none
The user is not a member of "Schema Admins" group error when using Deployment Wizard to prepare schema

    Question

  • I'm in the process of builing a completely new Lync 2010 Enterprise and get the following error after running the Prepare Schema option in the Deployment Wizard:

    The user is not a member of "Schema Admins" group.

    I have a single forest - multi domain setup where the install will take place at the domain level. The FEP and Mon/Arch servers are W2K8 R2 and I'm using SQL 2008 SP1. I've verified that the user account is a member of both the schema and enterprise admin groups. I've successfully registered the schema snap-in from an elevated command prompt. I've tried multiple accounts with the same permission settings and get the same result. I don't have previous versions of OCS installed so I'm wondering if I may have missed a step.

    Any responses appreciated.

    Monday, May 30, 2011 2:42 PM

Answers

  • An error is returned when attempting to run the deployment wizard from the 32-bit domain controller located in the forest root. As it stands I've managed to resolve this one issue which was related to the environment. At the present I'm stuck trying to perform the Forest Prep which throws the following error:

    Computer is not a member of the root domain. For security reasons, this action must be run on a root domain computer

    I'll open another thread to keep from confusing things.

    Thanks again for the responses.

    Tuesday, May 31, 2011 8:11 PM

All replies

  • Have you installed the remote admin tools on you servers?

    As an alternate, have you tried running the schema setup on the actual schema master. I have sometimes found this to be a solution similar errors you describe.

     

    Might I add; You sometimes have to launch the app as "run as" to make sure you are using the right credentials.

    KR,

    Lasse Wedø


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, May 30, 2011 3:40 PM
  • did you try to log off log on the user that you are using ?

    or try to prepare the schema from the lync management shell by running

    install-csAdServerSchema ?

    moreover make sure that the account that you are using has administrative rights on the schema master.

     

    regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread
    Monday, May 30, 2011 3:45 PM
  • Logged off/on and rebooted the server to no avail. Running the command above from within the deployment shell throws the following error:

     

    PS C:\Users\ssLync> Install-CsAdServerSchema

    Install-CsAdServerSchema : The user is not a member of "Schema Admins" group.

    At line:1 char:25

    + Install-CsAdServerSchema <<<<

        + CategoryInfo          : InvalidOperation: (:) [Install-CsAdServerSchema]

       , DeploymentException

        + FullyQualifiedErrorId : Schema preparation failed.,Microsoft.Rtc.Managem

       ent.Deployment.PrepareServerSchemaCmdlet

    WARNING: Install-CsAdServerSchema encountered errors. Consult the log file for

    a detailed analysis, and ensure all errors (1) and warnings (0) are addressed

    before continuing.

    WARNING: Detailed results can be found at

     

    Again, this user is a member of the Schema Admins group so I'm unsure as to why I get this specific error.


    I do have the remote admin tools installed but have not been able to successfully run the comman from my schema master, which is a 32-bit box. Is it possible to run this command from the DC, if so how?

     

    tia

    Tuesday, May 31, 2011 8:55 AM
  • Your Schema master is a DC, and it should be possible to install it right there. Just use the Lync setup tool on the DC.

    Could you possibly transfer the schema role to a DC running a x64 version, if running it on a 32bit fail?

    Also please verify your forest and domain functional level is at least "windows 2003 native" and your account is both schema admin and enterprise admin in the domain where the schema master resides.

    KR,

    Lasse Wedø


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, May 31, 2011 10:10 AM
  • Lynk user account confirmed member of schema and enterprise admin groups. No 64-bit DC's at the root or domain level. Functionality levels confirmed as Windows Server 2003. I think running setup on the DC thrrows an error but will try again once I make it into work.

     

    thanks

    Tuesday, May 31, 2011 11:10 AM
  • what about replication between domain controllers ? how many DCs are located in the same site where you are trying to deploy Lync ?

    is there any Global Catalogs ?

    regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread
    Tuesday, May 31, 2011 12:38 PM
  • 7 dc's at the root and another 5 at the domain level. I first noticed this issue on Friday of last week and have confirmed that replication is fine between the sites.

    stumped~

    Tuesday, May 31, 2011 1:24 PM
  • 7 dc's at the root and another 5 at the domain level. I first noticed this issue on Friday of last week and have confirmed that replication is fine between the sites.

     

    The error thrown when trying to run setup on a 32-bit DC:

    The image file \\..\setup.exe is valid, but is for a machine type other than the current machine.


    Tuesday, May 31, 2011 1:24 PM
  • May I propose you do the following;

    On a Windows server 2008 r2, or windows 7_x64 computer. In the root domain, in the same site as the schema master (at least member of the same root domain). Install the remote admin tools, and the lync admin tools (same as lync server setup dvd). And try from there.

    PS: If the schame admin is running any firewall, make an exception to remote administration.

    Also, on the computer you try this, please run gpresult -v in the powershell before you run the Install-CsAdServerSchema command. Just to double verifying you are running under the context you belive you are.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, May 31, 2011 6:04 PM
  • An error is returned when attempting to run the deployment wizard from the 32-bit domain controller located in the forest root. As it stands I've managed to resolve this one issue which was related to the environment. At the present I'm stuck trying to perform the Forest Prep which throws the following error:

    Computer is not a member of the root domain. For security reasons, this action must be run on a root domain computer

    I'll open another thread to keep from confusing things.

    Thanks again for the responses.

    Tuesday, May 31, 2011 8:11 PM
  • An error is returned when attempting to run the deployment wizard from the 32-bit domain controller located in the forest root. As it stands I've managed to resolve this one issue which was related to the environment. At the present I'm stuck trying to perform the Forest Prep which throws the following error:

    Computer is not a member of the root domain. For security reasons, this action must be run on a root domain computer

    I'll open another thread to keep from confusing things.

    Thanks again for the responses.

    Tuesday, May 31, 2011 8:12 PM
  • Hi, Marvin,

       In the root domain of each forest where Lync Server will be deployed. To run Forest Preparation, you must be a member of the Enterprise Admins group. More info please refer to Overview of Active Directory Domain Services Preparation.

       Moreover, you can refer to this article. And hope that helps.


    Please remember to click “Mark As Answer” on the post that helps you, and to click “Unmark As Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, June 01, 2011 3:08 AM
  • Hi Marvin, 

    Please read my previous answer thoroughly. I specified doing this on a 64bit computer IN the root domain. Your computer will have to be a member of the root domain, and you must be logged in with the correct rights.

     

    KR,

    Lasse Wedø


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, June 01, 2011 6:16 AM