RE: 2000 to 2003 domain controller upgrade
From: Joe Wu [MSFT] (joewu_at_online.microsoft.com)
Date: 02/20/04
- Next message: Robby McGehee: "Re: NT4 PDC (old hardware) to Server 2003 AD - best migration path"
- Previous message: Steven Liu: "Re: SID History Issues.... 2003 AD & NT4.0"
- In reply to: Matt: "RE: 2000 to 2003 domain controller upgrade"
- Next in thread: Matt: "RE: 2000 to 2003 domain controller upgrade"
- Reply: Matt: "RE: 2000 to 2003 domain controller upgrade"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 20 Feb 2004 04:32:07 GMT
Hello Matt,
Thank you for your reply.
Please let me know the following:
1. Where did you run the Ntdsutil tool to seize the FSMO roles? Is it a
domain controller?
2. What is the notes.usrenal.com machine? Is it the previous Schema master
that on long exists?
3. How many domain controllers are there in your domain? Can you run the
command on another DC to check if it works?
Thanks!
Regards,
Joe Wu
Product Support Services
Microsoft Corporation
Get Secure! - www.microsoft.com/security
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
|Content-Class: urn:content-classes:message
|From: "Matt" <anonymous@discussions.microsoft.com>
|Sender: "Matt" <anonymous@discussions.microsoft.com>
|References: <6d7d01c3e753$0a175930$a301280a@phx.gbl>
<ClWKYOW6DHA.3568@cpmsftngxa07.phx.gbl>
<8d6b01c3e9ca$15b98050$a501280a@phx.gbl>
<e1c401c3eff4$11d38780$a601280a@phx.gbl>
<4E7vK5A8DHA.1988@cpmsftngxa07.phx.gbl>
<e61501c3f02f$9691e9e0$a601280a@phx.gbl>
<bQxskDN8DHA.904@cpmsftngxa07.phx.gbl>
<fc5d01c3f253$22351f60$a001280a@phx.gbl>
<YqAG7bK9DHA.3860@cpmsftngxa07.phx.gbl>
|Subject: RE: 2000 to 2003 domain controller upgrade
|Date: Mon, 16 Feb 2004 13:56:41 -0800
|Lines: 437
|Message-ID: <1129801c3f4d7$c29fbba0$a001280a@phx.gbl>
|MIME-Version: 1.0
|Content-Type: text/plain;
| charset="iso-8859-1"
|Content-Transfer-Encoding: 7bit
|X-Newsreader: Microsoft CDO for Windows 2000
|Thread-Index: AcP018KfPHJonG3hTDiWzcv/xgPjBQ==
|X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
|Newsgroups: microsoft.public.windows.server.migration
|Path: cpmsftngxa07.phx.gbl
|Xref: cpmsftngxa07.phx.gbl microsoft.public.windows.server.migration:7866
|NNTP-Posting-Host: tk2msftngxa08.phx.gbl 10.40.1.160
|X-Tomcat-NG: microsoft.public.windows.server.migration
|
|Hi Joe -
|
|Many thanks for your follow up. When using the Ntdsutil
|to seize the Schema Master role, I get an error when
|attempting to connect to the server in question. I get:
|
|server connections: connect to server notes.usrenal.com
|Binding to notes.usrenal.com ...
|DsBindW error 0x6d9(There are no more endpoints available
|from the endpoint mapper.)
|
|I can connect to the other domain controller in the
|domain. Thanks!
|
|Matt
|
|>-----Original Message-----
|>Hello Matt,
|>
|>Thanks for your update.
|>
|>Please use the Ntdsutil.exe tool to seize the Schema
|Master role to the new
|>server. The steps are a bit complicated. However, the
|following KB article
|>contains good explanation for these operations:
|>
|>255504 Using Ntdsutil.exe to Seize or Transfer FSMO Roles
|to a Domain
|>Controller
|>http://support.microsoft.com/?id=255504
|>
|>Then please allow some time for domain replication and
|try the adprep
|>commands again.
|>
|>Thanks!
|>
|>Regards,
|>Joe Wu
|>Product Support Services
|>Microsoft Corporation
|>
|>Get Secure! - www.microsoft.com/security
|>
|>====================================================
|>When responding to posts, please "Reply to Group" via
|your newsreader so
|>that others may learn and benefit from your issue.
