windows 2000 to windows 2003 ad upgrade issue

R

rwcmick

i received the following message on my schema master (also a gc
server) when running adprep /forestprep. i have three dc's all
windows 2000 sp4 with all critical patches and no problems in the
event log. the login account used was schema/enterprise.

Adprep was unable to modify the security descriptor on object
CN=Sites,CN=Configuration,DC=xxx,DC=org.

[Status/Consequence]

ADPREP was unable to merge the existing security descriptor with the
new access control entry (ACE).

[User Action]

Check the log file Adprep.log in the system root
System32\Debug\Adprep\Logs directory for more information.

Adprep encountered a Win32 error.

...



Adprep set the value of registry key
System\CurrentControlSet\Services\NTDS\Parameters\Schema Update
Allowed to 0



Adprep was unable to update forest-wide information.

[Status/Consequence]

Adprep requires access to existing forest-wide information from the
schema master in order to complete this operation.

[User Action]

Check the log file, Adprep.log, in the
C:\WINNT\system32\debug\adprep\logs\20031029085817 directory for more
information.
 
R

Ray Lava [MSFT]

Make sure that administrators have the "manage auditing and security logs" user right in the default domain controller policy.

This should resolve the problem.

Best Regards,



Ray Lava
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

adprep /forestprep error 1
adprep /domainprep error 1
ADprep /domainprep fails 4
adprep /forestprep errors 2
adprep failure, adding 2003 R2 x64 server to 2000 domain 5
Problem with upgrade to 2003 (in Addprep) 1
W2K Upgrade 1
Upgrade Adprep error 1

Top