RE: 2000 to 2003 domain controller upgrade
From: Matt (anonymous_at_discussions.microsoft.com)
Date: 02/23/04
- Next message: Johan Arwidmark: "Re: DSADD user, computer, etc....."
- Previous message: Mike Aubert: "Re: Upgrading a NT 4.0 Domain Controller to 2003"
- In reply to: Joe Wu [MSFT]: "RE: 2000 to 2003 domain controller upgrade"
- Next in thread: Joe Wu [MSFT]: "RE: 2000 to 2003 domain controller upgrade"
- Reply: Joe Wu [MSFT]: "RE: 2000 to 2003 domain controller upgrade"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 23 Feb 2004 12:44:02 -0800
Hi Joe! Thanks for your response. My answers are in the
same order as your questions. Much appreciated,
1. I originally ran the tool from the domain controller to
which I would like the schema master role transferred.
2. notes.usrenal.com is the old schema master. It is
still in the environment, but is no longer a dc. I can
only conclude from this 'mess' that the old admin demoted
the dc and didn't transfer the roles prior to doing so.
3. There are currently 2 domain controllers. I have run
the tool from both and have encountered the same result.
Thanks again! Matt
>-----Original Message-----
>Hello Matt,
>
>Thank you for your reply.
>
>Please let me know the following:
>
>1. Where did you run the Ntdsutil tool to seize the FSMO
roles? Is it a
>domain controller?
>
>2. What is the notes.usrenal.com machine? Is it the
previous Schema master
>that on long exists?
>
>3. How many domain controllers are there in your domain?
Can you run the
>command on another DC to check if it works?
>
>Thanks!
>
>Regards,
>Joe Wu
>Product Support Services
>Microsoft Corporation
>
>Get Secure! - www.microsoft.com/security
>
>====================================================
>When responding to posts, please "Reply to Group" via
your newsreader so
>that others may learn and benefit from your issue.
>====================================================
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>--------------------
>|Content-Class: urn:content-classes:message
>|From: "Matt" <anonymous@discussions.microsoft.com>
>|Sender: "Matt" <anonymous@discussions.microsoft.com>
>|References: <6d7d01c3e753$0a175930$a301280a@phx.gbl>
><ClWKYOW6DHA.3568@cpmsftngxa07.phx.gbl>
><8d6b01c3e9ca$15b98050$a501280a@phx.gbl>
><e1c401c3eff4$11d38780$a601280a@phx.gbl>
><4E7vK5A8DHA.1988@cpmsftngxa07.phx.gbl>
><e61501c3f02f$9691e9e0$a601280a@phx.gbl>
><bQxskDN8DHA.904@cpmsftngxa07.phx.gbl>
><fc5d01c3f253$22351f60$a001280a@phx.gbl>
><YqAG7bK9DHA.3860@cpmsftngxa07.phx.gbl>
>|Subject: RE: 2000 to 2003 domain controller upgrade
>|Date: Mon, 16 Feb 2004 13:56:41 -0800
>|Lines: 437
>|Message-ID: <1129801c3f4d7$c29fbba0$a001280a@phx.gbl>
>|MIME-Version: 1.0
>|Content-Type: text/plain;
>| charset="iso-8859-1"
>|Content-Transfer-Encoding: 7bit
>|X-Newsreader: Microsoft CDO for Windows 2000
>|Thread-Index: AcP018KfPHJonG3hTDiWzcv/xgPjBQ==
>|X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>|Newsgroups: microsoft.public.windows.server.migration
>|Path: cpmsftngxa07.phx.gbl
>|Xref: cpmsftngxa07.phx.gbl
microsoft.public.windows.server.migration:7866
>|NNTP-Posting-Host: tk2msftngxa08.phx.gbl 10.40.1.160
>|X-Tomcat-NG: microsoft.public.windows.server.migration
>|
>|Hi Joe -
>|
>|Many thanks for your follow up. When using the Ntdsutil
>|to seize the Schema Master role, I get an error when
>|attempting to connect to the server in question. I get:
>|
>|server connections: connect to server notes.usrenal.com
>|Binding to notes.usrenal.com ...
