locked
adprep domainprep doesn't do anything RRS feed

  • Question

  • The story ....

    We have 2 Windows 2003 DC's running fine. I'm trying to add a new Windows 2008 R2 server and want it to be also a DC because one of the 2003 servers will be removed later on.

    I have raised the domain functional level and forest level to 2003 (from 2000). Ran dcdiag and netdiag, no errors. Also checked for replication errors, no errors. I did found some verry old NT4 servers in ADU&C DC's, so removed them via adsiedit. They where not listed in meta cleanup so skipped that part. Those NT4 servers (2) left the building more than 6 years ago. Than I ran adprep32 /forestprep on the server being the infrastructure server. At first it didn't do anything but after typing the letter C followed by pressing Enter, the forestprep ran fine without errors. Now when running adprep32 /domainprep, nothing happens and the dos-prompt returns.

    In the adprep logs, the log being created is empty. No errors to be found in the eventlogs.

    When verifying if the forestprep ran fine, used this article:
    http://technet.microsoft.com/en-us/library/dd464018(WS.10).aspx

    I found that CN=ActiveDirectoryUpdate does not excist. So I can't see the revision version. I do see the Object version being 47 corresponding with 2008 R2.

    Further information: Windows 2008 server is R2, dutch, 64 bits. Both Windows 2003 servers are 32bits, UK version.

    The question is why nothing happens with domainprep and what could have happend with the forestprep that seems to be running fine but does not show the revision version. Running forestprep a second time does not help.


    - Marcel
    Tuesday, November 16, 2010 8:56 AM

Answers

  • You are running adprep32.exe from the 2K8 R2 DVD in the 2K3 Domain Controller, right?

    Running Adprep.exe
    http://technet.microsoft.com/en-us/library/dd464018(WS.10).aspx

    adprep32.exe /forestprep - Must be run in the Schema FSMO
    adprep32.exe /domainprep - Must be run in the Infrastructure master FSMO


    Please run these commands in your DC and share their output:
      1) whoami /all
      2) repadmin /replsum /bysrc /bydest /sort:delta
      3) hostname

    It looks like one of adprep's LDF files has been corrupted.
    From the logs you shared in logfiles.zip :

    logfiles\.002.txt
        There is a syntax error in the input file
        Failed on line 11714.  The last token starts with 'n'.
        1325 entries modified successfully.
        An error has occurred in the program
       
    logfiles\.003.txt
        There is a syntax error in the input file
        Failed on line 11714.  The last token starts with 'n'.
        An error has occurred in the program
       
    The problem is in LDF file logfiles\.001.ldf in line 11714
        -
        nguishedName:
         CN=siteLink-Display,CN=408,CN=DisplaySpecifiers,CN=Configuration,DC=CBFDOMAIN,
         DC=INTRANET
        instanceType: 4


    repl\20101117085414\.001.ldf has the same problem in line 169
        -
        isplaySpecifiers,CN=Configuration,DC=CBFD
         OMAIN,DC=INTRANET
        instanceType: 4

    • Marked as answer by Bruce-Liu Friday, December 3, 2010 1:03 PM
    Wednesday, November 24, 2010 8:25 PM

All replies

  • Hello,

    you have to use the adprep32.exe instead the adprep.exe(64bit). So please verify this.

    Also post the output from "dsquery * cn=schema,cn=configuration,dc=domainname,dc=local -scope base -attr objectVersion" without the quotes in a command prompt. This will show the current schema version.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Tuesday, November 16, 2010 11:21 AM
  • As mentioned before I only used adprep32.exe. The output:

    objectVersion
    47

    But that is what I also wrote what was found in adsiedit.


    - Marcel
    Tuesday, November 16, 2010 12:30 PM
  • Hello,

    so you don't you see on both Windows server 2003 DCs the CN=ActiveDirectoryUpdate? Please upload the adprep logfile to Windows sky drive or if not that long post it into the thread.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Tuesday, November 16, 2010 12:39 PM
  • Are there any errors in any of the event logs and as Meinolf requested please post any log files associated with your updates.

     

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs

    Please no e-mails, any questions should be posted in the NewsGroup This
    posting is provided "AS IS" with no warranties, and confers no rights.

    Tuesday, November 16, 2010 12:53 PM
  • Yes. The CN=ActiveDirectoryUpdate is missing on both the servers.

    I've inserted the logfiles from the first succesfull /forestprep performed yesterday. Renamed the domainname.

    http://cid-fe4373ba3a963307.office.live.com/self.aspx/Openbaar/logfiles.zip

    Hope this helps.

    Thanks.


