RE: 2000 to 2003 domain controller upgrade
From: Joe Wu [MSFT] (joewu_at_online.microsoft.com)
Date: 02/16/04
- Next message: Howie: "Re: Event Viewer/Logs"
- Previous message: Eric Payne: "Re: migration"
- In reply to: anonymous_at_discussions.microsoft.com: "RE: 2000 to 2003 domain controller upgrade"
- Next in thread: Matt: "RE: 2000 to 2003 domain controller upgrade"
- Reply: Matt: "RE: 2000 to 2003 domain controller upgrade"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 16 Feb 2004 16:06:46 GMT
Hello Matt,
Thanks for your update.
Please use the Ntdsutil.exe tool to seize the Schema Master role to the new
server. The steps are a bit complicated. However, the following KB article
contains good explanation for these operations:
255504 Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain
Controller
http://support.microsoft.com/?id=255504
Then please allow some time for domain replication and try the adprep
commands again.
Thanks!
Regards,
Joe Wu
Product Support Services
Microsoft Corporation
Get Secure! - www.microsoft.com/security
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
|Content-Class: urn:content-classes:message
|From: <anonymous@discussions.microsoft.com>
|Sender: <anonymous@discussions.microsoft.com>
|References: <6d7d01c3e753$0a175930$a301280a@phx.gbl>
<ClWKYOW6DHA.3568@cpmsftngxa07.phx.gbl>
<8d6b01c3e9ca$15b98050$a501280a@phx.gbl>
<e1c401c3eff4$11d38780$a601280a@phx.gbl>
<4E7vK5A8DHA.1988@cpmsftngxa07.phx.gbl>
<e61501c3f02f$9691e9e0$a601280a@phx.gbl>
<bQxskDN8DHA.904@cpmsftngxa07.phx.gbl>
|Subject: RE: 2000 to 2003 domain controller upgrade
|Date: Fri, 13 Feb 2004 09:02:16 -0800
|Lines: 318
|Message-ID: <fc5d01c3f253$22351f60$a001280a@phx.gbl>
|MIME-Version: 1.0
|Content-Type: text/plain;
| charset="iso-8859-1"
|Content-Transfer-Encoding: 7bit
|X-Newsreader: Microsoft CDO for Windows 2000
|Thread-Index: AcPyUyI1JPxZ8o39Tz+W4XQjf5/8VA==
|X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
|Newsgroups: microsoft.public.windows.server.migration
|Path: cpmsftngxa07.phx.gbl
|Xref: cpmsftngxa07.phx.gbl microsoft.public.windows.server.migration:7809
|NNTP-Posting-Host: tk2msftngxa08.phx.gbl 10.40.1.160
|X-Tomcat-NG: microsoft.public.windows.server.migration
|
|Hi Joe -
|
|Thanks for the reply. I checked the article you sent and
|it was very helpful. Currently, the Schema/Domain Naming
|Master is listed as 'not online' and is a server that
|doesn't currently host active directory (and thus the role
|cannot be transferred). My hunch would be that the admin
|before me demoted it at some point and never transferred
|the roles. Would I need to go through the AD wizard, add
|this machine as a domain controller to the existing domain
|and then transfer the role (this is also a machine that I
|would prefer not to be a domain controller permanently and
|cannot be upgraded to 2003 at this point, this is why I'm
|going this route, rather than just keeping it a DC if you
|tell me that's what I should do)? Thanks!
|
|Matt
|>-----Original Message-----
|>Hello Matt,
|>
|>Thank you for your reply. I apologize for missing your
|reply.
|>
|>The ADPREP /FORESTPREP must be executed on the Schema
|Master.
|>
|>Please check the following KB article to check if the the
|current DC is the
|>Schema Master.
|>
|>255690 HOW TO: View and Transfer FSMO Roles in the
|Graphical User Interface
|>http://support.microsoft.com/?id=255690
|>
|>Also, to run /FORESTPREP, the user must be a member of
|the Schema Admins,
|>Domain Admins, and Enterprise Admins groups.
