forest I had just built
for testing purposes and was never at any point anything but R2.
Anyway, you could be running into something odd when raising the forest
functional level and even though it isn't required for R2, I will offer a
command line mechanism to do it that will kick out an error message that can be
used to work out the issue. LDP should have kicked out the error message as
well, I expect you just didn't post the entire error.
Anyway here is the command (all one line)
admod -b CN=Partitions,CN=Configuration,DC=domain,DC=com
msDS-Behavior-Version::2 -exterr
Run the command and post the ENTIRE error message.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
akeiii wrote:
Set Forest Functional Level Manually Fails
I have a domain which had 2 domain controllers, both Windows Server 2003
fully patched.
The domain functional level was Windows Server 2003.
The forest functional level was Windows Server 2003.
The PDC failed catastrophically.
I had to use FSMO to transfer all operations to the remaining domain
controller.
I acquired a new server with Windows Server 2003 R2. When I tried to
promote it to be a domain controller the promotion failed, incompatible
forest, because the new server interprets not set as mixed mode. Checking
the new PDC I discovered that the domain functional level is still Windows
Server 2003 however the forest functional level is blank. Ldp.exe and
Adsiedit.msc both show that the attribute msDS-Behavior-Version on the
CN=Partitions, CN=Configuration, DC=ForestRootDom, DC=tld object is NOT SET.
If I try to raise the forest functional level on the domain controller using
the MMC the console gets an error and closes. If I try to manually set the
forest functional level using either Ldp.exe or Adsiedit.msc I receive the
following error "Illegal modify operation. Some aspect of the modification is
not permitted.". The Microsoft troubleshooting document says "Click OK to
continue." however this does not work. The full Microsoft document follows.
"
View and Set Functional Levels Manually
LDAP tools such as Ldp.exe and Adsiedit.msc can be used to view and modify
the current domain and forest functional level settings. When you modify the
attributes manually,
it is best to target the FSMO authoritative for the increase as the change
is actually written to the authoritative FSMO then replicated.
Forest Level Setting
The attribute is msDS-Behavior-Version on the CN=Partitions,
CN=Configuration, DC=ForestRootDom, DC=tld object.
• Value of 0 or not set=mixed level forest
• Value of 1=Windows Server 2003 interim forest level
• Value of 2=Windows Server 2003 forest level
Note When you increase the msDS-Behavior-Version attribute from 0 to 1 with
ADSIEdit, you receive the following error message:
Illegal modify operation. Some aspect of the modification is not permitted.
Click OK to continue. The attribute on the partitions container and the
domain head are correctly increased. The error message is not reported by the
Ldp.exe file.
You can safely ignore the error message. To verify the level increase was
successful, refresh the attribute list and check the current setting.
This error message may also occur if you have already performed the level
increase on the authoritative FSMO, but has not replicated to the local
domain controller.
"
Suggestions?
- Follow-Ups:
- Re: Blank Forest Functional Level - Unable to fix
- From: akeiii
- Re: Blank Forest Functional Level - Unable to fix
- References:
- Re: Blank Forest Functional Level - Unable to fix
- From: Joe Richards [MVP]
- Re: Blank Forest Functional Level - Unable to fix
- From: akeiii
- Re: Blank Forest Functional Level - Unable to fix
- From: Joe Richards [MVP]
- Re: Blank Forest Functional Level - Unable to fix
- From: akeiii
- Re: Blank Forest Functional Level - Unable to fix
- Prev by Date: Event ID error 5784
- Next by Date: Re: Windows 2003 RC2 & DCPromo Issue (in an exclusively 2003 domain)
- Previous by thread: Re: Blank Forest Functional Level - Unable to fix
- Next by thread: Re: Blank Forest Functional Level - Unable to fix
- Index(es):
Relevant Pages
|
Loading
