Re: adprep.exe problems

[Mavric]

I've been searching for a few days now and have found many
articals about running adprep.exe and making sure that you run
a script called InetOrgPersonPrevent.ldf to prevent “mangled”
records if you have Exchange 2000 sp2 or below in order to
prevent the "mangled" record problem. But this is the problem
that I'm seeing.

I'm running 5 DCs total...two on my current site and one on
each of my remote sites connected via T1s. I have one domain
in the forest. I need to prepare AD for a Window Server 2003
upgrade from Window 2000 Advanced Server sp4. I'm running
Exchange 2000 Sp3, and found out that I don't need to run the
script to prevent "mangled" records. So I logged into my DC
that is the Schema Master and tried to run adprep /forestprep
from the Windows Server 2003 cd. (Note, my Schema Master and
Infrastructure Master are on the same DC so I would rung
adprep /domainprep afterwards). I get the following error
message:

“Adprep was unable to extend the schema.
[Status/Consequence]
There is a schema conflict with Exchange 2000. The schema is
not upgraded.
[User Action]
The schema conflict must be resolved before running adprep.
Resolve the schema c
onflict, allow the change to replicate between all replication
partners, and the
n run Adprep. For information on resolving the conflict, see
Microsoft Knowledge
Base article Q325379.”

But when I looked at this article it referred me to the
scripted I mentioned above and the error I get when I run it
is:

Connecting to "DODC1.mydomain.com"
Logging in as current user using SSPI
Importing directory from file "inetorgpersonprevent.ldf"
Error occured during initialization
File operation failure
0 entries modified successfully.
An error has occurred in the program

So, I thought I should run dcdiag.exe on that DC and see what
I get….this is the output:

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: intownDODC1
Starting test: Connectivity
......................... DODC1 passed test
Connectivity

Doing primary tests

Testing server: intownDODC1
Starting test: Replications
......................... DODC1 passed test
Replications
Starting test: NCSecDesc
......................... DODC1 passed test NCSecDesc
Starting test: NetLogons
......................... DODC1 passed test NetLogons
Starting test: Advertising
......................... DODC1 passed test
Advertising
Starting test: KnowsOfRoleHolders
Warning: CN="NTDS Settings
DEL:089a4f2e-cc3b-4064-83b2-cc2a9208c56c",CN=DODC1,CN=Servers,
CN=intown,CN=Sites
,CN=Configuration,DC=<edit>,DC=<edit>,,DC=<edit
>,,DC=<edit>
is the Domain Owner, but is deleted.
......................... DODC1 failed test
KnowsOfRoleHolders
Starting test: RidManager
......................... DODC1 passed test
RidManager
Starting test: MachineAccount
......................... DODC1 passed test
MachineAccount
Starting test: Services
......................... DODC1 passed test Services
Starting test: ObjectsReplicated
......................... DODC1 passed test
ObjectsReplicated
Starting test: frssysvol
......................... DODC1 passed test frssysvol
Starting test: frsevent
......................... DODC1 passed test frsevent
Starting test: kccevent
......................... DODC1 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000165B
Time Generated: 06/02/2005 16:08:35
Event String: The session setup from the computer
SPEDNC-3
An Error Event occured. EventID: 0x0000169E
Time Generated: 06/02/2005 16:15:54
Event String: No suitable Domain Controller is
available for
An Error Event occured. EventID: 0x0000165B
Time Generated: 06/02/2005 16:21:48
Event String: The session setup from the computer
SPEDNC-1
......................... DODC1 failed test systemlog
Starting test: VerifyReferences
......................... DODC1 passed test
VerifyReferences

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test
CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom

Running partition tests on : <edit>
Starting test: CrossRefValidation
......................... <edit> passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... <edit> passed test
CheckSDRefDom

Running enterprise tests on : alexandria.k12.mn.us
Starting test: Intersite
......................... <edit> passed test
Intersite
Starting test: FsmoCheck
......................... <edit> passed test
FsmoCheck

I’m wondering if it has something to do with the Domain Owner
and that is was deleted….it had said this for the Schema
Owner, but I found a Microsoft article that told me how to fix
this. I inherited this from the previous Network Admin and
am just finding a lot of this stuff out that wasn’t done right
before. Any help is appreciated….thanks! J

Mathew

Just an update on this...I’ve run LDP.exe and searched for any mangled
records or error....the return was NULL:

***Searching...
ldap_search_s(ld,
"CN=Schema,CN=Configuration,DC=alexandria,DC=k12,DC=mn,DC=us", 2,
"ldapdisplayname=dup*", attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 0 entries:
-----------

By all accounts my adprep /forestprep should work but is still giving
me the following error:

Adprep was unable to extend the schema.
[Status/Consequence]
There is a schema conflict with Exchange 2000. The schema is not
upgraded.
[User Action]
The schema conflict must be resolved before running adprep. Resolve
the schema conflict, allow the change to replicate between all
replication partners, and then run Adprep. For information on
resolving the conflict, see Microsoft Knowledge
Base article Q325379.