|>====================================================
|>This posting is provided "AS IS" with no warranties, and
|confers no rights.
|>
|>--------------------
|>|Content-Class: urn:content-classes:message
|>|From: <anonymous@discussions.microsoft.com>
|>|Sender: <anonymous@discussions.microsoft.com>
|>|References: <6d7d01c3e753$0a175930$a301280a@phx.gbl>
|><ClWKYOW6DHA.3568@cpmsftngxa07.phx.gbl>
|><8d6b01c3e9ca$15b98050$a501280a@phx.gbl>
|><e1c401c3eff4$11d38780$a601280a@phx.gbl>
|><4E7vK5A8DHA.1988@cpmsftngxa07.phx.gbl>
|><e61501c3f02f$9691e9e0$a601280a@phx.gbl>
|><bQxskDN8DHA.904@cpmsftngxa07.phx.gbl>
|>|Subject: RE: 2000 to 2003 domain controller upgrade
|>|Date: Fri, 13 Feb 2004 09:02:16 -0800
|>|Lines: 318
|>|Message-ID: <fc5d01c3f253$22351f60$a001280a@phx.gbl>
|>|MIME-Version: 1.0
|>|Content-Type: text/plain;
|>| charset="iso-8859-1"
|>|Content-Transfer-Encoding: 7bit
|>|X-Newsreader: Microsoft CDO for Windows 2000
|>|Thread-Index: AcPyUyI1JPxZ8o39Tz+W4XQjf5/8VA==
|>|X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
|>|Newsgroups: microsoft.public.windows.server.migration
|>|Path: cpmsftngxa07.phx.gbl
|>|Xref: cpmsftngxa07.phx.gbl
|microsoft.public.windows.server.migration:7809
|>|NNTP-Posting-Host: tk2msftngxa08.phx.gbl 10.40.1.160
|>|X-Tomcat-NG: microsoft.public.windows.server.migration
|>|
|>|Hi Joe -
|>|
|>|Thanks for the reply. I checked the article you sent
|and
|>|it was very helpful. Currently, the Schema/Domain
|Naming
|>|Master is listed as 'not online' and is a server that
|>|doesn't currently host active directory (and thus the
|role
|>|cannot be transferred). My hunch would be that the
|admin
|>|before me demoted it at some point and never transferred
|>|the roles. Would I need to go through the AD wizard,
|add
|>|this machine as a domain controller to the existing
|domain
|>|and then transfer the role (this is also a machine that
|I
|>|would prefer not to be a domain controller permanently
|and
|>|cannot be upgraded to 2003 at this point, this is why
|I'm
|>|going this route, rather than just keeping it a DC if
|you
|>|tell me that's what I should do)? Thanks!
|>|
|>|Matt
|>|>-----Original Message-----
|>|>Hello Matt,
|>|>
|>|>Thank you for your reply. I apologize for missing your
|>|reply.
|>|>
|>|>The ADPREP /FORESTPREP must be executed on the Schema
|>|Master.
|>|>
|>|>Please check the following KB article to check if the
|the
|>|current DC is the
|>|>Schema Master.
|>|>
|>|>255690 HOW TO: View and Transfer FSMO Roles in the
|>|Graphical User Interface
|>|>http://support.microsoft.com/?id=255690
|>|>
|>|>Also, to run /FORESTPREP, the user must be a member of
|>|the Schema Admins,
|>|>Domain Admins, and Enterprise Admins groups.
|>|>
|>|>Please then theck if the problem still persists. If so,
|>|please send the
|>|>latest adprep.log as well as a screen shot of the error
|>|to me at
|>|>joewu@microsoft.com.
|>|>
|>|>Thanks!
|>|>
|>|>Regards,
|>|>Joe Wu
|>|>Product Support Services
|>|>Microsoft Corporation
|>|>
|>|>Get Secure! - www.microsoft.com/security
|>|>
|>|>====================================================
|>|>When responding to posts, please "Reply to Group" via
|>|your newsreader so
|>|>that others may learn and benefit from your issue.
|>|>====================================================
|>|>This posting is provided "AS IS" with no warranties,
|and
|>|confers no rights.