    - Marcel
    Tuesday, November 16, 2010 4:01 PM
  • Hello,

    your domain name is something like xxxx.xxnet, so a FQDN? The included adprep.log is incomplete. If i compare it with one of mines i miss the starting part and the ending part. Start should contain something similar to:

    [2010/11/09:12:58:09.244]
    Adprep created the log file ADPrep.log under C:\WINDOWS\debug\adprep\logs\20101109125809 directory.
    [2010/11/09:12:58:09.666]
    Adprep copied file Z:\support\adprep\schema.ini from installation point to local machine under directory C:\WINDOWS.
    [2010/11/09:12:58:09.682]
    Adprep copied file Z:\support\adprep\schupgrade.cat from installation point to local machine under directory C:\WINDOWS\system32.
    [2010/11/09:12:58:09.713]
    Adprep copied file Z:\support\adprep\PAS.ldf from installation point to local machine under directory C:\WINDOWS\system32.
    [2010/11/09:12:58:09.776]
    Adprep copied file Z:\support\adprep\sch31.ldf from installation point to local machine under directory C:\WINDOWS\system32.
    .
    Adprep copied file Z:\support\adprep\sch47.ldf from installation point to local machine under directory C:\WINDOWS\system32.
    [2010/11/09:12:58:10.104]
    Adprep copied file Z:\support\adprep\dcpromo.csv from installation point to local machine under directory C:\WINDOWS\debug\adprep\data.

    And the end:

    Adprep successfully set the forest Update revision attribute to 5 on object CN=ActiveDirectoryUpdate,CN=ForestUpdates,CN=Configuration,DC=domain,DC=com

    [Status/Consequence]Adprep updates the forest Update revision attribute in order to mark the forest as prepared. Adprep is continuing and will now prepare the forest.
    [2010/11/09:13:04:53.041]
    Adprep set the value of registry key System\CurrentControlSet\Services\NTDS\Parameters\Schema Update Allowed to 0
    [2010/11/09:13:04:53.041]
    Adprep successfully updated the forest-wide information.

    So 2 options, the logfile is incomplete or for whatever reason didn't run correct.

    Please use the support tools on the existing DCs, maybe something is with the existing DCs:

    dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
    repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt (if more then one DC exists)
    dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)

    As the output will become large, DON'T post them into the thread, please use Windows Sky Drive and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Tuesday, November 16, 2010 6:25 PM
  • That is strange. I've searched in all the directories where I could find a log since I performed a /forestprep once more later, but nothing looks like your starting and ending.'

    I've performed a /forestprep once again and the output is in the zipfile. Also all the output you've requested is within this zipfile.

    Thanks!

    http://cid-fe4373ba3a963307.office.live.com/self.aspx/Openbaar/repl.zip

    BTW could there be a problem with my adprep32 ? I've used 2 versions and in all cases I have to press 'c' and hit [enter] to let it run (forestprep).


    - Marcel
    Wednesday, November 17, 2010 8:18 AM
  • Hello,

    the repadmin output states on the schema partition 4 problem parts:

     (null) via RPC

            DC object GUID: 69d5cf80-66f8-485f-a531-2a054730dabd

            Address: 69d5cf80-66f8-485f-a531-2a054730dabd._msdcs.companyDOMAIN.INTRANET

            WRITEABLE

            Last attempt @ (never) was successful.

        (null) via RPC

            DC object GUID: 2d32f942-37d7-40a2-99b5-0fc6e31877dd

            Address: 2d32f942-37d7-40a2-99b5-0fc6e31877dd._msdcs.companyDOMAIN.INTRANET

            WRITEABLE

            Last attempt @ (never) was successful.

        (null) via RPC

            DC object GUID: 73beadce-1fc6-4548-9c7b-126bd12e82fe

            Address: 73beadce-1fc6-4548-9c7b-126bd12e82fe._msdcs.companyDOMAIN.INTRANET

            WRITEABLE

            Last attempt @ 2004-05-12 09:25:14 was successful.

        (null) via RPC

            DC object GUID: 3c158493-4d9d-434f-9a27-892b6b37de67

            Address: 3c158493-4d9d-434f-9a27-892b6b37de67._msdcs.companyDOMAIN.INTRANET

            WRITEABLE

            Last attempt @ (never) was successful.

    If @ [Never] appears in the output for a directory partition, replication of that directory partition has never succeeded from the identified source replication partner over the listed connection. http://technet.microsoft.com/en-us/library/cc794749(WS.10).aspx

    Dcdiag lists errors about the useraccountcontrol of companyWDB, was it pre-created in AD UC? See here about:

    http://blogs.dirteam.com/blogs/jorge/archive/2006/08/27/Incorrect-_2600_quot_3B00_userAccountControl_2600_quot_3B00_-Attribute-value-causes-error-when-running-DCDIAG-or-during-promotion-of-a-server-to-a-DC.aspx

    The DNS test is missing on the dcdiag output file, you stopped it too early, see the last sentence.

    Is 192.168.61.130 the VM you have installed, listed as Nameserver in DNSLint?


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Wednesday, November 17, 2010 8:53 AM
  • When I perform a repadmin /showrepl server /u:... /pw:... to both the DC's all lines result in Attempt Succesfull. How can it be @ never ? Further more the date @ 2004-05-12 is that still relevent?