Thanks again for any help,
Mathew

 

[Guest]

Hi Marvic

Check your FSMO roles. It looks as though a site may have been deleted along
with the domain controller object for that site. The domain owner is the
domain naming master which allows you to add domains.

The domain naming master FSMO role holder is the DC responsible for making
changes to the forest-wide domain name space of the directory (that is, the
Partitions\Configuration naming context or LDAP://CN=Partitions,
CN=Configuration, DC=<domain>). This DC is the only one that can add or
remove a domain from the directory. It can also add or remove cross
references to domains in external directories.

Seize the role from another DC using ntdsutil.

Regards

I've been searching for a few days now and have found many
articals about running adprep.exe and making sure that you run
a script called InetOrgPersonPrevent.ldf to prevent “mangledâ€
records if you have Exchange 2000 sp2 or below in order to
prevent the "mangled" record problem. But this is the problem
that I'm seeing.

I'm running 5 DCs total...two on my current site and one on
each of my remote sites connected via T1s. I have one domain
in the forest. I need to prepare AD for a Window Server 2003
upgrade from Window 2000 Advanced Server sp4. I'm running
Exchange 2000 Sp3, and found out that I don't need to run the
script to prevent "mangled" records. So I logged into my DC
that is the Schema Master and tried to run adprep /forestprep
from the Windows Server 2003 cd. (Note, my Schema Master and
Infrastructure Master are on the same DC so I would rung
adprep /domainprep afterwards). I get the following error
message:

“Adprep was unable to extend the schema.
[Status/Consequence]
There is a schema conflict with Exchange 2000. The schema is
not upgraded.
[User Action]
The schema conflict must be resolved before running adprep.
Resolve the schema c
onflict, allow the change to replicate between all replication
partners, and the
n run Adprep. For information on resolving the conflict, see
Microsoft Knowledge
Base article Q325379.â€

But when I looked at this article it referred me to the
scripted I mentioned above and the error I get when I run it
is:

Connecting to "DODC1.mydomain.com"
Logging in as current user using SSPI
Importing directory from file "inetorgpersonprevent.ldf"
Error occured during initialization
File operation failure
0 entries modified successfully.
An error has occurred in the program

So, I thought I should run dcdiag.exe on that DC and see what
I get….this is the output:

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: intownDODC1
Starting test: Connectivity
......................... DODC1 passed test
Connectivity

Doing primary tests

Testing server: intownDODC1
Starting test: Replications
......................... DODC1 passed test
Replications
Starting test: NCSecDesc
......................... DODC1 passed test NCSecDesc
Starting test: NetLogons
......................... DODC1 passed test NetLogons
Starting test: Advertising
......................... DODC1 passed test
Advertising
Starting test: KnowsOfRoleHolders
Warning: CN="NTDS Settings
DEL:089a4f2e-cc3b-4064-83b2-cc2a9208c56c",CN=DODC1,CN=Servers,
CN=intown,CN=Sites

,,DC=<edit>

is the Domain Owner, but is deleted.
......................... DODC1 failed test
KnowsOfRoleHolders
Starting test: RidManager
......................... DODC1 passed test
RidManager
Starting test: MachineAccount
......................... DODC1 passed test
MachineAccount
Starting test: Services
......................... DODC1 passed test Services
Starting test: ObjectsReplicated
......................... DODC1 passed test
ObjectsReplicated
Starting test: frssysvol
......................... DODC1 passed test frssysvol
Starting test: frsevent
......................... DODC1 passed test frsevent
Starting test: kccevent
......................... DODC1 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000165B
Time Generated: 06/02/2005 16:08:35
Event String: The session setup from the computer
SPEDNC-3
An Error Event occured. EventID: 0x0000169E
Time Generated: 06/02/2005 16:15:54
Event String: No suitable Domain Controller is
available for
An Error Event occured. EventID: 0x0000165B
Time Generated: 06/02/2005 16:21:48
Event String: The session setup from the computer
SPEDNC-1
......................... DODC1 failed test systemlog
Starting test: VerifyReferences
......................... DODC1 passed test
VerifyReferences

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test
CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom

Running partition tests on : <edit>
Starting test: CrossRefValidation
......................... <edit> passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... <edit> passed test
CheckSDRefDom

Running enterprise tests on : alexandria.k12.mn.us
Starting test: Intersite
......................... <edit> passed test
Intersite
Starting test: FsmoCheck
......................... <edit> passed test
FsmoCheck

I’m wondering if it has something to do with the Domain Owner
and that is was deleted….it had said this for the Schema
Owner, but I found a Microsoft article that told me how to fix
this. I inherited this from the previous Network Admin and
am just finding a lot of this stuff out that wasn’t done right
before. Any help is appreciated….thanks! J

Mathew

Just an update on this...I’ve run LDP.exe and searched for any mangled
records or error....the return was NULL:

***Searching...
ldap_search_s(ld,
"CN=Schema,CN=Configuration,DC=alexandria,DC=k12,DC=mn,DC=us", 2,
"ldapdisplayname=dup*", attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 0 entries:
-----------

By all accounts my adprep /forestprep should work but is still giving
me the following error:

Adprep was unable to extend the schema.
[Status/Consequence]
There is a schema conflict with Exchange 2000. The schema is not
upgraded.
[User Action]
The schema conflict must be resolved before running adprep. Resolve
the schema conflict, allow the change to replicate between all
replication partners, and then run Adprep. For information on
resolving the conflict, see Microsoft Knowledge
Base article Q325379.

Thanks again for any help,
Mathew

 

[Mavric]

Just an update on this...I've run LDP.exe and searched for any
mangled records or error....the return was NULL:

***Searching...
ldap_search_s(ld,
"CN=Schema,CN=Configuration,DC=alexandria,DC=k12,DC=mn,DC=us",
2, "ldapdisplayname=dup*", attrList, 0, &amp;msg)
Result &lt;0&gt;: (null)
Matched DNs:
Getting 0 entries:
-----------

By all accounts my adprep /forestprep should work but is still
giving me the following error:

Adprep was unable to extend the schema.
[Status/Consequence]
There is a schema conflict with Exchange 2000. The schema is
not upgraded.
[User Action]
The schema conflict must be resolved before running adprep.
Resolve the schema conflict, allow the change to replicate
between all replication partners, and then run Adprep. For
information on resolving the conflict, see Microsoft Knowledge
Base article Q325379.

Thanks again for any help,
Mathew

Well, basically I solved my own problem, but I’d like to thank any one
who was looking or thinking about it for me. This is what I ended up
doing.

I basically took the Exchange 2003 Server cd and put it in to the
cd-rom of my schema master and did a start...run..."(cd-rom drive
letter):\setup.exe /forestprep. This is a standard procedure when
you are upgrading to Exchange 2003, I just did it a bit out of step.
This procedure ran through and did all the Exchange updates to the
Schema and then I ran the adprep /forestprep from the Windows Server
2003 cd on the Schema Master again and this time it didn’t give me an
Exchange 2000 schema conflict. Now I don’t know why the script that I
was told by Microsoft to use didn’t work, but I suspect that it had
something to do with my previous Schema Master DC being abnormally
removed from the network. Any how, I then was able to do an adprep
/domainprep on my Infrastructure Master as well....and I am now well
on my way to upgrading our Active Directory to Server 2003. Again
thanks to any one who was think about my problem and trying to solve
it.

Mathew

 

[Mavric]

Well, basically I solved my own problem, but I'd like to thank
any one who was looking or thinking about it for me. This is
what I ended up doing.

I basically took the Exchange 2003 Server cd and put it in to
the cd-rom of my schema master and did a
start...run..."(cd-rom drive letter):setup.exe /forestprep.
This is a standard procedure when you are upgrading to
Exchange 2003, I just did it a bit out of step. This
procedure ran through and did all the Exchange updates to the
Schema and then I ran the adprep /forestprep from the Windows
Server 2003 cd on the Schema Master again and this time it
didn't give me an Exchange 2000 schema conflict. Now I don't
know why the script that I was told by Microsoft to use didn't
work, but I suspect that it had something to do with my
previous Schema Master DC being abnormally removed from the
network. Any how, I then was able to do an adprep /domainprep
on my Infrastructure Master as well....and I am now well on my
way to upgrading our Active Directory to Server 2003. Again
thanks to any one who was think about my problem and trying to
solve it.

Mathew

Hey AD Designer,
Just wanted to thank you for you post, I was worried about that too
and will work to correct it with ntdsutil as I will want it working at
100% at some point. Oh, and thank you for the help in making the
correlation between the Domain Owner Role and the Domain Naming
Master.. That helps a lot!

thanks,
Mathew