|>|>
|>|>--------------------
|>|>|Content-Class: urn:content-classes:message
|>|>|From: "Matt" <anonymous@discussions.microsoft.com>
|>|>|Sender: "Matt" <anonymous@discussions.microsoft.com>
|>|>|References: <6d7d01c3e753$0a175930$a301280a@phx.gbl>
|>|><ClWKYOW6DHA.3568@cpmsftngxa07.phx.gbl>
|>|><8d6b01c3e9ca$15b98050$a501280a@phx.gbl>
|>|><e1c401c3eff4$11d38780$a601280a@phx.gbl>
|>|><4E7vK5A8DHA.1988@cpmsftngxa07.phx.gbl>
|>|>|Subject: RE: 2000 to 2003 domain controller upgrade
|>|>|Date: Tue, 10 Feb 2004 15:42:47 -0800
|>|>|Lines: 206
|>|>|Message-ID: <e61501c3f02f$9691e9e0$a601280a@phx.gbl>
|>|>|MIME-Version: 1.0
|>|>|Content-Type: text/plain;
|>|>| charset="iso-8859-1"
|>|>|Content-Transfer-Encoding: 7bit
|>|>|X-Newsreader: Microsoft CDO for Windows 2000
|>|>|X-MIMEOLE: Produced By Microsoft MimeOLE
|V5.50.4910.0300
|>|>|Thread-Index: AcPwL5aRhxRJao2WSv+mu/sQqsfMQw==
|>|>|Newsgroups: microsoft.public.windows.server.migration
|>|>|Path: cpmsftngxa07.phx.gbl
|>|>|Xref: cpmsftngxa07.phx.gbl
|>|microsoft.public.windows.server.migration:7707
|>|>|NNTP-Posting-Host: tk2msftngxa14.phx.gbl 10.40.1.166
|>|>|X-Tomcat-NG: microsoft.public.windows.server.migration
|>|>|
|>|>|Hi Joe -
|>|>|
|>|>|I replied to your last one, but as I duplicated the
|one
|>|>|before, you may not have seen it, sorry!
|>|>|Thanks again for your help...The FSMO roles that the
|>|>|current DC hosts are: Infrastructure Master, RID
|Master,
|>|>|and PDC Emulator. I dont't have Schema Master listed,
|>|nor
|>|>|do I have Domain Naming Master listed.
|>|>|At first I thought it might be a Schema problem (since
|>|>|there were possibly more organizational levels listed
|in
|>|>|the schema than I had, and attmpted to run the Schema
|>|tool
|>|>|from the Windows 2000 resource kit, to no avail. I
|>|can't
|>|>|seem to post my log file here (no option to do so), so
|>|>|I'll use the reply (e-mail) option after I post this
|and
|>|>|see if that helps. Thanks again,
|>|>|
|>|>|Matt
|>|>|
|>|>|>-----Original Message-----
|>|>|>Hello Matt,
|>|>|>
|>|>|>Thank you for your reply.
|>|>|>
|>|>|>I am afraid that you may not see my last post. I
|>|reviewed
|>|>|it again and
|>|>|>found a typo. I corrected the steps and attached it
|>|below:
|>|>|>
|>|>|>=========================
|>|>|>
|>|>|>Please let me know the following inforamtion for
|>|further
|>|>|analysis:
|>|>|>
|>|>|>1. What FSMO roles does the current DC host?
|>|>|>
|>|>|>2. Please post the latest adprep.log file in the
|>|>|>%windir%\system32\debug\adprep directory.
|>|>|>
|>|>|>Thank you for your time and cooperation. If you have
|>|any
|>|>|questions or
|>|>|>concerns, don't hesitate to let me know. I am
|standing
|>|by
|>|>|to help you.
|>|>|>
|>|>|>=========================
|>|>|>
|>|>|>Also, if there is anything else I can do to help,
|>|please
|>|>|do not hesitate to
|>|>|>let me know.
|>|>|>
|>|>|>Thanks and have a nice day!
|>|>|>
|>|>|>Regards,
|>|>|>Joe Wu
|>|>|>Product Support Services
|>|>|>Microsoft Corporation
|>|>|>
|>|>|>Get Secure! - www.microsoft.com/security
|>|>|>
|>|>|>====================================================
|>|>|>When responding to posts, please "Reply to Group" via
|>|>|your newsreader so
|>|>|>that others may learn and benefit from your issue.