    Then the useraccountcontrol, I had a look via adsiedit. On DC1 the value is 532512, DC2 has 532480 like the article from your hyperlink mentioned. Must they both be 532512?

    The 192.168.61.130 is one of the old NS Server (NT4). It should not be there. I can't find it listed as a DNS server.

    I have performed the dcdiag again. Here the results.
    http://cid-fe4373ba3a963307.office.live.com/self.aspx/Openbaar/dcdiag.txt

    Thanks!


    - Marcel
    Wednesday, November 17, 2010 10:29 AM
  • Hello,

    as you can see it is only the schema partition with the problem.

    The useraccountcontrol should be as listed in the article from Jorge for a Domain controller : 0x82000 (532480). See the end of his article how to modify to the correct one.

    Check all DNS zones and zone properties. Somewhere it is still listed otherwise DNSLint will not show it.

    The dnstest of the dcdiag looks ok. You can also enable the forwarders on the second DC to the external ones, so if the other is down name resolution works with them.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Wednesday, November 17, 2010 2:10 PM
  • Ok changed the useraccountcontrol, so both are the same. Verified this with servers R2 on another site, also the same.

    Found the DNS issue so the DNSLint is not mentioning this server anymore.

    Added DNS forwarders to second DNS server.

    Should I wait for the replication to happen automaticly (don't know when this happens), or run the adprep32 /forestprep again?

    I'm not sure how to solve the schema partition issue.

    Thanks.


    - Marcel
    Wednesday, November 17, 2010 3:52 PM
  • Hello,

    after all the changes i would reboot the DCs one after the other so always one is available. Then use the support tools again to verify that some errors are not longer listed.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Wednesday, November 17, 2010 4:00 PM
  • Restarted both the servers. Still with the repadmin the messages "Last attempt @ (never) was successful.". I can't find anything to resolve this message.
    - Marcel
    Monday, November 22, 2010 8:19 AM
  • You are running adprep32.exe from the 2K8 R2 DVD in the 2K3 Domain Controller, right?

    Running Adprep.exe
    http://technet.microsoft.com/en-us/library/dd464018(WS.10).aspx

    adprep32.exe /forestprep - Must be run in the Schema FSMO
    adprep32.exe /domainprep - Must be run in the Infrastructure master FSMO


    Please run these commands in your DC and share their output:
      1) whoami /all
      2) repadmin /replsum /bysrc /bydest /sort:delta
      3) hostname

    It looks like one of adprep's LDF files has been corrupted.
    From the logs you shared in logfiles.zip :

    logfiles\.002.txt
        There is a syntax error in the input file
        Failed on line 11714.  The last token starts with 'n'.
        1325 entries modified successfully.
        An error has occurred in the program
       
    logfiles\.003.txt
        There is a syntax error in the input file
        Failed on line 11714.  The last token starts with 'n'.
        An error has occurred in the program
       
    The problem is in LDF file logfiles\.001.ldf in line 11714
        -
        nguishedName:
         CN=siteLink-Display,CN=408,CN=DisplaySpecifiers,CN=Configuration,DC=CBFDOMAIN,
         DC=INTRANET
        instanceType: 4


    repl\20101117085414\.001.ldf has the same problem in line 169
        -
        isplaySpecifiers,CN=Configuration,DC=CBFD
         OMAIN,DC=INTRANET
        instanceType: 4

    • Marked as answer by Bruce-Liu Friday, December 3, 2010 1:03 PM
    Wednesday, November 24, 2010 8:25 PM
  • Hello,

    I have a similary problem.

    with messages in LDF logfiles like :

    Add error on line 11738: Already Exists

    The server side error is "An attempt was made to add an object to the directory with a name that is already in use."

    An error has occurred in the program

     

    There is a syntax error in the input file

    Failed on line 169.  The last token starts with 'y'.

    An error has occurred in the program

    There is a syntax error in the input file

    Failed on line 170.  The last token starts with 'd'.

    An error has occurred in the program

    Please, what was the solution ?

    Regards

    Philippe

     

    Wednesday, January 19, 2011 4:11 PM
  • The solution is :

    rename the folder from the adprep langage "fr-fr"(2003 R2) in "en-us" ( 2008 R2).

    In this case, you see all the messages and it runs very fine.

    • Proposed as answer by Muhittin Akar Saturday, March 3, 2012 9:47 AM
    Wednesday, January 19, 2011 4:57 PM
  • Thanks. It works.
    Saturday, March 3, 2012 9:48 AM
  • My problem : ADPREP display nothing. Thank you very much. My old DC (Win2003) is English version and the new one (win2008R2SP1) in French. Source file are french. I have rename subfolder fr-fr in en-us and after ADPREP display message and perform schema update.

    Regards

    GL QUERE

    Monday, November 16, 2015 2:22 PM