|>
|>Please then theck if the problem still persists. If so,
|please send the
|>latest adprep.log as well as a screen shot of the error
|to me at
|>joewu@microsoft.com.
|>
|>Thanks!
|>
|>Regards,
|>Joe Wu
|>Product Support Services
|>Microsoft Corporation
|>
|>Get Secure! - www.microsoft.com/security
|>
|>====================================================
|>When responding to posts, please "Reply to Group" via
|your newsreader so
|>that others may learn and benefit from your issue.
|>====================================================
|>This posting is provided "AS IS" with no warranties, and
|confers no rights.
|>
|>--------------------
|>|Content-Class: urn:content-classes:message
|>|From: "Matt" <anonymous@discussions.microsoft.com>
|>|Sender: "Matt" <anonymous@discussions.microsoft.com>
|>|References: <6d7d01c3e753$0a175930$a301280a@phx.gbl>
|><ClWKYOW6DHA.3568@cpmsftngxa07.phx.gbl>
|><8d6b01c3e9ca$15b98050$a501280a@phx.gbl>
|><e1c401c3eff4$11d38780$a601280a@phx.gbl>
|><4E7vK5A8DHA.1988@cpmsftngxa07.phx.gbl>
|>|Subject: RE: 2000 to 2003 domain controller upgrade
|>|Date: Tue, 10 Feb 2004 15:42:47 -0800
|>|Lines: 206
|>|Message-ID: <e61501c3f02f$9691e9e0$a601280a@phx.gbl>
|>|MIME-Version: 1.0
|>|Content-Type: text/plain;
|>| charset="iso-8859-1"
|>|Content-Transfer-Encoding: 7bit
|>|X-Newsreader: Microsoft CDO for Windows 2000
|>|X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
|>|Thread-Index: AcPwL5aRhxRJao2WSv+mu/sQqsfMQw==
|>|Newsgroups: microsoft.public.windows.server.migration
|>|Path: cpmsftngxa07.phx.gbl
|>|Xref: cpmsftngxa07.phx.gbl
|microsoft.public.windows.server.migration:7707
|>|NNTP-Posting-Host: tk2msftngxa14.phx.gbl 10.40.1.166
|>|X-Tomcat-NG: microsoft.public.windows.server.migration
|>|
|>|Hi Joe -
|>|
|>|I replied to your last one, but as I duplicated the one
|>|before, you may not have seen it, sorry!
|>|Thanks again for your help...The FSMO roles that the
|>|current DC hosts are: Infrastructure Master, RID Master,
|>|and PDC Emulator. I dont't have Schema Master listed,
|nor
|>|do I have Domain Naming Master listed.
|>|At first I thought it might be a Schema problem (since
|>|there were possibly more organizational levels listed in
|>|the schema than I had, and attmpted to run the Schema
|tool
|>|from the Windows 2000 resource kit, to no avail. I
|can't
|>|seem to post my log file here (no option to do so), so
|>|I'll use the reply (e-mail) option after I post this and
|>|see if that helps. Thanks again,
|>|
|>|Matt
|>|
|>|>-----Original Message-----
|>|>Hello Matt,
|>|>
|>|>Thank you for your reply.
|>|>
|>|>I am afraid that you may not see my last post. I
|reviewed
|>|it again and
|>|>found a typo. I corrected the steps and attached it
|below:
|>|>
|>|>=========================
|>|>
|>|>Please let me know the following inforamtion for
|further
|>|analysis:
|>|>
|>|>1. What FSMO roles does the current DC host?
|>|>
|>|>2. Please post the latest adprep.log file in the
|>|>%windir%\system32\debug\adprep directory.
|>|>
|>|>Thank you for your time and cooperation. If you have
|any
|>|questions or
|>|>concerns, don't hesitate to let me know. I am standing
|by
|>|to help you.
