adprep /forestprep problem

F

Fatih KILIÇ

when i run this comment on the 2000 DC (both schema and Infrastructure
Master) it gives this error message (the user which runs the comment is both
enterprise and schema admin).Does anyone have an idea ?

Adprep was about to call the following LDAP API. ldap_search_s(). The base
entry to start the search is CN=Sites,CN=Configuration,DC=ykb,DC=com.



LDAP API ldap_search_s() finished, return code is 0x0



Adprep was unable to modify the security descriptor on object
CN=Sites,CN=Configuration,DC=ykb,DC=com.

[Status/Consequence]

ADPREP was unable to merge the existing security descriptor with the new
access control entry (ACE).

[User Action]

Check the log file Adprep.log in the system root System32\Debug\Adprep\Logs
directory for more information.

Adprep encountered a Win32 error.

Error code: 0x57 Error message: The parameter is incorrect..



Adprep set the value of registry key
System\CurrentControlSet\Services\NTDS\Parameters\Schema Update Allowed to 1



Adprep was unable to update forest-wide information.

[Status/Consequence]

Adprep requires access to existing forest-wide information from the schema
master in order to complete this operation.

[User Action]

Check the log file, Adprep.log, in the
C:\WINNT\System32\debug\adprep\logs\20030909192026 directory for more
information.
 
T

Tony Murray [MVP]

From the error message it looks like the Schema Master
does not have access to a Global Catalog Server (required
for forest-wide information).

I don't believe the DC that holds the Schema Master needs
to be a GC, but it certainly needs one to be available,
preferably within the same site.

It also seems a little unusual to have the Schema Master
and Infrastructure Master FSMO roles on the same DC.
Typically, you would have the following setup:

DC_A - Schema Master + Domain Naming Master (GC enabled)
DC_B - Infrastructure Master (GC not enabled)

Hope this helps

Tony
www.activedir.org
 
L

Laura A. Robinson

circa Wed, 10 Sep 2003 13:19:22 +0300, in
microsoft.public.win2000.active_directory, Fatih KILIÇ
([email protected]) said,
[User Action]

Check the log file, Adprep.log, in the
C:\WINNT\System32\debug\adprep\logs\20030909192026 directory for more
information.
And what does the log say? I believe that Tony has probably given you
what you need, but the adprep logs are usually quite informative.

Laura
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top