>|DsBindW error 0x6d9(There are no more endpoints
available
>|from the endpoint mapper.)
>|
>|I can connect to the other domain controller in the
>|domain. Thanks!
>|
>|Matt
>|
>|>-----Original Message-----
>|>Hello Matt,
>|>
>|>Thanks for your update.
>|>
>|>Please use the Ntdsutil.exe tool to seize the Schema
>|Master role to the new
>|>server. The steps are a bit complicated. However, the
>|following KB article
>|>contains good explanation for these operations:
>|>
>|>255504 Using Ntdsutil.exe to Seize or Transfer FSMO
Roles
>|to a Domain
>|>Controller
>|>http://support.microsoft.com/?id=255504
>|>
>|>Then please allow some time for domain replication and
>|try the adprep
>|>commands again.
>|>
>|>Thanks!
>|>
>|>Regards,
>|>Joe Wu
>|>Product Support Services
>|>Microsoft Corporation
>|>
>|>Get Secure! - www.microsoft.com/security
>|>
>|>====================================================
>|>When responding to posts, please "Reply to Group" via
>|your newsreader so
>|>that others may learn and benefit from your issue.
>|>====================================================
>|>This posting is provided "AS IS" with no warranties,
and
>|confers no rights.
>|>
>|>--------------------
>|>|Content-Class: urn:content-classes:message
>|>|From: <anonymous@discussions.microsoft.com>
>|>|Sender: <anonymous@discussions.microsoft.com>
>|>|References: <6d7d01c3e753$0a175930$a301280a@phx.gbl>
>|><ClWKYOW6DHA.3568@cpmsftngxa07.phx.gbl>
>|><8d6b01c3e9ca$15b98050$a501280a@phx.gbl>
>|><e1c401c3eff4$11d38780$a601280a@phx.gbl>
>|><4E7vK5A8DHA.1988@cpmsftngxa07.phx.gbl>
>|><e61501c3f02f$9691e9e0$a601280a@phx.gbl>
>|><bQxskDN8DHA.904@cpmsftngxa07.phx.gbl>
>|>|Subject: RE: 2000 to 2003 domain controller upgrade
>|>|Date: Fri, 13 Feb 2004 09:02:16 -0800
>|>|Lines: 318
>|>|Message-ID: <fc5d01c3f253$22351f60$a001280a@phx.gbl>
>|>|MIME-Version: 1.0
>|>|Content-Type: text/plain;
>|>| charset="iso-8859-1"
>|>|Content-Transfer-Encoding: 7bit
>|>|X-Newsreader: Microsoft CDO for Windows 2000
>|>|Thread-Index: AcPyUyI1JPxZ8o39Tz+W4XQjf5/8VA==
>|>|X-MimeOLE: Produced By Microsoft MimeOLE
V5.50.4910.0300
>|>|Newsgroups: microsoft.public.windows.server.migration
>|>|Path: cpmsftngxa07.phx.gbl
>|>|Xref: cpmsftngxa07.phx.gbl
>|microsoft.public.windows.server.migration:7809
>|>|NNTP-Posting-Host: tk2msftngxa08.phx.gbl 10.40.1.160
>|>|X-Tomcat-NG: microsoft.public.windows.server.migration
>|>|
>|>|Hi Joe -
>|>|
>|>|Thanks for the reply. I checked the article you sent
>|and
>|>|it was very helpful. Currently, the Schema/Domain
>|Naming
>|>|Master is listed as 'not online' and is a server that
>|>|doesn't currently host active directory (and thus the
>|role
>|>|cannot be transferred). My hunch would be that the
>|admin
>|>|before me demoted it at some point and never
transferred
>|>|the roles. Would I need to go through the AD wizard,
>|add
>|>|this machine as a domain controller to the existing
>|domain
>|>|and then transfer the role (this is also a machine
that
>|I
>|>|would prefer not to be a domain controller permanently
>|and
>|>|cannot be upgraded to 2003 at this point, this is why
>|I'm
>|>|going this route, rather than just keeping it a DC if
>|you
>|>|tell me that's what I should do)? Thanks!
