none
Cannot promote to domain controller?

    Question

  • We have a new Windows 2012 Server that will be taking the place of our old 2003 SBS install.

    Current setup is a 2003 SBS machine running as the only DC.

    I can join the 2012 server to the domain, but once joined, I am not seeing the domain accounts when trying to change security on a share for instance...

    https://plus.google.com/photos/108071168767145540100/photo/5812918378195642034

    The "Locations" drop down doesn't show anything but the local machine.

    .

    When I try to add the 2012 server as a Domain Controller:

    https://plus.google.com/photos/108071168767145540100/photo/5812917622052673282

    https://plus.google.com/photos/108071168767145540100/photo/5812918388696394994

    .

    It says it cannot find the Domain controller... But I can ping the DC from the new server:

    https://plus.google.com/photos/108071168767145540100/photo/5812917580835792546

    And ping the new server from the DC:

    https://plus.google.com/photos/108071168767145540100/photo/5812917598305291426

    .

    Domain and Forest functional levels are 2003 server

    https://plus.google.com/photos/108071168767145540100/photo/5812917612596091138

    .

    Server properties for the 2003 box:

    https://plus.google.com/photos/108071168767145540100/photo/5812917573002246738

    .

    So, what am I missing here, what can I look at, what haven't I tried?

    Thanks for your help. (Sorry for the poor image links... Cannot do them as images.)



    • Edited by LostInDaJungle Tuesday, November 20, 2012 3:47 PM Formatting
    Tuesday, November 20, 2012 3:44 PM

Answers

All replies

  • I think you need to first upgrade your 2003 AD schema to the 2012 schema.  The adprep.exe tool that is found on the 2012 installation media updates the schema, but it is a 64-application.  So, either you need a 2003 64-bit DC or a 2008 64-bit DC.  Either of these could be a VM joined to the 2003 domain and promoted to the DC role.

    tim

    Tuesday, November 20, 2012 4:28 PM
  • I think I've found the problem (or at least part of it)... It was my DNS settings. We have 2 DNS servers, one on our Linux side that has everything (10.100.1.1), and then the DNS server that is on our Windows side that tracks pretty much nothing(10.100.1.251).

    By going into the IP configuration and setting the DC's DNS (1.251) ahead of the linux DNS(1.1) it magically found the domain. *BING* Now I'm at least on to a new error message. That's progress.

    "Unable to verify that schema master has completed a replication cycle"

    Umm, yeah, whatever that means.

    Tuesday, November 20, 2012 4:39 PM
  • On Tue, 20 Nov 2012 16:28:30 +0000, Tim Cerling wrote:

    I think you need to first upgrade your 2003 AD schema to the 2012 schema.? The adprep.exe tool that is found on the 2012 installation media updates the schema, but it is a 64-application.? So, either you need a 2003 64-bit DC or a 2008 64-bit DC.? Either of these could be a VM joined to the 2003 domain and promoted to the DC role.

    No, this isn't required (manually running adprep that is). When configuring
    the AD role on a 2012 server that is to become a DC part of the process is
    to determine whether the schema is at the correct level, if it is not, then
    adprep will be run automatically. While you can manually execute adprep,
    there is no longer a need to do so.


    Paul Adare
    MVP - Forefront Identity Manager
    http://www.identit.ca
    I smell a wumpus.

    Tuesday, November 20, 2012 4:42 PM
  • Hi,

    Regarding the new error "Unable to verify that schema master has completed a replication cycle" you received, I suggest we could refer to the following article to see if it can work.

    Troubleshooting ADPREP Errors

    http://blogs.technet.com/b/askds/archive/2008/12/15/troubleshooting-adprep-errors.aspx

    Since you want to upgrade AD from SBS 2003 to Windows Server 2012, I suggest we could refer to the following article. It may be useful to us.

    Upgrading an Active Directory Domain from Windows Server 2003 or Windows Server 2003 R2 to Windows Server 2012

    http://msmvps.com/blogs/mweber/archive/2012/07/30/upgrading-an-active-directory-domain-from-windows-server-2003-or-windows-server-2003-r2-to-windows-server-2012.aspx

    Hope this helps.

    Best Regards,

    Andy Qi

    Thursday, November 22, 2012 8:34 AM
    Moderator