ADPREP on 2000 DC

[Wiliam]

I am attempting to add a 2003 server to a 2000 domain and
found that I needed to used adprep on the 2000 DC first.
When I make the attempt I get the following error

----err begin
Opened Connection to SERVERWIN2K
SSPI Bind succeeded
Found Naming Context DC=alvnet,DC=com
Found Naming Context
CN=Schema,CN=Configuration,DC=alvnet,DC=com
Found Naming Context CN=Configuration,DC=alvnet,DC=com
Current Schema Version is 13
Upgrading schema to version 30
ERROR: Failed to transfer the schema FSMO role: 52
(Unavailable).
If the error code is "Insufficient Rights", make sure you
are logged in as a member of the schema admin group.
----err end

I have done the following
1) on the DC (2000) START|RUN|schmmgmt.msc
Right-click Active Diretory Schema | click on
Operations Master and checked the 'The Schema may be
modified on this Domain Controller
RESULT of step 1 SAME as before
2) on the DC (2000) START|RUN|schmmgmt.msc
Right-click Active Directory Schema | click on
Permissions then gave the Administrators group the same
permissions as the Schema Admins...redundancy I know, but
I was hoping...the logged in Admin is a member of the
Administrators group and a member of the Schema Group as
well.
RESULT of step 2 SAME as before.

Side note...before the above were done I made sure to use
the NTDSUTIL.exe to sieze the five FSMO roles (Schema
Master, Domain naming master, RID Master, PDC,
Infrastructure Master) for the domain controller. I also
followed the advise in a microsoft doc about using adprep
and how to disconnet the DC for certain steps.

I am truly stumped now, especially after reading so many
websites about how this SHOULD work. Help would be
GREATLY Apreciated.
William

 

[Guest]

I would double check the FSMO roles, especially if you seized them from
another machine. Does the other machine realize its no longer the role
holder or has the machine beed removed from the domain?
run "netdom query fsmo" on the 2000 DC to verify roles.
Ensure that you are logged on with a user in admin group and belongs to the
Schema Admin group.

This DC must believe that it has replicated successfully with its
replication partners.
Run "repadmin /showreps" on the 2000 DC. Do all the inbound replication
links show successful within the past few hours?

 

[Guest]

James

First THANK YOU for responding to me.
Second when I run 'netdom query fsmo" result is
Schema owner SERVERWIN2K.alvnet.com (which is
DC1)
Domain role owner SERVERWIN2K.alvnet.com
PDC role SERVERWIN2K.alvnet.com
RID pool manager SERVERWIN2K.alvnet.com
Infrastructure owner SERVERWIN2K.alvnet.com
These are the correct responses.

The only reason I seized the roles to this DC1 in the
first place was I noticed a role had migrated to

the other DC2 which never should have had it in the first
place. I did run DCPROMO /Forceremoval to

disconnect DC2 from the domain since I am decommissioning
it anyway and it refused to leave the domain

as a DC. So to answer your question DC2 is out of the
domain and physically OFF right now.

Q. Ensure that you are logged on with a user in admin
group and belongs to the
Schema Admin group.
A. I am logged in to DC1 as the admin and confirmed that
it is part of the Schema admin group.

Q. Run "repadmin /showreps" on the 2000 DC. Do all the
inbound replication
links show successful within the past few hours?
A. It looks like there are errors, but TSSERV (which was
DC2) is no longer a DC and is physically shut

down. The result is below

----Begin result of "repadmin /showreps"
C:\>repadmin /showreps
Default-First-Site-Name\SERVERWIN2K
DSA Options : IS_GC
objectGuid : 0e642521-806f-4eb0-8ad5-23be4ea16197
invocationID: 6bea498e-d793-4181-8fdd-5d919f49427e

==== INBOUND NEIGHBORS
======================================

CN=Schema,CN=Configuration,DC=alvnet,DC=com
Default-First-Site-Name\TSSERV via RPC
objectGuid: 82a83c8c-e867-467d-9ebf-5a99ce944ff4
Last attempt @ 2004-09-03 16:51.46 failed, result
1753:
There are no more endpoints available from
the endpoint mapper.
Last success @ 2004-06-21 17:55.18.
1774 consecutive failure(s).