>|>|
>|>|Matt
>|>|>-----Original Message-----
>|>|>Hello Matt,
>|>|>
>|>|>Thank you for your reply. I apologize for missing
your
>|>|reply.
>|>|>
>|>|>The ADPREP /FORESTPREP must be executed on the Schema
>|>|Master.
>|>|>
>|>|>Please check the following KB article to check if the
>|the
>|>|current DC is the
>|>|>Schema Master.
>|>|>
>|>|>255690 HOW TO: View and Transfer FSMO Roles in the
>|>|Graphical User Interface
>|>|>http://support.microsoft.com/?id=255690
>|>|>
>|>|>Also, to run /FORESTPREP, the user must be a member
of
>|>|the Schema Admins,
>|>|>Domain Admins, and Enterprise Admins groups.
>|>|>
>|>|>Please then theck if the problem still persists. If
so,
>|>|please send the
>|>|>latest adprep.log as well as a screen shot of the
error
>|>|to me at
>|>|>joewu@microsoft.com.
>|>|>
>|>|>Thanks!
>|>|>
>|>|>Regards,
>|>|>Joe Wu
>|>|>Product Support Services
>|>|>Microsoft Corporation
>|>|>
>|>|>Get Secure! - www.microsoft.com/security
>|>|>
>|>|>====================================================
>|>|>When responding to posts, please "Reply to Group" via
>|>|your newsreader so
>|>|>that others may learn and benefit from your issue.
>|>|>====================================================
>|>|>This posting is provided "AS IS" with no warranties,
>|and
>|>|confers no rights.
>|>|>
>|>|>--------------------
>|>|>|Content-Class: urn:content-classes:message
>|>|>|From: "Matt" <anonymous@discussions.microsoft.com>
>|>|>|Sender: "Matt" <anonymous@discussions.microsoft.com>
>|>|>|References: <6d7d01c3e753$0a175930$a301280a@phx.gbl>
>|>|><ClWKYOW6DHA.3568@cpmsftngxa07.phx.gbl>
>|>|><8d6b01c3e9ca$15b98050$a501280a@phx.gbl>
>|>|><e1c401c3eff4$11d38780$a601280a@phx.gbl>
>|>|><4E7vK5A8DHA.1988@cpmsftngxa07.phx.gbl>
>|>|>|Subject: RE: 2000 to 2003 domain controller upgrade
>|>|>|Date: Tue, 10 Feb 2004 15:42:47 -0800
>|>|>|Lines: 206
>|>|>|Message-ID: <e61501c3f02f$9691e9e0$a601280a@phx.gbl>
>|>|>|MIME-Version: 1.0
>|>|>|Content-Type: text/plain;
>|>|>| charset="iso-8859-1"
>|>|>|Content-Transfer-Encoding: 7bit
>|>|>|X-Newsreader: Microsoft CDO for Windows 2000
>|>|>|X-MIMEOLE: Produced By Microsoft MimeOLE
>|V5.50.4910.0300
>|>|>|Thread-Index: AcPwL5aRhxRJao2WSv+mu/sQqsfMQw==
>|>|>|Newsgroups: microsoft.public.windows.server.migration
>|>|>|Path: cpmsftngxa07.phx.gbl
>|>|>|Xref: cpmsftngxa07.phx.gbl
>|>|microsoft.public.windows.server.migration:7707
>|>|>|NNTP-Posting-Host: tk2msftngxa14.phx.gbl 10.40.1.166
>|>|>|X-Tomcat-NG:
microsoft.public.windows.server.migration
>|>|>|
>|>|>|Hi Joe -
>|>|>|
>|>|>|I replied to your last one, but as I duplicated the
>|one
>|>|>|before, you may not have seen it, sorry!