|>|>|>====================================================
|>|>|>This posting is provided "AS IS" with no warranties,
|>|and
|>|>|confers no rights.
|>|>|>
|>|>|>--------------------
|>|>|>|Content-Class: urn:content-classes:message
|>|>|>|From: "Matt" <anonymous@discussions.microsoft.com>
|>|>|>|Sender: "Matt" <anonymous@discussions.microsoft.com>
|>|>|>|References: <6d7d01c3e753$0a175930$a301280a@phx.gbl>
|>|>|><ClWKYOW6DHA.3568@cpmsftngxa07.phx.gbl>
|>|>|><8d6b01c3e9ca$15b98050$a501280a@phx.gbl>
|>|>|>|Subject: RE: 2000 to 2003 domain controller upgrade
|>|>|>|Date: Tue, 10 Feb 2004 08:36:44 -0800
|>|>|>|Lines: 106
|>|>|>|Message-ID: <e1c401c3eff4$11d38780$a601280a@phx.gbl>
|>|>|>|MIME-Version: 1.0
|>|>|>|Content-Type: text/plain;
|>|>|>| charset="iso-8859-1"
|>|>|>|Content-Transfer-Encoding: 7bit
|>|>|>|X-Newsreader: Microsoft CDO for Windows 2000
|>|>|>|X-MIMEOLE: Produced By Microsoft MimeOLE
|>|V5.50.4910.0300
|>|>|>|Thread-Index: AcPv9BHTdqaA1VSqQMyNoxK1gPAxVQ==
|>|>|>|Newsgroups: microsoft.public.windows.server.migration
|>|>|>|Path: cpmsftngxa07.phx.gbl
|>|>|>|Xref: cpmsftngxa07.phx.gbl
|>|>|microsoft.public.windows.server.migration:7687
|>|>|>|NNTP-Posting-Host: tk2msftngxa14.phx.gbl 10.40.1.166
|>|>|>|X-Tomcat-NG:
|microsoft.public.windows.server.migration
|>|>|>|
|>|>|>|Joe, you there?!
|>|>|>|
|>|>|>|>-----Original Message-----
|>|>|>|>
|>|>|>|>>-----Original Message-----
|>|>|>|>>Hello Matt,
|>|>|>|>>
|>|>|>|>>Thank you for your post.
|>|>|>|>>
|>|>|>|>>The problem could occur if the current user
|account
|>|>|does
|>|>|>|>not have "Manage
|>|>|>|>>auditing and security logs"
|>|>|>|>>user right on the domain controllers.
|>|>|>|>>
|>|>|>|>>Please use the following method to resolve it:
|>|>|>|>>
|>|>|>|>>1. On the domain controller, open the "Domain
|>|>|Controller
|>|>|>|>Security Policy"
|>|>|>|>>snap-in in the Adminstrative Tools folder.
|>|>|>|>>
|>|>|>|>>2. Browse to "Windows Settings\Security
|>|Settings\Local
|>|>|>|>Policies\User Rights
|>|>|>|>>Assignment".
|>|>|>|>>
|>|>|>|>>3. On the right pane, please double-click "Manage
|>|>|>|>auditing and security
|>|>|>|>>logs" and add the Administrators group or the
|>|current
|>|>|>|>account directly.
|>|>|>|>>
|>|>|>|>>Please let me know if this helps.
|>|>|>|>>
|>|>|>|>>Thanks!
|>|>|>|>>
|>|>|>|>>Regards,
|>|>|>|>>Joe Wu
|>|>|>|>>Product Support Services
|>|>|>|>>Microsoft Corporation
|>|>|>|>>
|>|>|>|>>Get Secure! - www.microsoft.com/security
|>|>|>|>>
|>|>|>|>>===================================================
|=
|>|>|>|>>When responding to posts, please "Reply to Group"
|>|via
|>|>|>|>your newsreader so
|>|>|>|>>that others may learn and benefit from your issue.
|>|>|>|>>===================================================
|=
|>|>|>|>>This posting is provided "AS IS" with no
|warranties,
|>|>|and
|>|>|>|>confers no rights.