CN=Configuration,DC=alvnet,DC=com
Default-First-Site-Name\TSSERV via RPC
objectGuid: 82a83c8c-e867-467d-9ebf-5a99ce944ff4
Last attempt @ 2004-09-03 16:51.46 failed, result
1753:
There are no more endpoints available from
the endpoint mapper.
Last success @ 2004-06-21 18:51.41.
2626 consecutive failure(s).

DC=alvnet,DC=com
Default-First-Site-Name\TSSERV via RPC
objectGuid: 82a83c8c-e867-467d-9ebf-5a99ce944ff4
Last attempt @ 2004-09-03 16:51.46 failed, result
1753:
There are no more endpoints available from
the endpoint mapper.
Last success @ 2004-06-21 18:42.34.
2420 consecutive failure(s).

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS
============

CN=Schema,CN=Configuration,DC=alvnet,DC=com
Default-First-Site-Name\TSSERV via RPC
objectGuid: 82a83c8c-e867-467d-9ebf-5a99ce944ff4

CN=Configuration,DC=alvnet,DC=com
Default-First-Site-Name\TSSERV via RPC
objectGuid: 82a83c8c-e867-467d-9ebf-5a99ce944ff4

DC=alvnet,DC=com
Default-First-Site-Name\TSSERV via RPC
objectGuid: 82a83c8c-e867-467d-9ebf-5a99ce944ff4

C:\>

----END result of "repadmin /showreps"

My question is now how do I clean this up so I can run
ADPREP? (refer to initial error previously)

THANK YOU SO MUCH FOR THE HELP SO FAR!!!

William

-----Original Message-----
I would double check the FSMO roles, especially if you seized them from
another machine. Does the other machine realize its no longer the role
holder or has the machine beed removed from the domain?
run "netdom query fsmo" on the 2000 DC to verify roles.
Ensure that you are logged on with a user in admin group and belongs to the
Schema Admin group.

This DC must believe that it has replicated successfully with its
replication partners.
Run "repadmin /showreps" on the 2000 DC. Do all the inbound replication
links show successful within the past few hours?


--
James Brandt [MSFT]

I am attempting to add a 2003 server to a 2000 domain and
found that I needed to used adprep on the 2000 DC first.
When I make the attempt I get the following error

----err begin
Opened Connection to SERVERWIN2K
SSPI Bind succeeded
Found Naming Context DC=alvnet,DC=com
Found Naming Context
CN=Schema,CN=Configuration,DC=alvnet,DC=com
Found Naming Context CN=Configuration,DC=alvnet,DC=com
Current Schema Version is 13
Upgrading schema to version 30
ERROR: Failed to transfer the schema FSMO role: 52
(Unavailable).
If the error code is "Insufficient Rights", make sure you
are logged in as a member of the schema admin group.
----err end

I have done the following
1) on the DC (2000) START|RUN|schmmgmt.msc
Right-click Active Diretory Schema | click on
Operations Master and checked the 'The Schema may be
modified on this Domain Controller
RESULT of step 1 SAME as before
2) on the DC (2000) START|RUN|schmmgmt.msc
Right-click Active Directory Schema | click on
Permissions then gave the Administrators group the same
permissions as the Schema Admins...redundancy I know, but
I was hoping...the logged in Admin is a member of the
Administrators group and a member of the Schema Group as
well.
RESULT of step 2 SAME as before.

Side note...before the above were done I made sure to use
the NTDSUTIL.exe to sieze the five FSMO roles (Schema
Master, Domain naming master, RID Master, PDC,
Infrastructure Master) for the domain controller. I also
followed the advise in a microsoft doc about using adprep
and how to disconnet the DC for certain steps.

I am truly stumped now, especially after reading so many
websites about how this SHOULD work. Help would be
GREATLY Apreciated.
William

.