>|>|>|Thanks again for your help...The FSMO roles that the
>|>|>|current DC hosts are: Infrastructure Master, RID
>|Master,
>|>|>|and PDC Emulator. I dont't have Schema Master
listed,
>|>|nor
>|>|>|do I have Domain Naming Master listed.
>|>|>|At first I thought it might be a Schema problem
(since
>|>|>|there were possibly more organizational levels
listed
>|in
>|>|>|the schema than I had, and attmpted to run the
Schema
>|>|tool
>|>|>|from the Windows 2000 resource kit, to no avail. I
>|>|can't
>|>|>|seem to post my log file here (no option to do so),
so
>|>|>|I'll use the reply (e-mail) option after I post this
>|and
>|>|>|see if that helps. Thanks again,
>|>|>|
>|>|>|Matt
>|>|>|
>|>|>|>-----Original Message-----
>|>|>|>Hello Matt,
>|>|>|>
>|>|>|>Thank you for your reply.
>|>|>|>
>|>|>|>I am afraid that you may not see my last post. I
>|>|reviewed
>|>|>|it again and
>|>|>|>found a typo. I corrected the steps and attached it
>|>|below:
>|>|>|>
>|>|>|>=========================
>|>|>|>
>|>|>|>Please let me know the following inforamtion for
>|>|further
>|>|>|analysis:
>|>|>|>
>|>|>|>1. What FSMO roles does the current DC host?
>|>|>|>
>|>|>|>2. Please post the latest adprep.log file in the
>|>|>|>%windir%\system32\debug\adprep directory.
>|>|>|>
>|>|>|>Thank you for your time and cooperation. If you
have
>|>|any
>|>|>|questions or
>|>|>|>concerns, don't hesitate to let me know. I am
>|standing
>|>|by
>|>|>|to help you.
>|>|>|>
>|>|>|>=========================
>|>|>|>
>|>|>|>Also, if there is anything else I can do to help,
>|>|please
>|>|>|do not hesitate to
>|>|>|>let me know.
>|>|>|>
>|>|>|>Thanks and have a nice day!
>|>|>|>
>|>|>|>Regards,
>|>|>|>Joe Wu
>|>|>|>Product Support Services
>|>|>|>Microsoft Corporation
>|>|>|>
>|>|>|>Get Secure! - www.microsoft.com/security
>|>|>|>
>|>|>|>====================================================
>|>|>|>When responding to posts, please "Reply to Group"
via
>|>|>|your newsreader so
>|>|>|>that others may learn and benefit from your issue.
>|>|>|>====================================================
>|>|>|>This posting is provided "AS IS" with no
warranties,
>|>|and
>|>|>|confers no rights.
