Troubleshooting Adprep Errors

Troubleshooting Adprep Errors

This article covers some of the common errors you might see when you run adprep.exe commands, and how to resolve the error. Please add to this list any errors you see that are not listed.  

Troubleshooting errors with Adprep.exe

This section explains how to correct problems when Adprep.exe fails. Adprep.exe errors are logged in the %windir%\Debug\Adprep\Logs folder. There will be a separate file each time that you run ADPREP. At the bottom of the file, you can see what the problem is. Some common causes for Adprep.exe errors include the following:

For more information, see Troubleshooting ADPREP Errors (

Insufficient credentials to run the command

Each Adprep.exe command requires a different set of credentials. The following table lists the credential requirements for each command.


Adprep.exe command

Credentials that are required to run the command

adprep /forestprep

  • Schema Admins
  • Enterprise Admins
  • Domain Admins of the domain that hosts the schema master

adprep /domainprep

Domain Admins

adprep /domainprep /gpprep

Domain Admins

adprep /rodcprep

Enterprise Admins

Operations master role holders are not accessible

If Adprep.exe cannot contact the operations master role holders that are required to complete the command, the command fails with an error. Because the adprep /forestprep and adprep /domainprep /gpprep commands must be run directly on the schema master and the infrastructure master, respectively, these commands are less likely to generate this type of error.

The adprep /rodcprep command, however, can be run from any computer. This command runs remotely, and it must contact the domain naming master for the forest to obtain a list of application directory partitions that are in the forest. It then must contact the infrastructure master for each of the application directory partitions. If an infrastructure master is offline or if it has been forcefully removed from the domain, the adprep /rodcprep command fails. For more information, see article 949257 in the Microsoft Knowledge Base (

Schema conflicts

Schema conflicts can cause the following Adprep errors:

  • “OID will not be changed resulting in probable failure to add a new class”

    This error occurs when custom schema changes have been made or when non-Microsoft software makes schema changes that conflict with a schema change from Microsoft.

    To resolve this issue, open the ADPREP log to see what the failed object is. If you know the non-Microsoft software that is using the attribute, contact the makers of that software and determine if there is a fix. Otherwise, contact Microsoft Customer Support Services.
  • “Schema update failed: An attribute with the same link identifier already exists”

    This error occurs when you are trying to update or add an object in the schema and the link identifier already exists for another attribute. Some non-Microsoft applications modify the schema with a link identifier set that is owned by the operating system. For more information about resolving this error, see Troubleshooting ADPREP Errors (

Adprep was unable to complete because the call back function failed

This error message can appear when an external function called by adprep /forestprep or adprep /domainprep /gpprep causes locks on files or folders that are used by antivirus software utilities running on the schema master or the infrastructure master.

If you see this error message when you run adprep /forestprep, try disabling the antivirus software and running the command again. After the adprep /forestprep command completes, you can enable the antivirus software again.

If you see this error message when you run adprep /domainprep /gpprep, investigate and resolve the following possible causes:

  • The \SCRIPTS folder is absent from the SYSVOL shared folder.
  • The Default Domain Policy and the Default Domain Controller Policy are absent from SYSVOL.
  • The Default Domain Policy and the Default Domain Controller Policy do not have the default globally unique identifiers (GUIDs). The Default Domain Policy GUID is {31B2F340-016D-11D2-945F-00C04FB984F9}. The default Default Domain Controller Policy GUID is {6AC1786C-016F-11D2-945F-00C04fB984F9}.
  • The registry entry HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\SysVol does not exist or does not point to a valid SYSVOL path, such as %SystemRoot%\SYSVOL\sysvol.
  • There are problems with file system junction points between %SystemRoot%\SYSVOL\sysvol\domain and %SystemRoot%\SYSVOL\. Running a DIR command of the SYSVOL folder tree structure is not sufficient to validate the junction points. Instead, use LinkD to verify existence of junction points and validate linked folders. For more information about using LinkD, see Gather the SYSVOL path information (

You receive an error when you run adprep /forestprep that says “Adprep is valid, but is for a machine type other than the current machine”

You can receive this error if you try to run Adprep.exe from the Windows Server 2008 R2 installation DVD on a schema master that runs a 32-bit version of Windows Server. By default, Windows Server 2008 R2 runs the 64-bit version of Adprep.exe. To resolve this error, open an elevated command prompt on the schema master and run the 32-bit version of the command:

Adprep32.exe /forestprep

The Adprep32.exe tool is in the support\adprep folder of the Windows Server 2008 R2 installation DVD.

Sort by: Published Date | Most Recent | Most Useful
Page 1 of 1 (1 items)