|>|>
|>|>=========================
|>|>
|>|>Also, if there is anything else I can do to help,
|please
|>|do not hesitate to
|>|>let me know.
|>|>
|>|>Thanks and have a nice day!
|>|>
|>|>Regards,
|>|>Joe Wu
|>|>Product Support Services
|>|>Microsoft Corporation
|>|>
|>|>Get Secure! - www.microsoft.com/security
|>|>
|>|>====================================================
|>|>When responding to posts, please "Reply to Group" via
|>|your newsreader so
|>|>that others may learn and benefit from your issue.
|>|>====================================================
|>|>This posting is provided "AS IS" with no warranties,
|and
|>|confers no rights.
|>|>
|>|>--------------------
|>|>|Content-Class: urn:content-classes:message
|>|>|From: "Matt" <anonymous@discussions.microsoft.com>
|>|>|Sender: "Matt" <anonymous@discussions.microsoft.com>
|>|>|References: <6d7d01c3e753$0a175930$a301280a@phx.gbl>
|>|><ClWKYOW6DHA.3568@cpmsftngxa07.phx.gbl>
|>|><8d6b01c3e9ca$15b98050$a501280a@phx.gbl>
|>|>|Subject: RE: 2000 to 2003 domain controller upgrade
|>|>|Date: Tue, 10 Feb 2004 08:36:44 -0800
|>|>|Lines: 106
|>|>|Message-ID: <e1c401c3eff4$11d38780$a601280a@phx.gbl>
|>|>|MIME-Version: 1.0
|>|>|Content-Type: text/plain;
|>|>| charset="iso-8859-1"
|>|>|Content-Transfer-Encoding: 7bit
|>|>|X-Newsreader: Microsoft CDO for Windows 2000
|>|>|X-MIMEOLE: Produced By Microsoft MimeOLE
|V5.50.4910.0300
|>|>|Thread-Index: AcPv9BHTdqaA1VSqQMyNoxK1gPAxVQ==
|>|>|Newsgroups: microsoft.public.windows.server.migration
|>|>|Path: cpmsftngxa07.phx.gbl
|>|>|Xref: cpmsftngxa07.phx.gbl
|>|microsoft.public.windows.server.migration:7687
|>|>|NNTP-Posting-Host: tk2msftngxa14.phx.gbl 10.40.1.166
|>|>|X-Tomcat-NG: microsoft.public.windows.server.migration
|>|>|
|>|>|Joe, you there?!
|>|>|
|>|>|>-----Original Message-----
|>|>|>
|>|>|>>-----Original Message-----
|>|>|>>Hello Matt,
|>|>|>>
|>|>|>>Thank you for your post.
|>|>|>>
|>|>|>>The problem could occur if the current user account
|>|does
|>|>|>not have "Manage
|>|>|>>auditing and security logs"
|>|>|>>user right on the domain controllers.
|>|>|>>
|>|>|>>Please use the following method to resolve it:
|>|>|>>
|>|>|>>1. On the domain controller, open the "Domain
|>|Controller
|>|>|>Security Policy"
|>|>|>>snap-in in the Adminstrative Tools folder.
|>|>|>>
|>|>|>>2. Browse to "Windows Settings\Security
|Settings\Local
|>|>|>Policies\User Rights
|>|>|>>Assignment".
|>|>|>>
|>|>|>>3. On the right pane, please double-click "Manage
|>|>|>auditing and security
|>|>|>>logs" and add the Administrators group or the
|current
|>|>|>account directly.
|>|>|>>
|>|>|>>Please let me know if this helps.
|>|>|>>
|>|>|>>Thanks!
|>|>|>>
|>|>|>>Regards,
|>|>|>>Joe Wu
|>|>|>>Product Support Services
|>|>|>>Microsoft Corporation
|>|>|>>
|>|>|>>Get Secure! - www.microsoft.com/security
|>|>|>>
|>|>|>>====================================================
|>|>|>>When responding to posts, please "Reply to Group"
|via
|>|>|>your newsreader so
|>|>|>>that others may learn and benefit from your issue.