>|>|>|>
>|>|>|>--------------------
>|>|>|>|Content-Class: urn:content-classes:message
>|>|>|>|From: "Matt" <anonymous@discussions.microsoft.com>
>|>|>|>|Sender: "Matt"
<anonymous@discussions.microsoft.com>
>|>|>|>|References: <6d7d01c3e753$0a175930
$a301280a@phx.gbl>
>|>|>|><ClWKYOW6DHA.3568@cpmsftngxa07.phx.gbl>
>|>|>|><8d6b01c3e9ca$15b98050$a501280a@phx.gbl>
>|>|>|>|Subject: RE: 2000 to 2003 domain controller upgrade
>|>|>|>|Date: Tue, 10 Feb 2004 08:36:44 -0800
>|>|>|>|Lines: 106
>|>|>|>|Message-ID: <e1c401c3eff4$11d38780
$a601280a@phx.gbl>
>|>|>|>|MIME-Version: 1.0
>|>|>|>|Content-Type: text/plain;
>|>|>|>| charset="iso-8859-1"
>|>|>|>|Content-Transfer-Encoding: 7bit
>|>|>|>|X-Newsreader: Microsoft CDO for Windows 2000
>|>|>|>|X-MIMEOLE: Produced By Microsoft MimeOLE
>|>|V5.50.4910.0300
>|>|>|>|Thread-Index: AcPv9BHTdqaA1VSqQMyNoxK1gPAxVQ==
>|>|>|>|Newsgroups:
microsoft.public.windows.server.migration
>|>|>|>|Path: cpmsftngxa07.phx.gbl
>|>|>|>|Xref: cpmsftngxa07.phx.gbl
>|>|>|microsoft.public.windows.server.migration:7687
>|>|>|>|NNTP-Posting-Host: tk2msftngxa14.phx.gbl
10.40.1.166
>|>|>|>|X-Tomcat-NG:
>|microsoft.public.windows.server.migration
>|>|>|>|
>|>|>|>|Joe, you there?!
>|>|>|>|
>|>|>|>|>-----Original Message-----
>|>|>|>|>
>|>|>|>|>>-----Original Message-----
>|>|>|>|>>Hello Matt,
>|>|>|>|>>
>|>|>|>|>>Thank you for your post.
>|>|>|>|>>
>|>|>|>|>>The problem could occur if the current user
>|account
>|>|>|does
>|>|>|>|>not have "Manage
>|>|>|>|>>auditing and security logs"
>|>|>|>|>>user right on the domain controllers.
>|>|>|>|>>
>|>|>|>|>>Please use the following method to resolve it:
>|>|>|>|>>
>|>|>|>|>>1. On the domain controller, open the "Domain
>|>|>|Controller
>|>|>|>|>Security Policy"
>|>|>|>|>>snap-in in the Adminstrative Tools folder.
>|>|>|>|>>
>|>|>|>|>>2. Browse to "Windows Settings\Security
>|>|Settings\Local
>|>|>|>|>Policies\User Rights
>|>|>|>|>>Assignment".
>|>|>|>|>>
>|>|>|>|>>3. On the right pane, please double-
click "Manage
>|>|>|>|>auditing and security
>|>|>|>|>>logs" and add the Administrators group or the
>|>|current
>|>|>|>|>account directly.
>|>|>|>|>>
>|>|>|>|>>Please let me know if this helps.
>|>|>|>|>>
>|>|>|>|>>Thanks!
>|>|>|>|>>
>|>|>|>|>>Regards,
>|>|>|>|>>Joe Wu
>|>|>|>|>>Product Support Services
>|>|>|>|>>Microsoft Corporation
>|>|>|>|>>
>|>|>|>|>>Get Secure! - www.microsoft.com/security
>|>|>|>|>>
>|>|>|>|>>=================================================
==
>|=
>|>|>|>|>>When responding to posts, please "Reply to
Group"
>|>|via
>|>|>|>|>your newsreader so
>|>|>|>|>>that others may learn and benefit from your
issue.
>|>|>|>|>>=================================================
==
>|=
>|>|>|>|>>This posting is provided "AS IS" with no
>|warranties,
>|>|>|and
>|>|>|>|>confers no rights.
