Error running InetOrgPersonPrevent script

[kwele]

I have an Windows 2000 AD domain with one DC and Exchange 2000. I have
loaded Windows 2003 on a separate computer and joined it to the
exisitng domain.

I wanted to upgrade the domain to Windows 2003, set the new computer
as the DC and remove the original DC from the domain.

In reading KB 325379, I see that I must run InetOrgPersonPrevent.ldf
before running adprep. However, when I ran the script, I get an error
which I need help on.

The machine I ran the script on is the only DC in the domain, so it
must be the FSMO Role Owner. That leaves the registiry key. Can
someone point me to the proper key and let me know what its value must
be?

Thanks in advance.

Below is the command and results:

C:\Documents and Settings\Administrator>ldifde -i -f
inetorgpersonprevent.ldf -v -c DC=X "dc=domain,dc=com"

Connecting to "ABC.domain.com"
Logging in as current user using SSPI
Importing directory from file "inetorgpersonprevent.ldf"
Loading entries
1:
CN=ms-Exch-Assistant-Name,CN=Schema,CN=Configuration,dc=domain,dc=com

Add error on line 1: Unwilling To Perform
The server side error is "Schema update is not allowed on this DC.
Either the registry key
is not set or the DC is not the schema FSMO Role Owner."
0 entries modified successfully.
An error has occurred in the program

 

[Matt \(IS Team\)]

I have an Windows 2000 AD domain with one DC and Exchange 2000. I have
loaded Windows 2003 on a separate computer and joined it to the
exisitng domain.

I wanted to upgrade the domain to Windows 2003, set the new computer
as the DC and remove the original DC from the domain.

In reading KB 325379, I see that I must run InetOrgPersonPrevent.ldf
before running adprep. However, when I ran the script, I get an error
which I need help on.

The machine I ran the script on is the only DC in the domain, so it
must be the FSMO Role Owner. That leaves the registiry key. Can
someone point me to the proper key and let me know what its value must
be?

Thanks in advance.

Below is the command and results:

C:\Documents and Settings\Administrator>ldifde -i -f
inetorgpersonprevent.ldf -v -c DC=X "dc=domain,dc=com"

Connecting to "ABC.domain.com"
Logging in as current user using SSPI
Importing directory from file "inetorgpersonprevent.ldf"
Loading entries
1:
CN=ms-Exch-Assistant-Name,CN=Schema,CN=Configuration,dc=domain,dc=com

Add error on line 1: Unwilling To Perform
The server side error is "Schema update is not allowed on this DC.
Either the registry key
is not set or the DC is not the schema FSMO Role Owner."
0 entries modified successfully.
An error has occurred in the program

261231

 

[kwele]

Thanks,

I had to change the Schema Update Allowed key to true before the
InetOrgPersonPrevent script could run.

Do I need to change it back to false after successfully running the
script?

Thanks

 

[Richard Bloch]

Thanks,

I had to change the Schema Update Allowed key to true before the
InetOrgPersonPrevent script could run.

Do I need to change it back to false after successfully running the
script?

Thanks

Here is the formentioned key:
\hklm\system\CurrentControlSet\Services\NTDS\Parameters\Schema Update Allowed

Change the value to 1