|>|>|>|>>
|>|>|>|>>--------------------
|>|>|>|>>|Content-Class: urn:content-classes:message
|>|>|>|>>|From: "Matt" <anonymous@discussions.microsoft.com>
|>|>|>|>>|Sender: "Matt"
|<anonymous@discussions.microsoft.com>
|>|>|>|>>|Subject: 2000 to 2003 domain controller upgrade
|>|>|>|>>|Date: Fri, 30 Jan 2004 09:03:53 -0800
|>|>|>|>>|Lines: 14
|>|>|>|>>|Message-ID: <6d7d01c3e753$0a175930
|$a301280a@phx.gbl>
|>|>|>|>>|MIME-Version: 1.0
|>|>|>|>>|Content-Type: text/plain;
|>|>|>|>>| charset="iso-8859-1"
|>|>|>|>>|Content-Transfer-Encoding: 7bit
|>|>|>|>>|X-Newsreader: Microsoft CDO for Windows 2000
|>|>|>|>>|X-MimeOLE: Produced By Microsoft MimeOLE
|>|>|V5.50.4910.0300
|>|>|>|>>|Thread-Index: AcPnUwoX/+G616R2Q5aMIdL+hoSN2Q==
|>|>|>|>>|Newsgroups:
|>|microsoft.public.windows.server.migration
|>|>|>|>>|Path: cpmsftngxa07.phx.gbl
|>|>|>|>>|Xref: cpmsftngxa07.phx.gbl
|>|>|>|>microsoft.public.windows.server.migration:7422
|>|>|>|>>|NNTP-Posting-Host: tk2msftngxa11.phx.gbl
|10.40.1.163
|>|>|>|>>|X-Tomcat-NG:
|>|microsoft.public.windows.server.migration
|>|>|>|>>|
|>|>|>|>>|I cannot get adprep /forestprep or /domainprep to
|>|run
|>|>|>|>when
|>|>|>|>>|upgrading my domain controller. I get an error
|>|that
|>|>|>|>>|starts with:
|>|>|>|>>|Adprep was unable to check the forest update
|>|>|>|>status...and
|>|>|>|>>|at the end it states:
|>|>|>|>>|Adprep encountered a Win32 error
|>|>|>|>>|Error code: 0x57 Error message: The parameter is
|>|>|>|>>|incorrect...
|>|>|>|>>|Setup of course, will not let you proceed with
|the
|>|>|>|>upgrade
|>|>|>|>>|until Adprep has been run successfully.
|>|>|>|>>|I've followed steps in several KB articles to no
|>|>|avail.
|>|>|>|>>|If anyone has a suggestion or two, I would
|greatly
|>|>|>|>>|appreciate it. Have a nice day,
|>|>|>|>>|Matt
|>|>|>|>>|
|>|>|>|>>
|>|>|>|>>.
|>|>|>|>>Hi Joe -
|>|>|>|>
|>|>|>|>Thank you so much for your reply. Unfortunately,
|the
|>|>|>|>Administrators group is already listed for "Manage
|>|>|>|>auditing and security logs"...just for kicks, I
|added
|>|>|>|>domain\Administrator account as well, also to no
|>|avail
|>|>|>|>(same error message). Any other suggestions would
|be
|>|>|>|>greatly appreciated. Thank you and have a nice
|day.
|>|>|>|>
|>|>|>|>Matt
|>|>|>|>
|>|>|>|>P.S. sorry if this was posted more than once, I
|wrote
|>|>|my
|>|>|>|>original reply over an hour ago and it hasn't shown
|>|up
|>|>|>|>yet...thanks!
|>|>|>|>.
|>|>|>|>
|>|>|>|
|>|>|>
|>|>|>.
|>|>|>
|>|>|
|>|>
|>|>.
|>|>
|>|
|>
|>.
|>
|
- Next message: Robby McGehee: "Re: NT4 PDC (old hardware) to Server 2003 AD - best migration path"
- Previous message: Steven Liu: "Re: SID History Issues.... 2003 AD & NT4.0"
- In reply to: Matt: "RE: 2000 to 2003 domain controller upgrade"
- Next in thread: Matt: "RE: 2000 to 2003 domain controller upgrade"
- Reply: Matt: "RE: 2000 to 2003 domain controller upgrade"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