>|>|>|>|>>
>|>|>|>|>>--------------------
>|>|>|>|>>|Content-Class: urn:content-classes:message
>|>|>|>|>>|From: "Matt"
<anonymous@discussions.microsoft.com>
>|>|>|>|>>|Sender: "Matt"
>|<anonymous@discussions.microsoft.com>
>|>|>|>|>>|Subject: 2000 to 2003 domain controller upgrade
>|>|>|>|>>|Date: Fri, 30 Jan 2004 09:03:53 -0800
>|>|>|>|>>|Lines: 14
>|>|>|>|>>|Message-ID: <6d7d01c3e753$0a175930
>|$a301280a@phx.gbl>
>|>|>|>|>>|MIME-Version: 1.0
>|>|>|>|>>|Content-Type: text/plain;
>|>|>|>|>>| charset="iso-8859-1"
>|>|>|>|>>|Content-Transfer-Encoding: 7bit
>|>|>|>|>>|X-Newsreader: Microsoft CDO for Windows 2000
>|>|>|>|>>|X-MimeOLE: Produced By Microsoft MimeOLE
>|>|>|V5.50.4910.0300
>|>|>|>|>>|Thread-Index: AcPnUwoX/+G616R2Q5aMIdL+hoSN2Q==
>|>|>|>|>>|Newsgroups:
>|>|microsoft.public.windows.server.migration
>|>|>|>|>>|Path: cpmsftngxa07.phx.gbl
>|>|>|>|>>|Xref: cpmsftngxa07.phx.gbl
>|>|>|>|>microsoft.public.windows.server.migration:7422
>|>|>|>|>>|NNTP-Posting-Host: tk2msftngxa11.phx.gbl
>|10.40.1.163
>|>|>|>|>>|X-Tomcat-NG:
>|>|microsoft.public.windows.server.migration
>|>|>|>|>>|
>|>|>|>|>>|I cannot get adprep /forestprep or /domainprep
to
>|>|run
>|>|>|>|>when
>|>|>|>|>>|upgrading my domain controller. I get an error
>|>|that
>|>|>|>|>>|starts with:
>|>|>|>|>>|Adprep was unable to check the forest update
>|>|>|>|>status...and
>|>|>|>|>>|at the end it states:
>|>|>|>|>>|Adprep encountered a Win32 error
>|>|>|>|>>|Error code: 0x57 Error message: The parameter
is
>|>|>|>|>>|incorrect...
>|>|>|>|>>|Setup of course, will not let you proceed with
>|the
>|>|>|>|>upgrade
>|>|>|>|>>|until Adprep has been run successfully.
>|>|>|>|>>|I've followed steps in several KB articles to
no
>|>|>|avail.
>|>|>|>|>>|If anyone has a suggestion or two, I would
>|greatly
>|>|>|>|>>|appreciate it. Have a nice day,
>|>|>|>|>>|Matt
>|>|>|>|>>|
>|>|>|>|>>
>|>|>|>|>>.
>|>|>|>|>>Hi Joe -
>|>|>|>|>
>|>|>|>|>Thank you so much for your reply. Unfortunately,
>|the
>|>|>|>|>Administrators group is already listed
for "Manage
>|>|>|>|>auditing and security logs"...just for kicks, I
>|added
>|>|>|>|>domain\Administrator account as well, also to no
>|>|avail
>|>|>|>|>(same error message). Any other suggestions
would
>|be
>|>|>|>|>greatly appreciated. Thank you and have a nice
>|day.
>|>|>|>|>
>|>|>|>|>Matt
>|>|>|>|>
>|>|>|>|>P.S. sorry if this was posted more than once, I
>|wrote
>|>|>|my
>|>|>|>|>original reply over an hour ago and it hasn't
shown
>|>|up
>|>|>|>|>yet...thanks!
>|>|>|>|>.
>|>|>|>|>
>|>|>|>|
>|>|>|>
>|>|>|>.
>|>|>|>
>|>|>|
>|>|>
>|>|>.
>|>|>
>|>|
>|>
>|>.
>|>
>|
>
>.
>
- Next message: Johan Arwidmark: "Re: DSADD user, computer, etc....."
- Previous message: Mike Aubert: "Re: Upgrading a NT 4.0 Domain Controller to 2003"
- In reply to: Joe Wu [MSFT]: "RE: 2000 to 2003 domain controller upgrade"
- Next in thread: Joe Wu [MSFT]: "RE: 2000 to 2003 domain controller upgrade"
- Reply: Joe Wu [MSFT]: "RE: 2000 to 2003 domain controller upgrade"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
