Re: ADPREP /forestprep fails

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: D.R. (dr_at_news.postalias)
Date: 01/21/05 

Date: Fri, 21 Jan 2005 14:36:33 -0500

Commented inline with ** 

-- 
Steve
"Bob Qin [MSFT]" <bobqin@online.microsoft.com> wrote in message 
news:y7c5PyI$EHA.2504@cpmsftngxa10.phx.gbl...
> Hi Steve,
>
> Please check if current DC is Shema Master and please run ADdiag to check
> if there is any error there.
** Ran it, no errors
>
> In addition, please try to use DSacls to change the permissions of  that
> object.
** DSACLS show the rights, but when I tried to modify them it said there was 
no such object
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;281146
>
> Please first remove all non-vital accounts from the Enterprise Admins and
> Schema Admins group (only keep two or three accounts). Then add schema
> admins with full control to that schema objects.
>
> You can also try to grant full control permissions for administrator to 
> the
> parent object CN=Schema,CN=Configuration,DC=qa,DC=ms,DC=com.
>
> At last, I would like to suggest that you contact Cognos to get the 
> utility
> called "Ads_update.exe", then run the utility from the command prompt on
> the Schema Master DC with an Enterprise Admin/Schema Master Account.
** I had already run the utility it fixed a problem that occurred earlier in 
the process.
>
> Wish it helps.
** I copied DSRM.EXE from a Windows XP machine to the 2000 DC, though the 
help did not seem to document this when logged in as the system I was able 
to use it to delete from the schema.
** I than used LDIF to import the inetOrgPerson section from SCH18.LDF, and 
rerun adprep successfully.
** After upgradeing to Windows 2003 everything seems fine (knocking on wood 
with crossed fingers).
>
> Regards,
> Bob Qin
> Microsoft Online Partner Support
>
> Get Secure! - www.microsoft.com/security
>
> ====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ====================================================
> This posting is provided "AS IS" with no warranties, and confers no 
> rights.
>
> --------------------
>
>

Relevant Pages

  • RE: 2000 to 2003 domain controller upgrade
    ... >The ADPREP /FORESTPREP must be executed on the Schema ... >Schema Master. ... View and Transfer FSMO Roles in the ... >Domain Admins, and Enterprise Admins groups. ...
    (microsoft.public.windows.server.migration)
  • Re: ADPREP /forestprep fails
    ... Please check if current DC is Shema Master and please run ADdiag to check ... Schema Admins group (only keep two or three accounts). ...
    (microsoft.public.windows.server.migration)
  • RE: 2000 to 2003 domain controller upgrade
    ... Please use the Ntdsutil.exe tool to seize the Schema Master role to the new ... Produced By Microsoft MimeOLE V5.50.4910.0300 ... |this machine as a domain controller to the existing domain ...
    (microsoft.public.windows.server.migration)
  • Re: After succesfull upgrade to AD2003 ,DC fails after moving Mast
    ... But moving the Schema master role will not occur in this kind of problems normally. ... It is/was a production server and i needed ...
    (microsoft.public.windows.server.active_directory)
  • Re: upgrading ad schema windows 2003 R2
    ... adprep/forest and adrprep /domain on our master GC onto 30 sites via ... Actually you update the schema master for the domain/forest. ...
    (microsoft.public.win2000.active_directory)