|>|>|>>====================================================
|>|>|>>This posting is provided "AS IS" with no warranties,
|>|and
|>|>|>confers no rights.
|>|>|>>
|>|>|>>--------------------
|>|>|>>|Content-Class: urn:content-classes:message
|>|>|>>|From: "Matt" <anonymous@discussions.microsoft.com>
|>|>|>>|Sender: "Matt" <anonymous@discussions.microsoft.com>
|>|>|>>|Subject: 2000 to 2003 domain controller upgrade
|>|>|>>|Date: Fri, 30 Jan 2004 09:03:53 -0800
|>|>|>>|Lines: 14
|>|>|>>|Message-ID: <6d7d01c3e753$0a175930$a301280a@phx.gbl>
|>|>|>>|MIME-Version: 1.0
|>|>|>>|Content-Type: text/plain;
|>|>|>>| charset="iso-8859-1"
|>|>|>>|Content-Transfer-Encoding: 7bit
|>|>|>>|X-Newsreader: Microsoft CDO for Windows 2000
|>|>|>>|X-MimeOLE: Produced By Microsoft MimeOLE
|>|V5.50.4910.0300
|>|>|>>|Thread-Index: AcPnUwoX/+G616R2Q5aMIdL+hoSN2Q==
|>|>|>>|Newsgroups:
|microsoft.public.windows.server.migration
|>|>|>>|Path: cpmsftngxa07.phx.gbl
|>|>|>>|Xref: cpmsftngxa07.phx.gbl
|>|>|>microsoft.public.windows.server.migration:7422
|>|>|>>|NNTP-Posting-Host: tk2msftngxa11.phx.gbl 10.40.1.163
|>|>|>>|X-Tomcat-NG:
|microsoft.public.windows.server.migration
|>|>|>>|
|>|>|>>|I cannot get adprep /forestprep or /domainprep to
|run
|>|>|>when
|>|>|>>|upgrading my domain controller. I get an error
|that
|>|>|>>|starts with:
|>|>|>>|Adprep was unable to check the forest update
|>|>|>status...and
|>|>|>>|at the end it states:
|>|>|>>|Adprep encountered a Win32 error
|>|>|>>|Error code: 0x57 Error message: The parameter is
|>|>|>>|incorrect...
|>|>|>>|Setup of course, will not let you proceed with the
|>|>|>upgrade
|>|>|>>|until Adprep has been run successfully.
|>|>|>>|I've followed steps in several KB articles to no
|>|avail.
|>|>|>>|If anyone has a suggestion or two, I would greatly
|>|>|>>|appreciate it. Have a nice day,
|>|>|>>|Matt
|>|>|>>|
|>|>|>>
|>|>|>>.
|>|>|>>Hi Joe -
|>|>|>
|>|>|>Thank you so much for your reply. Unfortunately, the
|>|>|>Administrators group is already listed for "Manage
|>|>|>auditing and security logs"...just for kicks, I added
|>|>|>domain\Administrator account as well, also to no
|avail
|>|>|>(same error message). Any other suggestions would be
|>|>|>greatly appreciated. Thank you and have a nice day.
|>|>|>
|>|>|>Matt
|>|>|>
|>|>|>P.S. sorry if this was posted more than once, I wrote
|>|my
|>|>|>original reply over an hour ago and it hasn't shown
|up
|>|>|>yet...thanks!
|>|>|>.
|>|>|>
|>|>|
|>|>
|>|>.
|>|>
|>|
|>
|>.
|>
|
- Next message: Howie: "Re: Event Viewer/Logs"
- Previous message: Eric Payne: "Re: migration"
- In reply to: anonymous_at_discussions.microsoft.com: "RE: 2000 to 2003 domain controller upgrade"
- Next in thread: Matt: "RE: 2000 to 2003 domain controller upgrade"
- Reply: Matt: "RE: 2000 to 2003 domain controller upgrade"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
